The law firm’s cash flow has been unusually tight for several months. As managing partner, you sense that something is wrong. After taking a closer look, you find that billings are up, receivables are relatively current and there are no large expenditures to explain the lack of cash flow. After engaging a qualified fraud investigator, it is determined that the firm’s trust account is significantly short and several client receivables shown as paid were never deposited into the general account. Now that fraud has been discovered, a costly investigation into how much and who is responsible begins. Why did this happen to your firm? Let us go back to some basics for a moment. Think of fraud as a chemical reaction. We start with today’s society enabling entitled thoughts like “I deserve this” and “They owe it to me”. Mix in spending habits, debt, or addictive behavior that affect personal finances and decision making. Stir that in with a lack of accounting controls at the workplace and we have an explosive fraud reaction. (Fraud triangle concepts originated from Cressey, Donald R. Other People’s Money (Montclair: Patterson Smith, 1973)).
Are you expected to know the thoughts and habits of all your employees? No, but you can still prevent fraud by blocking the activating elements with effective accounting controls. For example:
- Segregation of duties
- Monthly financial reporting
- Reviewing bank statements
- Reconciliation of trust account with client balances
- Phantom employee search
- Expectation of privacy policies
- Approved vendor list
- Mandatory vacations
- Periodic job rotation
- Individual logins and passwords
- Approval of receivable write-offs
- Securing blank checks
- Monitoring credit cards and electronic payments
The few examples of accounting controls provided above are not all inclusive. Most firms could benefit immediately by simply segregating accounting duties along with implementing approval and review procedures. The good employee who does everything, who is like family, and who never takes a vacation may appear to be a blessing, but a potential fraud reaction has unknowingly been activated.
Fraud prevention responsibilities also require securing the law firm’s computer data. If you have not engaged a reputable IT specialist, your firm is especially vulnerable to a computer breach. This area of fraud represents a significant risk every minute of every day. While you sleep, computer fraudsters are awake. Even with the best computer system, the weakest link is sitting behind a desk in your firm’s offices, just one dangerous click away from a costly disaster. Controls in this area require policies that start with hiring the right IT professionals, strictly prohibiting employee personal usage, prohibiting bringing in computer devices from the outside without oversight, constant training related to identifying suspicious emails and websites, and periodic penetration testing of the overall system by your IT specialist. My hope is that you continue to learn more about fraud prevention by implementing effective controls in your law firm rather than learning through experience.
About the author
Mark D. Rich, CPA, CFF has been licensed for 40 years and is founding partner of Rich Wightman & Company.
About this article
This article was originally published in the “Law Practice Management” issue of Communiqué, the official publication of the Clark County Bar Association, (May 2021). See https://clarkcountybar.org/about/member-benefits/communique-2021/communique-may-2021/.
© 2021 Clark County Bar Association (CCBA). All rights reserved. No reproduction of any portion of this issue is allowed without written permission from the publisher. Editorial policy available upon request.