Certified fraud experts estimate that one in 10 businesses will experience some incident of employee embezzlement. The statistics for small businesses are even greater, which means the typical medical and dental practice is a prime target.
Chances are very good that some doctors reading this article have had this gut-wrenching experience. The culprit could be an office manager, billing personnel, cashier, receptionist, or even a fellow associate. The most shocking aspect is that the thief is often one of the most trusted, long-standing, beloved employees in the practice.
Doctors who have experienced this will tell you that the trauma such an event inflicts on a medical or dental practice extends far beyond the discovery of the theft. Personal grief, loss of productive time, litigation costs, employee morale problems, and administrative burdens can overshadow the loss of funds stolen.
This is the first of two articles on identifying the causes, reducing the risks, and detecting embezzlement losses.
Why Do Employees Steal?
The reasons for embezzlement vary but may include any one or a combination of personal problems such as drug addiction, alcoholism, compulsive spending, gambling, financial hardship, resentment of the doctor’s earnings or lifestyle, feelings of being unappreciated, or anger. Sometimes it’s just a simple matter of temptation and greed.
Why Medical and Dental Practices?
Doctor practices are easy targets for embezzlement. Most have few if any internal controls to safeguard cash and patient receivables. This is attributable to any of the following: high volume of small transactions, significant amounts of cash receipts, little or no segregation of duties, limited personnel, unsophisticated record keeping, relatively little oversight by owner practitioners, and absence of financial management.
Administrative support staff usually know more about billing, collections, disbursements, and recordkeeping than the doctor does, which puts the practitioner at a disadvantage.
Who is Responsible?
The most common misconception of doctors is the assumption that their outside independent accountant is watching the checkbook and safeguarding their assets. This is simply not the case. Accountants are not responsible for the prevention or detection of fraud. This is written in every engagement letter that documents the terms and limitations of the accountant’s engagement.
The fact is, the infrequency of visits, the limited amount of time the accountant spends at the doctor’s office, and the limited scope of the services the doctor is willing to pay for does not allow for the accountant to perform the tasks necessary to safeguard against or even detect employee theft on an ongoing basis. However, the practice’s accountant can be helpful in identifying system deficiencies and recommending corrective action. Engaging your accountant to help you with this could be money well-spent.
The primary responsibility for the prevention and detection of fraud rests with doctors. It is not only a responsibility but an obligation to themselves, their associates, and their employees. Obviously doctors will not hire someone with a criminal record or someone they don’t believe they can trust. However, like many small businesses, doctors have to entrust many critical financial tasks to a small number of support staff. If too many functions are assigned to one person without adequate checks and balances, the temptation to take advantage of the situation can be too much for some people.
Steps to Minimize Losses
If someone in your organization is set on stealing from you, they probably will. Your objectives should be to remove temptation, make embezzlement as difficult as possible, and increase the probability of early detection to limit the amount of loss. It is easier for larger organizations to implement an elaborate system of internal controls; however, there are several policies and procedures that even a single doctor practice can institute that can significantly reduce embezzlement losses.
The following steps will help you minimize losses. Implementing any one or any combination of these may keep you from being victimized. Where indicated, “designee” refers to a practice administrator, outside accountant, or other individual who has no cash receipts, cash disbursements, or accounting or billing responsibilities.
- No one other than the doctor should have check-signing, account-transfer, or borrowing authority.
- Don’t sign blank checks or any lacking appropriate invoice or other documentation. All checks presented for signature to the doctor should be accompanied by an invoice or other supporting documentation.
- All checks should be printed and processed through the computer. Any exceptions must be approved by the doctor owner.
- All checks received in payment should be immediately endorsed “for deposit only” to the account of the practice upon receipt.
- All mail receipts should first be listed and a deposit slip prepared and deposited by someone other than billing, bookkeeping, and collections personnel. The payment information, such as EOBs, should then be forwarded to the personnel responsible for posting to patient accounts with a copy of the deposit slip given to the bookkeeper.
- Make bank deposits daily.
- The bookkeeper or other appropriate person should reconcile the daily deposit to cash received, as shown on the daily transaction report (day sheet) generated from the billing and collection software. Any reconciling items should be brought to the attention of the practitioner or designee.
- All encounter forms should be prenumbered, accounted for, and filed sequentially after processing, including voided forms (as in the case of no-shows). Any missing forms should be brought to the attention of the practitioner or designee.
- Monthly bank reconciliations should be performed in a timely manner, and by the bookkeeper or individual who does not both handle cash and perform accounting billing or collection recordkeeping.
- No patient accounts receivable should be written off or sent to collection without prior approval of the doctor.
- All computer access codes and passwords should be written and secured in a location accessible only to the practitioner and designee.
- Require all employees to take their vacation time.
- The practice should obtain an employee dishonesty bond to cover potential losses.
In the next issue, we will outline steps for detecting and deterring embezzlement schemes.
James B. Calnan, CPA, is partner-in-charge of the Health Care Services Division of Meyers Brothers Kalicka, P.C. in Holyoke; (413) 536-8510.