Fraud Prevention Tips to Keep Your Medical Practice Financially Healthy
The Association of Certified Fraud Examiners estimates that 5% of a business’s revenue is lost to fraud each year, and medical practices are no exception. The best way to reduce fraud risk and keep that 5% in your practice is to implement effective internal controls. Here we’ve included three common fraud schemes and the internal controls you can put in place to protect your practice.
One of the most common fraud schemes relates to personal use of business credit cards or inflated expense reimbursements. The best way to reduce this risk is to require documentation for purchases and implement a review process. Under this policy, detailed receipts are required for all purchases and the business purpose of the purchase must be indicated on the receipt. The expense reimbursements and/or credit card statements are then reviewed by the requestor’s supervisor. When reviewing, the supervisor should review the receipts and assess the reasonableness of the purchase. Finally, you may want to implement a policy that, for purchases over a certain amount, prior approval is required. These policies create a safety net to catch fraud that may have already occurred, but, more importantly, create a “perception of detection” that can discourage fraud before it even begins.
Another common scheme is to check tampering. In this type of scheme, the fraudster can forge the signature on a check, alter the payee or alter the amount of the check. The best way to reduce this risk is to review the cancelled check images at the end of each month. Look for checks that seem out of the ordinary or that you don’t remember signing, focusing especially on checks made out to employees or new vendors. It may also be useful to select a few invoices and compare those to the check that was written, verifying the amount and the vendor name.
Yet another common type of fraud relates to payroll. Payroll fraud is typically committed by creating ghost employees, inflating hours or inflating pay rates. To reduce this risk, hourly employees should fill out timecards (either through paper timecards or through an electronic system). The timecard should be reviewed and approved by that person’s direct supervisor. To reduce the risk of ghost employees or inflated pay rates, the payroll register should be reviewed each pay period in detail. Make sure that you recognize employee names and carefully review the year to date payroll amounts for reasonableness. Generally, it’s best to restrict access to add new employees or change pay rates to a small number of people and have a review process in place for any such change.
Though these are great first steps at reducing fraud risk at your practice, there is no one size fits all when it comes to internal controls. If you have questions about implementing these controls or are wondering about specific vulnerabilities at your practice, Maner Costerisan is here to help, 517.323.7500.