Many years ago, fresh out of school I took my first technical consulting job for a Payroll Service company. It was a start and turned out to be a good move. Like so many of our early jobs, the pay was forgettable but not the experiences. One client was a local church. A pretty sizable institution in fact. When I arrived for the initial consultation, the office manager ushered me into the 'inner sanctum'. It was a beautiful office with a large wood desk and lots of dark wood all around. I wasn't really expecting to meet the reverend, but there he was and then the office manager left and the two of us shared a quiet, awkward moment before he got started. He explained as clearly as he could bring himself how his church had been ripped off to the tune of a 'great deal, a great deal' by the bookkeeper, who was now in prison. Wow! I could barely believe what I was hearing. Ripping off a church. Yeah, you bet. She made off with hundreds of thousands in fact and did it quite easily. The key? She ran payroll in one system and posted it into another. She'd create a 2nd check, on another run, and after she cashed it, she would just fix the bank balance with a journal entry. Easy. The committee would look over the main payroll run and not see anything unusual, and they would see the bank balance matching. Perfect. I hadn't thought about this in years until I started working with a new NetSuite client. The company was actually a prospect 2 years ago, then they went dark and I got busy with so many other implementations that I put them on the back burner. Finally, I called to check in and heard the whole story. The fraud, the arrest, the trial, the whole nine yards. And again, the issue was a really lax accounting group with no audit and a bunch of standalone systems that allowed the perpetrator to receive checks and cash them while never enter the sale from one system into the other. It went further than that, though. There were bill payments to ghost companies and more hidden little charges and stuff than you can shake a stick at, as Mom used to say. The long and short of it was that the accounting system was being manipulated in ways that an accounting system should never be manipulated, and with little oversight from an overworked owner the result was almost ruinous. What's the lesson? Of course a devious person can do damage in many ways, but take some precautions as a business owner to make sure that systems are being used properly. For example, Vendor credits should be entered as Vendor Credits, not surreptitiously added to bills to reduce the total amount owed. Vendor Credits are easy to track, individual line items on a bill are not. Journal entries need to be closely monitored. You also need to really think about the hand-offs from one system to another if you are running multiple systems. The biggest problem that led to fraud at my client's site was Quoting system completely separate from the accounting system. No one ever tried to tie the two out. The best way to avoid this problem is to have a single integrated system to run your business. Every sales order is either closed or it becomes an invoice. Finally, make sure that any fraud must be a conspiracy. Force different people to do different things in the system. For example, one person should enter bills and another person should pay them. And no one but the Administrator should be able to delete a transaction. This will make them crazy, but it's one of the best ways of preventing fraud. | 
