Start Your FREE Membership NOW
 Discover Proven Ways to Be a Better Law Office Manager
 Get Our Weekly eNewsletter, Law Office Manager Bulletin,
    and MUCH MORE
 Absolutely NO Risk or Obligation on Your Part -- It's FREE!

Upgrade to Premium Membership NOW for Just $90!
Get 3 Months of Full Premium Membership Access
Includes Our Monthly Newsletter, Office Toolbox, Policy Center, and Archives

How to reduce the risk of in-office theft

Theft in law firms comes from all corners, from staff to partners.

“It happens more than people realize,” says St. Louis legal management consultant John W. Olmstead, MBA, Ph.D, CMC. In fact, his own experience of 25 years working with law firms leads him to estimate that one in nine firms has experienced some type of theft.

Every firm needs theft protection. But that protection needs to do more than detect theft. It has to be preventive to the point that “people don’t even think about theft.”

Here are some points to cover.

Just make that check out to me

On the attorney side, theft often comes from bogus expense reports and cash deals on the side with clients.

But perhaps most common is the make-the-check-out-to-me trick.

That’s easy to say to a new client who doesn’t know the firm’s billing procedure, and it’s especially easy with retainer amounts. The client sees that the attorney is going to be the one doing the work, so why not make the check out that way?

Later, the client gets an invoice for what’s already been paid and brings it to the attorney’s attention, and the attorney says “oh, don’t worry about it” and writes off the time.

Without preventions in place, any firm can get hit with that type of theft.

The basic prevention, Olmstead says, is to make it a rule that someone other than the billing attorney has to authorize write-offs. In a large firm that can be a committee; in a smaller firm, it can be the managing partner.

Along with that, have someone other than the billing attorney call clients about unpaid invoices. Then if the make-it-out-to-me trick is being played, the client is going to say “I gave the check to the attorney.”

A further safeguard is to send out monthly statements, and send them at a different time from the bills. If the statement doesn’t show a payment, the client is going to call and ask why.

He cites one client firm where the bookkeeper sent out the bills at the end of the month and then followed up with statements. A client called and said he had paid a bill that was listed on the statement as outstanding. The bookkeeper asked for a copy of the check, and it turned out the check had been made out to a partner—at the partner’s request.

Besides the theft protection, the monthly statement is “an active accounts receivable program,” he says, because it serves as an additional reminder for the clients.

Vacations and rotations

For protection on the employee side, a good overall rule is to make vacations mandatory. That prevents the ongoing and usually very costly fraud schemes that require the thief’s constant oversight, because during the vacation times, other people go into the records.

But go beyond that. The most necessary safeguard is to separate the financial duties so no one person has control over the entire picture.

And along with that, rotate the duties in the accounting department so nobody “is in the same seat all the time” and can get a theft operation going.

Olmstead points out that in one firm he set up a system where nobody was the bookkeeper. Instead, different people handled different functions. With just one person, he says, there can be no checks and balances.

Protecting the checks coming in

The firm also needs procedures for the receivables as well as the payables.

For the receivables, he gives this example.

The receptionist opens the mail and keeps a log of all the checks that come in.

The checks and a copy of the log then go to the bookkeeper. Copies of the log also go to the administrator and the managing partner.

The bookkeeper prepares the deposit.

Then a third person checks the deposit against the list, takes the money to the bank, and brings back both deposit receipt and list to the bookkeeper.

Only then does the bookkeeper enter the deposit amount in the computer and credit the clients with the payments.

With all those people verifying the list and the checks, there’s no way a check can be slipped out and deposited into a bogus account or cashed.

The mysterious tablet

With the payables, theft can occur when a bookkeeper opens a bank account for a fictitious vendor, bills the firm for nonexistent supplies and services, and deposits the checks. Or a staffer who orders the supplies can add a tablet or other electronic device to the order. The firm sees a valid invoice and pays it, and the supply staffer walks off with the equipment.

Once again, the safeguard is separation of duties and a system of checks and balances.

Don’t give the bookkeeper the authority to approve invoices or sign checks. Have someone else do that, preferably the managing partner.

Don’t let the bookkeeper handle the purchasing. Give that job to somebody else.

In addition, keep all the aspects of the purchasing separate. The administrator approves the purchases, the receptionist orders them, the bookkeeper writes the check, and the managing partner signs the check.

Whoever signs the checks doesn’t sign any check without having the invoice with it.

Along with that, make sure the items paid for “are actually in the office.” If an invoice includes a computer, “walk around the office and make sure it’s there.”

There’s stronger protection to be had from purchase orders, he says, but the process has to be secure to the point that there’s no room for loopholes.

The administrator assigns the PO numbers. Someone else, perhaps the receptionist, does the ordering. And a third person such as the managing partner approves the orders.

Make it a rule that the PO number has to be written on every purchase invoice before it can be approved for payment. The administrator keeps a log showing the PO number, the item requested, the request date, the amount, and the name of the person making the request.

Then if an invoice comes in for a computer purchase and the administrator doesn’t remember authorizing it, there’s the PO number to back it up—or maybe not back it up.

The beauty of bonding

Also, Olmstead says, get fidelity bonding insurance for everybody who handles money.

Besides covering whatever losses the firm might encounter from theft, the bonding process weeds out the potential thieves, because the insurance company will run background checks on the employees before it covers them.

He cites one firm that applied for bonding for its employees. During the approval process, a secretary came to the managing partner and said she had been convicted of embezzling $200,000 from a previous employer and knew the bonding company would find out about it.

The secretary wanted to keep her job, and there was no way the firm could get rid of her, so the firm set up tight controls for receivables and payables and the secretary stayed.

Related reading:

How to Protect Your Data against Costly and Destructive Cyber Attack

Do you follow these 7 rules when you fire an employee?

Just common sense can ward off disciplinary and malpractice actions









Try Premium Membership