by Cat Matson
News today that a payroll officer has defrauded electronics retailer Clive Peeters of $20 million positively blows me away (full article here) (apparently the employee falsified online payee information to transfer money to her personal account rather than where it was due, for example the ATO).
It blows me away because it demonstrates the complete lack of checks and balances that must have been in place to allow something like this to happen. For example, who was checking that creditors were receiving their due funds? What was happening to reminder notices received from creditors who were being short-changed? Why did it take until I'm guessing the end-of-year audit to discover 'accounting discrepancies'? Sure, it's a large, listed company, and things can fall through the cracks... but $20 million (in a business that reported a profit of only $10 million last year) must have disappeared down a pretty big 'crack'.
So this example is a 'exceptional' one - big business, harder to 'control' the details.... yet, reality is, many businesses are doing the same thing.... in the name of 'trust', 'outsourcing', 'delegating' and 'empowering employees' business owners abdicate responsibility for the details of their business.
Now, I'm not saying that you should be a control-freak and let nothing out of your sight... but you need to get VERY clear on what 'liberties', access and permissions you give your staff and contractors. It's not about creating an unnecessary systemic burden on your or your staff, or creating a bureacracy of 'double-signatures' and double checking before anything is done.... but there is a middle ground where the business owner and manager must take responsibility for MANAGING the business.
Peter Sexton, audit partner at WKH Horwath makes a couple of sound suggestions in the article - for example, ensuring that employees don't have the ability to change the account numbers of creditors, and completing a spot-check at the end of every payment cycle to ensure the correct payments have been made to the right people.
Keith Matson (my husband and Managing Partner of Alito's Accounting services) says the same thing. He also says it's important to give financial personnel levels of authority - for example, they're only allowed to pay up to $X - anything above that limit requires a 'double-approval'. Sexton's comments that electronic banking takes away the security of double-signatories is slightly misleading - the token system means companies can still enforce a 'double-signature' payment. This system means that your accounts payable clerk processes the payments... then a more senior person can check payee details (at random if necessary) before approving payment by issuing the second token. It just requires though that the second token holder (or signatory) actually checks the details of the payments and doesn't carte blanche apply their token to approve the payment.
As for those of you crying 'oh, that wouldn't happen to me, I trust my staff', I say it's not about trusting your staff. It's about knowing what's going on in your business. (By the way, my definition of an honest person is someone who hasn't been offered enough yet). "The purpose of having the system in place to prevent action being taken on the temptation", says Keith.
So my 'take-away' tip for business owners.... review your checks and balances and know... I mean KNOW the financial details of your business.... it is, afterall, your business!
Cat
Igniting your business performance
Alito - business mentors & accountants
Get notified 
some fantastic points made Cat! Well done!