Skip to Main Content
Ann Marie T. Sullivan, M.D., Commissioner
Governor Andrew M. Cuomo

Top Ten Internal Controls to Prevent And Detect Fraud!

A recent “KPMG Fraud Survey” found that organizations are reporting more experiences of fraud than in prior years and that three out of four organizations have uncovered fraud. The NYS Office of Mental Health's Bureau of Audit has provided the following list of internal controls to assist you in preventing and detecting fraud at your agency.

  1. Use a system of checks and balances to ensure no one person has control over all parts of a financial transaction.
    • Require purchases, payroll, and disbursements to be authorized by a designated person.
    • Separate handling (receipt and deposit) functions from record keeping functions (recording transactions and reconciling accounts).
    • Separate purchasing functions from payables functions.
    • Ensure that the same person isn’t authorized to write and sign a check.
    • When opening mail, endorse or stamp checks “For Deposit Only” and list checks on a log before turning them over to the person responsible for depositing receipts. Periodically reconcile the incoming check log against deposits.
    • Require supervisors to approve employees’ time sheets before payroll is prepared.
    • Require paychecks to be distributed by a person other than the one authorizing or recording payroll transactions or preparing payroll checks.
    • If the agency is so small that you can’t separate duties, require an independent check of work being done, for example, by a board member.
    • Require accounting department employees to take vacations.
  2. Reconcile agency bank accounts every month.
    • Require the reconciliation to be completed by an independent person who doesn’t have bookkeeping responsibilities or check signing responsibilities or require supervisory review of the reconciliation.
    • Examine canceled checks to make sure vendors are recognized, expenditures are related to agency business, signatures are by authorized signers, and endorsements are appropriate.
    • Examine bank statements and cancelled checks to make sure checks are not issued out of sequence.
    • Initial and date the bank statements or reconciliation report to document that a review and reconciliation was performed and file the bank statements and reconciliations.
  3. Restrict use of agency credit cards and verify all charges made to credit cards or accounts to ensure they were business-related.
    • Limit the number of agency credit cards and users.
    • Establish a policy that credit cards are for business use only; prohibit use of cards for personal purposes with subsequent reimbursement.
    • Set account limits with credit card companies or vendors.
    • Inform employees of appropriate use of the cards and purchases that are not allowed.
    • Require employees to submit itemized, original receipts for all purchases.
    • Examine credit card statements and corresponding receipts each month, independently, to determine whether charges are appropriate and related to agency business.
  4. Provide Board of Directors oversight of agency operations and management.
    • Monitor the agency's financial activity on a regular basis, comparing actual to budgeted revenues and expenses.
    • Require an explanation of any significant variations from budgeted amounts.
    • Periodically review the check register or general ledger to determine whether payroll taxes are paid promptly.
    • Document approval of financial procedures and policies and major expenditures in the board meeting minutes.
    • Require independent auditors to present and explain the annual financial statements to the Board of Directors and to provide management letters to the Board.
    • Evaluate the Executive Director's performance annually against a written job description.
    • Participate in the hiring/approval to hire consultants including the independent auditors.
  5. Prepare all fiscal policies and procedures in writing and obtain Board of Directors approval. Include policies and/or procedures for the following:
    • cash disbursements
    • attendance and leave
    • expense and travel reimbursements
    • use of agency assets
    • purchasing guidelines
    • petty cash
    • conflicts of interest
  6. Ensure that agency assets such as vehicles, cell phones, equipment, and other agency resources are used only for official business.
    • Examine expense reports, credit card charges, and telephone bills periodically to determine whether charges are appropriate and related to agency business.
    • Maintain vehicle logs, listing the dates, times, mileage or odometer readings, purpose of the trip, and name of the employee using the vehicle.
    • Periodically review the logs to determine whether usage is appropriate and related to agency business.
    • Maintain an equipment list and periodically complete an equipment inventory.
  7. Protect petty cash funds and other cash funds.
    • Limit access to petty cash funds. Keep funds in a locked box or drawer and restrict the number of employees who have access to the key.
    • Require receipts for all petty cash disbursements with the date, amount received, purpose or use for the funds, and name of the employee receiving the funds listed on the receipt.
    • Reconcile the petty cash fund before replenishing it.
    • Limit the petty cash replenishment amount to a total that will require replenishment at least monthly.
    • Keep patient funds separate from petty cash funds.
  8. Protect checks against fraudulent use.
    • Prohibit writing checks payable to cash.
    • Deface and retain voided checks.
    • Store blank checks in a locked drawer or cabinet, and limit access to the checks.
    • Require that checks are to be signed only when all required information is entered on them and the documents to support them (invoices, approval) are attached.
    • Require two signatures on checks above a specified limit. Require board member signature for the second signature above a higher specified limit. (Ensure that blank checks are not pre-signed.)
    • Mark invoices “Paid” with the check number when checks are issued.
    • Enable hidden flags or audit trails on accounting software.
  9. Protect cash and check collections.
    • Ensure that all cash and checks received are promptly recorded and deposited in the form originally received.
    • Issue receipts for cash, using a pre-numbered receipt book.
    • Conduct unannounced cash counts.
    • Reconcile cash receipts daily with appropriate documentation (cash reports, receipt books, mail tabulations, etc.)
    • Centralize cash receipts whenever possible.
  10. Avoid or discourage related party transactions.
    • Require that a written conflict of interest and code of ethics policy is in place and that it is updated annually.
    • Require that related party transactions be disclosed and be approved by the Board.
    • Require competitive bidding for major purchases and contracts.
    • Discourage the hiring of relatives and business transactions with Board members and employees.