Blowing the dust off systems that foil fraud in the practice
When we discovered a fraudulent transaction on our practice credit card recently it made us realise that we had not reviewed our financial governance procedures for some time.
On paper the systems were in place, but in practice gaps had appeared. It is likely that many busy practices have equally dusty systems.
Sadly, in addition to genuine errors, all businesses must expect attempts at fraud or theft. These could include stealing from the cash box, bouncing cheques from patients, or large-scale attempts to embezzle from the bank account. Robust and active defences act both as an early warning system and a deterrent.
To ensure you have all the angles covered, you must first know exactly how the money flows through your business.
Income arrives as cheques by post, as cash and cheques across your reception counter, or as credits to your bank account. Expenses are paid out as petty cash, cheques, credit card transactions or direct from your bank account via BACS or direct debit.
Within your building, cash and cheques flow from reception to your central collection point, usually the practice manager or bookkeeper, and then to a safe. The money eventually flows to the bank for deposit. Money may also be moved electronically from current to savings accounts and back.
Problems can arise at any of these points, so address each one as follows.
•Cash and cheques – your cash box should be emptied daily and all payees should receive a carboned dated receipt detailing the transaction. GPs and nurses initiating patient payments must give the patient a carboned invoice to take to reception. Copies of both should be checked regularly. Make occasional spot checks of the cash box. Only one or two members of staff should take money. Cheques must be accompanied by a cheque card with the number written on the cheque.
•Mail should be opened by one trusted member of staff who passes cheques to management.
•Credit cards must not have a high limit and must be locked in the practice safe overnight. A partner must review the credit card statement monthly and all payment slips must be attach-ed. Only one or two staff
members should be authorised to use these credit cards.
And they should only be used
for payments to companies
that are known to be reputable.
•Totals and cheques for deposit must be agreed and recorded by two people
•BACS and direct debits must be signed for or authorised electronically by at least two partners. Most banks provide swipe cards with PINs and electronic readers. Signing partners must be alert to the payments they are authorising.
•All purchases must be authorised in writing by an approved member of staff before they are paid. This must not be the same person who makes the payment.
•Transfers between bank accounts must be authorised by an approved number of partners.
•A partner must check bank statements regularly.
To keep the procedures active, a regular report should be prepared for the partners. Also all systems must be reviewed annually. Do not to wait for something to go wrong first!
John Couch is a GP in Ashford,