Controls and Audits Are Key: How to Guard Your Practice Against Fraud
- Apr 10, 2018
Is your medical practice vulnerable to fraud? It could be.
A practice can hide dormant factors that make fraud possible, even beneath a great culture and esprit de corps. But fraud itself stirs into action only when three components align: motive, rationale and opportunity.
A motive is outside financial pressure: an expensive divorce, gambling debts or investment losses, for example. A rationale, on the other hand, is internal — a certain psychological ability that justifies criminal behavior, such as “They owe me,” “Everybody does it,” or “I’ll pay it back later.”
Eliminate Fraud Opportunities
Motives and rationales for fraud remain hidden because people don’t talk about them. But the third component — opportunity — is visible if you know where to look. It can arise anywhere employees have access to financial transactions, supplies or equipment.
You can’t cut off that access because it’s essential to their jobs. But it’s not a problem if you control and monitor it.
In your medical practice, this means establishing internal controls and regular audits to guide and monitor your employees’ conduct. Some effective internal controls for medical practices include the following:
- Segregate duties — for example, don’t let the same person order, draft, sign and mail checks.
- Enlist more than one staffer in accounting tasks.
- Issue a numbered receipt, with a copy in the system, for every payment received.
- Require that the cash drawer be counted and secured by one employee at close of business and that its total be verified and deposited the next day by a different employee.
- Confirm that the amount posted in your system matches the amount deposited.
- Close out your credit card system with manager approval at the close of business.
- Limit physical access to checks, cash, supplies and expensive equipment.
- Implement strong passwords for access to computer accounting systems.
- Make arrangements with your bank to head off suspicious payroll checks.
Conduct Regular Audits
Audits can be scheduled or random. Their purpose is to test your internal controls to make sure they’re working effectively and closing off opportunities for fraud.
A formal audit should review payments received, following them from receipt to deposit in your bank account. Select a random sample from a day’s payments and check for the following:
- Does it show on the patient’s account?
- Was it posted while the patient was still in the office?
- Was a numbered receipt issued to the patient in the same amount?
- Do discounts conform with practice policy?
Then check the total amount received that day. Confirm that your staff reconciled it with payments received and that it matches the day’s bank deposit. And then review a few bank statements and reconciliations.
Don’t neglect accounts payable, where kickbacks and payments to fictitious payees are possible. Is every listed vendor a real company? Is there a process in place to select and review vendors? Are payment amounts reasonable?
Examine payments to employees, too. It’s not common, but paychecks have been issued to “ghost” employees. And reimbursements for expenses can hide inflated or invented costs.
Also, keep an eye on inventory — your supply cabinet contains small, portable and easily marketable items. Are regular inventories performed? Are purchased supplies counted, recorded and matched against invoices? When your practice receives medications, are they carefully tracked? When expired drugs are scrapped, does a manager approve it?
The value of a randomly timed audit is the element of surprise. It can be more or less exhaustive — just opening a bank statement before accounting staffers see it can reveal red flags. From time to time, review one or two of the processes involved in a full audit.
Also be curious. Ask about expenditures you haven’t inquired about previously, supply-cabinet rules or the reasons behind the selection of a new vendor.
Control What You Can
Your employees’ financial pressures are outside your control; so is the fact that some of them may be able to rationalize theft. What you can control are opportunities to commit fraud against your practice.
If you start with the rules and audits described above, you’ll be well on your way to closing off every temptation.
Healthcare Practice Strategies
If you have any questions, we'd like to hear from you.
Explore More Insights
Machine-Readable File Requirements: More Transparency in Coverage Work for Health PlansRead More
Receive the latest business insights, analysis, and perspectives from EisnerAmper professionals.