When it comes to a firm’s financials, basic checks and balances, with duties divided among employees, are absolutely essential.
As more and more companies are implementing remote and hybrid work models, firms should review the checks and balances established in their internal procedures. Management has an obligation to administer relevant internal policies that will maintain the firm’s financial and professional integrity.
Finance and Accounting
When it comes to a firm’s financials, basic checks and balances, with duties divided among employees, are absolutely essential. For example, the employee who is preparing checks should not be the only one tasked with reconciling the firm’s bank statement—the results should be reviewed by someone else.
It may require only one employee to process a payment that is an advanced client cost, but as a general rule, every payment should be processed by one employee and reviewed by another. All payments to business partners and expense checks must be reviewed by a management member. This is especially difficult when many people are working remotely.
If an employee is preparing checks in the office, those checks can easily be scanned to another member of the team prior to being signed and mailed. Today, so many payments are made electronically. It is imperative, then, that a management team member review the firm’s bank accounts regularly—preferably daily and by an owner who has a basic financial background.
All bank accounts should be reconciled within the following month. In the past, this was viewed as an important but non-urgent task. In today’s environment, however, it has become essential for maintaining financial integrity.
Basic checks and balances are a bit more difficult with smaller organizations, because there may not be enough employees to properly divide the duties. But with the right processes in place (and the help of an independent bookkeeping or CPA firm, if needed), this can be done.
Make sure these policies and procedures are made public to all employees. When employees realize that checks and balances are in place, it will discourage fraudulent behavior. There should also be a procedure in place whereby an employee may report suspicious behavior to management without fear of reprisal. For instance, if a senior partner includes a questionable expense item on his/her expense report, an employee should feel comfortable taking the issue to management.
Many states have employee protections which make it illegal for a company to penalize an employee for reporting suspected inappropriate behavior. For example, in my home state of New Jersey, companies have to be compliant with the Whistle Blower’s Act which makes it unlawful for a public or private employer to discharge, suspend, demote or take other retaliatory actions against an employee who refuses to participate in unlawful or unethical activity or discloses unlawful activity to a supervisor or government agency.
Even if your firm isn’t regulated by a similar state statute, it would make sense to implement such a firm policy. Establish a committee that includes people of various disciplines. Employees should be encouraged to report any suspected workplace or professional misconduct to a committee member confidentially.
When team members are aware of approved protocol and that proper procedures are being implemented, they are less likely to make poor decisions or attempt any type of fraud.
All employees and owners are entitled to their privacy. However, certain behaviors may raise a red flag. For instance, if an employee never takes a week of Paid Time Off and only takes days at a time. Historically, banks have been known to require employees to take two-week vacation blocks once a year.
Be mindful if an employee or partner applies for a home equity loan, requests a loan from his/her 401K or a hardship withdrawal, or has his/her salary garnished for whatever reason. None of these occurrences alone are cause for concern, but if combined, there might be an underlying issue that should be addressed. If management is aware of a partner having financial issues, make sure that partner is not a signer on any of the firm’s operating accounts.
Right now, it may be a bit unusual for an employee to report to the office more than necessary. There are processes by which a supervisor can detect if an employee is not working. Alone, these processes do not identify bad behavior, but they can help. For instance, some programs can monitor employee activity and notify a supervisor if an employee is idle. When an employee records time worked and did not work, it is considered stealing from the firm and needs to be properly addressed.
Many employees and business owners are under an extraordinary amount of stress. Human Resources may want to promote addiction and suicide hotlines and the firm’s EAP (Employee Assistance Plan), which is commonly included with the firm’s group health insurance.
Business Partners and Insurance Policies
Management should meet with some of the firm’s more critical business partners such as payroll, accounting, cloud providers and outsourcing providers. If these business partners have access to the firm’s work product, ensure that these entities are properly insured, and that any outsourced employees are aware of the firm’s policies. Ask your business partners for a certificate of insurance for their general liability, crime, and cyber liability insurances. With remote work at an all-time high, it is critical that all insurance policies be reviewed.
It’s also critical that firms verify that every business partner is legitimate. An employee can easily set up a bogus vendor and direct payment to his/her bank account. It is also important that owners/management remain engaged with their business partners.
Considering current conditions, firms may accept new clients without due diligence. Client intake procedures should still be thoroughly reviewed to ensure the firm is not engaging with an unworthy client.
It would be prudent to engage with a third party to obtain credit card payments. A firm should never store a client’s credit card number on local devices or servers — there is just too much risk involved.
Client entertainment has to be strictly reviewed. Current tax laws restrict some of this entertainment, but it can still be abused. Many companies in other industries have policies where an employee may not receive more than $75 worth of gifts in any given year. This is a good policy to incorporate in law firms as well.
The objective with the above policies is to promote an honest culture within your firm and deter, rather than catch, bad or fraudulent behavior. Again, policies and procedures should be understood by all employees, business partners and clients. When team members are aware of approved protocol and that proper procedures are being implemented, they are less likely to make poor decisions or attempt any type of fraud. Individuals will also be more inclined to notify management of suspicious behavior.
Written by CARET Legal partner, Gail Ruopp. Gail Ruopp has acquired more than 25 years of professional experience in senior law firm management, initiating best practices in administrative operations, including: financials, accounting, lateral recruiting, personnel, day-to-day operations, systems management, and firm marketing.