Medical practices are highly susceptible to fraud and embezzlement, but the following processes may assist in safeguarding your practice assets and preventing potential theft.
Everyone has read the frequent headline, “Doctor’s most trusted employee charged with stealing thousands of dollars.” But public only hears about these cases either via prosecution of the perpetrator or because they are so high in magnitude and worth reporting. However, there are many other unreported acts of fraud and embezzlement taking place every day in physician practices throughout the country.
Medical practices are highly susceptible to fraud and embezzlement, because the physicians trust and assign bookkeeping responsibilities to their staff while they remain focused on patient care. The risk of embezzlement increases even further in smaller physician groups. Because of limited resources the practice cannot segregate duties and so the person who collects copays and deductibles is often the same person who posts charges and makes bank deposits.
No matter how large or small your practice, the following processes may assist in safeguarding your practice assets and preventing potential theft.
Segregation of duties
This is probably the most important safeguard of the internal control process. Its primary purpose is to have distinct job functions covered by employees to deter any embezzlement or fraud.
The key is to eliminate functions or segregate tasks that allow employees to cover their own tracks. In other words, different employees should be responsible for opening the mail, making the bank deposits, paying bills and reconciling the bank account. However, this can often be difficult to accomplish in a smaller practice. As a result, in a smaller practice another employee or physician stockholder should review each of these accounting functions. In a smaller practice physicians may allocate or rotate these specific tasks so that no one physician is over-burdened.
Approved vendor list
The creation of fictitious vendor accounts is one of the most prominent fraud and embezzlement schemes that a medical practice may encounter. A vendor list should be compiled and reviewed by a physician stockholder at least on an annual basis. Any additions to the list should be approved by a physician stockholder. This allows the practice to verify the authenticity of each vendor and limit the exposure of fraud and embezzlement due to the fictitious vendor scheme.
Review of bank statements and reconciliations
The opportunity for theft or misappropriation is increased when there is no independent review or supervision of the bank reconciliation process. In order to minimize the risk of fraud and embezzlement an independent employee not associated with the bank deposits or cash disbursements should receive the unopened bank statements and review canceled checks, noting endorsements, approved vendors, authorized signatures and any outstanding checks and unusual reconciling items.
In smaller, practices the function may best be performed by a physician stockholder.
Distribution of payroll checks
A fictitious employee is another scheme in which a dishonest employee may embezzle from a practice. The individual in charge of entering payroll data may pay a relative or friend that is not an employee of the practice or pay themselves too much.
In order to mitigate this exposure, payroll journals should be reviewed on a monthly basis for accuracy by someone other than the employee who submitted the payroll information. In addition, it is also recommended that another individual distributes the checks.
Again in smaller practices this can be difficult to accomplish when there are a limited number of employees. As a result, it is recommended that a physician review these procedures at the very least on a monthly basis and intermittently disburse the payroll checks.
Implementing the processes above by no means will prevent all fraud and embezzlement but it will remove a number of key opportunities from employees that may be thinking of committing theft.
Even with the implementation of these controls it is extremely important to continuously monitor, review and evaluate the controls in order to send a clear a message that the practice is pro-active in its anti-fraud efforts.
John Teixeira is the health care team leader at Sansiveri, Kimball & Co., LLP, which has offices in Providence and Newport, R.I. To contact John for more information about SK&Co services, please email him at firstname.lastname@example.org or call (401) 242-6911.
Sansiveri, Kimball & Co., LLP is a proud member of the National CPA Health Care Advisors Association (HCAA). HCAA is a nationwide network of CPA firms devoted to serving the health care industry. Members provide proactive solutions to the accounting needs of physicians and physician groups. For more information, contact HCAA at info@HCAA.com or visit www.hcaa.com.