Deleted Transactions — Hidden Gems

Prosperident’s Wendy Askins, CFE, MBA

Deleted transactions are overlooked and ignored to our detriment. One must purposely seek to find these hidden gems to be worthy of uncovering the dark stories they tell. You will not find them visible on the patients’ ledger in most practice management software; they are only discovered by generating a separate audit log report, adjustment report, or deleted transactions report.

As a Certified Fraud Examiner, I attest to the immense value of scrutinizing deleted transactions and begin every investigation with a specialized in-depth process of review. The majority of confirmed embezzlement cases hide theft patterns in transactions that are intentionally deleted.

Confirmed embezzlement cases have suspicious deleted transactions, but, not every deleted transaction is suspicious. For example, if a retainer charge and cash payment are recorded, then both transactions are deleted without the application of a correcting transaction, the sequence likely occurred due to theft. On the other hand, if a retainer charge transaction is recorded, then deleted and reposted for the corrected amount with a cash payment amount matching the sequence likely occurred due to human error in the original retainer charge amount.

Deleted transactions conducted in an attempt to correct an error can also tell a story of an employee that needs additional training, financial policies that need revision, areas in need of improved communication, or software in need of greater customization. For example, if Olivia Office Manager continually posts insurance digital credit cards as EFT payments, then deletes the EFT payment and reposts as a credit card payment…it’s a sign that Olivia Office Manager needs more training in the differences between the two payment methods and how the error could impact the reconciliation process.

The Prosperident recommendation is to print the deleted transactions report personally (sometimes called voided, reversed, or error transactions) and review the transactions monthly. There will be a large volume of transactions contained in the report; I recommend focusing on the deleted cash payments. Identify a specific deleted cash payment then review the patient’s ledger to determine if the payment was reposted with corrections:

Fraud detection is a highly specialized skill, and there are some theft modalities which leave no trace evidence in the practice management system, such as skimming. Following the above guidelines could give the business owner advantage to uncovering embezzlement.

If you suspect embezzlement is occurring in your practice, please seek advice from individuals who specialize in financial crimes committed against orthodontic specialists. Prosperident is here to help!

Daily Balancing – the Right Way

David Harris

Everyone knows that daily balancing is a key safeguard for your practice’s finances, but there is very little information available to a dentist on how to do it properly. So here’s a recipe:

  1. Which reports should be looked at? Most software can produce a lot of different reports. Most software has a report specifically designed for day-end review. It may be called a “daily summary”, “day-end report” or “daysheet”, or it may have a different name in your software. For purposes of this discussion, I will refer to it as the “daysheet”. The daysheet will normally show procedures performed, fees associated with the procedures, payments received and adjustments made, as well as any deletions or corrections that were made. Normally at the bottom of the report are totals for each of these activities, plus a breakdown of the payments received by type (cash, check, credit card payment, third party deposit, etc). Most daysheets also show your accounts receivable balance at the beginning of the day, and the balance at the end of the day. If the daysheet from your practice management software is missing some of this information, you will need to print additional reports to ensure that you have everything listed in this paragraph.
  2. There are reports that will isolate any one of these items in a single report. For example, most software will generate an adjustments report that only lists adjustments, or a production report that isolates procedures performed and fees billed. These reports have their uses, and allow you to review a specific type of transaction. However, for the day-end review that you are performing, I recommend that you to look at the daysheet, which allows you to see all of the activities undertaken for each patient today in a single report. So for a patient who visited the practice for treatment, you can see what was billed, what was paid, and any adjustments or modifications that were made. This is preferable to, for example, looking at today’s adjustments on a separate report, which means that you will not have the context for the adjustments made. Put another way, a $200 adjustment on $1,600 of treatment means something quite different from the same $200 adjustment applied to a $250 treatment, and looking at an adjustments report simply will not give you that context, without cross referencing to other reports. The daysheet, if generated with the proper settings, will allow you to have all of the information needed for your daily review in a single report.
  3. The daysheet and other reports from your practice management software used in this process need to be printed by you, your spouse, or an external person like a bookkeeper or accountant. You should never rely on a staff member to generate the reports used for reconciliation, because doing so opens the possibility of “selective reporting” where certain activities are excluded from the report. If this is done, you will think that report you are using summarizes the entire practice, when it does not.
  4. I love the approach taken by a friend of mine, Sandy Baird, who is a practice management consultant based in Tennessee. Sandy says that the day-end routine needs to be a team concept, and that team members other than the practice owner also have roles. For example, Sandy suggests that each associated dentist, assistant and hygienist needs to print a production report for their own activities, compare it with their schedule and ensure that correct fees and procedures were applied, and that work performed was coded to the correct provider. This is not a substitute for the owner’s review of the practice, but increases the chances of finding inaccuracies.
  5. You need to review day-end reports personally. This review should not be delegated to anyone, although as mentioned in the previous paragraph, your review should be supplemented by the reviews carried on by individual billers of their own activities. You are the only person who has a chance of spotting a discrepancy between what was done and what was billed for work that you performed, plus you, as practice owner must use this chance to look at the overall activities of the practice. Month-end reviews are also important, but there is no substitute for reviewing a day while what took place is still fresh in your mind.
  6. A delayed review of a day is close to useless. Your ability to find an error or unusual transaction degrades considerably with even a 24 hour delay in performing the review, and looking at last Thursday’s report on Monday afternoon represents a lost opportunity to find inaccuracies.
  7. When reviewing the day-end report, there are several things you should scrutinize:
    a. Review all fees that were billed for accuracy. Embezzlement is not the only threat to your practice’s revenue; simple clerical mistakes can also be costly. A one-digit error in a procedure code can cost you hundreds of dollars.
    b. Review payments received. One thing to check is to look payments made by patients during the day to ensure that your policies for collecting co-pays are being followed. In other words, if your policy is to collect co-payments (or at least estimates thereof) on walk-out, your daysheet will tell you if team members are following this policy.
    c. Ensure that there was a fee charged for every patient you saw today unless you know that a specific patient was booked for a “no-charge” appointment (an example of a no-charge appointment is a visit within a multi-visit procedure that had a single fee, such as an ortho check if your practice does orthodontic treatment).
    d. Review all adjustments (both debit and credit adjustments) and ensure that you understand the reason for them, and that the adjustments make sense in the context. Substituting an adjustment code for a payment code is one of the most basic methods of concealing theft.
    e. Check the “continuity” of accounts receivable. The “closing” balance of receivables from the last day that your practice was open should be exactly the same as the “opening” receivables balance for today. If these two receivables balances are not identical, it means that there was some activity in your practice management software between the end of your last workday and the beginning of the current one.
    f. An excellent idea is to print “roll-up” reports instead of current day ones from your software. Even though it is commonly called a “daysheet,” this report can cover any period you wish. So if today is Monday, and your office’s last working day was last Thursday, rather than review a Monday daysheet, you should be looking at one that spans the period from the last cutoff on Thursday until the end of today. This will show you any transactions that took place in the three days when the office was closed. Since you are printing the reports yourself, this is not hard to do.
  8. Ensure that all patients are “checked out” in your practice management software. Checking out is the process of closing an appointment in practice management software. Checking out a patient forces the front desk staff to either apply a charge or to record a patient as having had a no-charge appointment. When any patient who had chargeable work done is not checked out, you have lost money.
  9. Many practices do not use adjustment codes properly. Each “reason” for making an adjustment needs to have its own specific code. So each PPO, and every category of other discount (e.g., senior citizen discount, professional courtesy for referral sources, etc.), and every marketing initiative that you undertake, needs its own unique adjustment code. There should be very few “miscellaneous adjustments”, and whenever one is made, staff need to make a detailed explanation in the patient notes. Give some extra attention to any miscellaneous adjustments on your report, and check the notes made to ensure that you agree with the basis for the adjustment, and that it does not fit within one of the defined adjustment categories. And if there are a fair number of miscellaneous adjustments made for more or less the same reason, this is a good time to place a label on that type of situation and create a tailored adjustment code for it.
    Not having (and using!) specific adjustment codes deprives you of information needed to make key decisions about your practice, such as whether you should drop a specific PPO plan, or whether a specific marketing initiative is working. Having only a few adjustment categories (or one generic category that is used for all adjustments, and yes, I have seen this on occasion) also makes it easier to “bury” fraudulent adjustments. Forcing specificity makes inappropriate adjustments much more conspicuous.
    Whatever the cause of an adjustment, it represents money out of your pocket, and for that reason it requires scrutiny comparable to if you were writing a check for the same amount.
  10. There is no particular benefit to having an external party review the daysheet or daily balancing. You should personally verify agreement between practice management software and today’s deposit. It is permissible to outsource the monthly reconciliation that compares a month at once. Reconciling the entire month at once drastically reduces the workload involved for the person performing the reconciliation, because most of the timing differences that have occurred within the month will have worked themselves out, and it is only the ones that straddle the beginning or end of the month that need to be addressed. This monthly reconciliation provides a “double-check” on the daily work that you are doing.
  11. The “timing differences” discussed earlier in this chapter create challenges in balancing and reconciliation. Situations where collections are recorded earlier or later in your practice management software than when they are received by your bank mean that it is often impossible to know by closing time today whether today is properly balanced. When a patient pays today by credit card, it will be several days before that payment can be confirmed
    Conversely, payments deposited by insurance companies directly in your bank account normally appear in your account a couple of days before you receive the Explanation of Benefits from that insurance company.
    Timing differences complicated the balancing (done by staff) and reconciliation (done by you, your spouse, or an outside party) processes, because they require keeping track of “held over” items for a few days until the other part of the transaction can be verified.
    For timing differences, online banking is a must to allow you to confirm that the correct amounts were deposited. This adjustment is easy for amounts that appear in the bank before they are recorded in your practice management software. However, for amounts with the deferred receipt, confirmation that these amounts were correctly received needs to wait a few days.
    The result of this timing difference is that “real-time” end-of-day reconciliation is no longer possible, and you need to review balancing a few days after the fact to be able to verify time-lagged credit card deposits. Prosperident has developed a spreadsheet that makes monitoring of deferred and advanced amounts easier. If you are comfortable using spreadsheets, please email us at requests@dentalembezzlement.com, and we will be happy to send you a copy.
  12. In addition to dealing with timing differences, online banking access for the dentist is virtually a necessity for other reasons. Online access allows you to compare your practice management software against what actually appeared in your bank account. Relying on pieces of paper like a bank deposit book (which can be adulterated), and waiting for the bank to send a month-end statement to provide ultimate confirmation of deposits, are not good ideas.

Practice Management Software can Lie

It’s something that we read over and over.  A dentist in a Facebook forum states that embezzlement cannot be happening in his or her practice because they “check their daysheet every single day.”


Broadly, there are two types of embezzlement.  The first takes place when the balancing process (in other words the daily and monthly comparison between software and financial accounts) is unsupervised or incomplete. In this situation, stealing is easy because a thief can enter all payments into the practice management software and then simply “short” the deposit. This leaves patient accounts balances accurate. This is important to prevent patients from complaining about their balances, repeated occurrences of which might get an embezzler caught.

But what if the balancing process is done with integrity, which means that it is complete and supervised? Does this mean that it is impossible to steal? Not by a long shot. It takes a bit more planning than pilfering from the deposit, but it is something that most would-be embezzlers can master.

Success at this kind of theft requires an embezzler to perform what shouldn’t be possible; he or she needs to teach practice management software to lie. This lying normally involves lowering a patient’s receivable balance in a way that does not simultaneously increase the amount that the software believes should be deposited.

There are many options for doing this. They range from the abuse of functions deliberately built into the software for other (legitimate) purposes, to more creative avenues such as exploiting security weaknesses in the software.

It’s tempting to assume that practice management software, which is normally built, at considerable expense, by some pretty smart people, should be hard to outsmart, but we see it happen over and over.

For security reasons, we are not going to outline specific techniques used. If you are a dentist and interested in learning more, feel free to attend one of our doctors-only live presentations or to contact us directly at requests@dentalembezzlement.com

How to Protect Yourself

Here are some steps that practice owners can take to help ensure the integrity of the information in their practice management software:

  1. Print the reports you rely on yourself. Allowing a staff member to generate reports for you creates the potential for selective reporting, where you are seeing less than the full picture
  2. Protect your password. One of the best ways to defeat the security measures built into practice management software is to obtain the practice’s owner’s login information. Your password should never be shared with any staff member, and you need to be obsessive about changing your password regularly (changing it quarterly is the maximum interval that should be permitted). Frequent changes will minimize the damage done from compromise.
  3. While it is important to look at day-end reports, looking at monthly ones is vital. If your review is limited to the days when the office is open, and no monthly verification is done, you open the door to extra activity performed on days when the practice is closed.
  4. On a monthly basis, the following need to be reconciled by you or an outside party such as an external bookkeeper to your practice management software:
    1. The bank account
    2. The merchant account (this is the facility used when patients pay by credit card)
    3. Any third-party financing or payment management company you use (e.g., Care Credit, Lending Club, or Orthobanc).
  5. You need to be aware of “timing differences” where the date when something is recorded by your practice management software is earlier or later than when money reaches your bank account. Credit card payments are an example of timing differences because of the 1-3 day “processing lag” before money reaches your bank account. You need to keep track of these amounts and ensure that they recolcile properly.

The bottom line –nothing will prevent embezzlement. But you can detect it quickly if you approach it the right way.

Embezzlement In Orthodontic Practices – Making Sense of the Mess

Wendy Askins, CFE, MBA

The orthodontic community does not have immunity from embezzlement. Instead, open systems and high levels of delegation create the perfect environment for a would-be embezzler to rob a practice broke.

There are thousands of ways to manipulate transactions for personal gain, and Prosperident continues to uncover new varieties of sophisticated methodologies every month.  Still, there are a few consistencies between confirmed embezzlement cases despite the method or amount stolen; it’s the behavior of thieves.

Embezzlement warning signs:

  •  Alone time
  • Refusal to take a vacation/sick time
  • Territoriality
  • Refusal to cross-train
  • Resistant to outside advisors
  • Conspicuous displays of honesty

The behavior of an embezzler can closely mimic the behavior of a dedicated employee in that they want to control all financial aspects of the practice to “relieve you of the burden.”  You’ll often find that they are deeply embedded in every procedure and with every patient.  That’s why their actions are so financially and emotionally devastating. 

Often the difference can be discerned through the willingness of the employee to be transparent and validation of the offered explanation.  For example, upon transaction inquiry, a dedicated employee, who is proud of their work, will relish the opportunity to prove how hard they are working for you, will be able to provide a prompt and very detailed explanation, with supporting documentation. Personal verification of the dedicated employee’s statements is quick and easy.

The embezzler’s manipulation strategy is to make you question your sanity so that they can gain control over you. An embezzler will often delay having to answer questions by utilizing gaslighting statements, such as “why are you wasting your time, let me take care of it” or “you just don’t understand how it works.”  The conversation will leave you feeling as if you are crazy for even asking the question.  Their explanations will be illogical, and most importantly, the transaction cannot be verified.

Prosperident has developed the Embezzlement Risk Assessment Questionnaire, which can help to expose behaviors linked to possible nefarious actions.  The Questionnaire is available for a nominal fee at our web store HERE.

If embezzlement is happening in my practice, my accountant would find it, right?

Probably not.  Picture someone planning on starting a new business saying this to their (less than tactful) accountant:
“George, I have fantastic news.  I’m about to start a new business.  And I’m so excited because I’m planning to have one piece of software keep track of revenue, and a totally different software account for my expenses.  And here is the best part … these two pieces of software won’t ever communicate with each other!”
The accountant’s response would probably be along the lines that this was a monumentally bad idea and would never work.
We can chuckle a bit at this exchange, and yet we just described every dental practice. 

The disconnect between practice management software and the accounting process is one of the major reasons that accountants find less than 10% of the embezzlement that takes place in dental practices.  However, many practitioners still believe that their accountant is a cornerstone of their protection against embezzlement.

The majority of embezzlement in dental practices is actually uncovered by the behavior of the staff member who is stealing. Our Embezzlement Risk Assessment Questionnaire is a low-cost way to evaluate the behavior of your employees. To get yours, click HERE.

I live in California, and I have been told that I can no longer check criminal records when hiring. Is this true?

No. California is one of 13 “Ban the Box” states.  These states have enacted legislation that is designed to prevent people from being unreasonably denied employment because of a criminal record.  Since about one in four US adults have criminal records, re-entry of these people into the workforce is viewed as an important part of their reintegration into society. The inability for people with criminal records to find legitimate work is often cited as a huge factor in recidivism.

The Ban the Box states have enacted rules that require employers to postpone performing criminal records checks, or asking questions like “do you have a criminal record” until after a conditional offer of employment has been extended. If an applicant has been offered employment, and the offer is subsequently withdrawn when a criminal record has been discovered, this places a fairly strong onus on the employer to justify the withdrawal, and the relevance of the criminal record to the job.

In other words, the employer has to be prepared to answer how a criminal record made an otherwise fully qualified applicant (as evidenced by the job offer) unsuitable for the job. By isolating this one factor, the laws seek to prevent peremptory discrimination against those with criminal records, and to stop employers from using some other justification for denying employment to those with criminal records.

Most states with Ban the Box legislation carve out a specific exemption for jobs that work with vulnerable populations such as children and the elderly. Since most dental practices do deal with these vulnerable cohorts, Ban the Box legislation will probably not end up forcing dental practices to hire people that they otherwise would not; instead it provides more of a procedural hurdle, forcing a certain sequencing in the hiring process and necessitating a review of documents like application forms.

And Ban the Box legislation reinforces a concept that we have long espoused. Whether you are in a Ban the Box state or not, the mere existence of a criminal record should not always prevent you from hiring someone. If someone does have a criminal record, you need to look at various factors. For example, was it a one-time transgression, or is there a pattern of criminality? Was the offense recent or a long time ago? Was it for possession of marijuana (which is now legal in many states) or check fraud? The answers to these questions will give insight into whether someone poses a risk to your practice.

So for most dentists, Ban the Box legislation does not threaten them in any way with the possibility of hiring someone who is a danger. What this legislation does is force employers, including you, to look more closely at criminal records before making a decision.

How to Read a Resume Critically

It continues to amaze us that the people who we refer to as “serial embezzlers” continue to find jobs in dental practices. One skill that dentists, and others involved in the hiring process, seem to lack is the ability to read resumes critically.

Here is the 2019 resume of one serial embezzler. She has used different names at various times including Unique Wells and Unique Edmond. She has a lengthy criminal record, and her own page in our Hall of Shame — https://www.prosperident.com/hiring-alert-nevada/ .

Unique-Edmond-Wells-resume-Aug-2019

So let’s take a forensic look at her resume and the attached reference letter. A few things pop out:

  1. Work experience on the resume is limited to two corporately-owned dental practices. Many practice owners do not bother checking references, and thieves know that there is a bit more work involved in obtaining a reference from a large organization like a university or DSO than a solo practice. Embezzlers know that listing large organizations is enough to deter prospective employers from reference checking.
  2. Her statement that she is willing to relocate for a job anywhere in the US is a bit overeager for the dental office manager or financial coordinator jobs that she is applying for.
  3. The “some college” she has listed for education is concerningly vague. Most employers would expect to see which college, years attended, program studied etc. on a resume. It looks like Unique is trying hard to give as little past information as possible.
  4. On the subject of vagueness, Unique lists no home address for herself.
  5. Of course, she is not specific about which Henderson, NV Pacific Dental office she works in. There are actually four offices. She would not want you to call that office only to find out that she does not work there.
  6. We tell practice owners to place no value whatsoever in written job references, because they are easy to forge. There are several clues to that fact that this reference letter is not real.
  7. The reference letter is not on letterhead. Even if it was, that would provide no validation; letterhead is easy to forge. However the fact that this letter is not on letterhead, and is signed using a “script” font from a word processor, creates strong questions about its credibility.
  8. Google searching suggest that the consultant, Kara Stevenson, and her company, do not exist.
  9. The phone number listed for Kara Stevenson was answered by Unique when we called.
  10. When reading the reference letter, one should be wondering in what context a consultant would be in a position to observe Unique’s work when her experience is limited to two DSOs. Most DSOs do not employ in-office consultants.
  11. The lavish praise heaped on Unique seem inconsistent with the insurance coordinator position that she claims to have held for the past nine years. According to the consultant, Unique pretty much walks on water. If she really had the attributes “like an in-house consultant,””110% loyalty” and an “ownership mentality,”and was working for a DSO , and was willing to relocate, Pacific Dental Services (with over 700 offices, and growing by 80 per year) would have certainly promoted her by now, probably more than once.

We recently were provided with another resume that was used by someone using the name Marie Edmond. You may notice that the phone number, and much of the text is identical to that used by Unique.

Marie-Resume-Unique-Wells

Hiring is a challenging process. It is difficult to find the right person, particularly in a booming economy with a labor shortage. In this all-consuming process, it is easy to lose the skepticism that needs to be there. To make a clumsy pun, Unique is not unique. Many resumes have false, misleading or incomplete information. Many applicants have attributes that they do not want you to know about. We can never forget to question the completeness, internal consistency and reasonableness of a resume.

Trust, Then Verify; Systems That Win

The following is an excerpt from David Harris’ upcoming book on protecting yourself from embezzlement. Stay tuned for the book release.

By now you know that embezzlement will eventually strike the majority of practicing dentists, and that amounts stolen can be significant.

There are a couple of things about this crime that surprises most of the dentists with whom I speak. First, when I bring up this topic with a dentist, typically what is in his or her mind is the theft of cash. And while employees who embezzle are thrilled to steal $20 bills, the amount that most practices receive in cash is small and decreasing. For most embezzlers to be able to steal the amounts that they think they should, many will evolve beyond stealing cash into targeting other forms of wealth transfer.

Cashing checks payable to you or the practice, hijacking credit card payments made to the practice, and intercepting direct deposits from insurance companies are all possibilities, and within the grasp of most thieves. The increasing level of automation in the banking system, and other technological innovations like e-deposits and devices that allow a smartphone to accept credit card payments, all play squarely into the hands of embezzlers.

The second area of surprise for most dentists is the interactive nature of this crime, and the ability of embezzlers to evaluate the systems in place in a particular office and to determine how to overcome or bypass those systems.

Many dentists start with an oversimplified view of embezzlement. They believe, and this belief has been reinforced by some of the dental literature, that blocking specific methodologies of embezzlement is the key to protecting yourself. So, for example, the practice owner should make bank deposits personally because doing so will thwart a would-be thief from stealing money from the deposit.

Someone in this situation who wants to steal will adapt, and the most common adaptation would be to find a way to have the practice management software underreport the amount received by the practice. Many practice owners believe that what is reported by their practice management software must be accurate, and this is not necessarily true.

There are lots of potential options for an embezzler; over the years I have seen hundreds of different methodologies employed, and ultimately this is what dooms the “denial of opportunity” strategies – embezzlers have too many possibilities for you ever to block them all.

So if the options available to a thief exceed your ability to block them, is this problem hopeless? Not at all; we need to shift our focus from blocking specific embezzlement methodologies to something more broad-minded.

Embezzlement consists of two elements – the act of stealing, which happens quickly and at the time and place chosen by the thief, and the act of concealment. Because of its fleeting nature, stealing is rarely observed by a dentist. However, concealment tends to be permanent, and therefore far easier to find.

The other “observable” is the behavior of a thief. In a study done by the American Dental Association, embezzlement victims were surveyed to determine what led them to realize that they were being stolen from. More than two-thirds of the victims who were surveyed said that some element of the thief’s behavior was the cause of their awakening.

The following series of steps are designed to maximize your chances of finding concealments and the behavioral indicia of embezzlement.

  1. The daily and monthly reports from your practice management software that you review should be ones that you have printed yourself. Allowing a staff member to generate reports for you created the possibility of “selective reporting, where you are looking at a subset of the practice’s transactions while believing that you are seeing the whole practice. Once you have reviewed a report, put your initials on it to confirm that it is the one you saw, and store it under lock and key for at least a year.
  2. The day-end reports from your software need to total accurately to the month-end report. Checking that these reports agree will allow you to detect if someone is processing payments on a day when the office is closed.
  3. Every month, review the “deleted transactions” report and the “modified transactions” report, which may have slightly different names depending on the practice management software that you use. Deleted and modified transactions deserve particular scrutiny for irregularities.
  4. Have all statements that you receive by mail such as your bank statement, credit card statements for office credit cards, merchant terminal statement (from the machine in the office that accepts credits card payments) sent to your home instead of your office. Let’s ensure that you see these first, and create a level of mystery about what you do with them.
  5. Review the Accounts Receivable report, and when printing it, ask your software to print a report without credit balances. Sometimes embezzlers use “phantom” credit balances to conceal some balances owing by patients that represent amounts that the patients have actually paid, and a thief has pocketed.
  6. On a monthly basis, reconcile the following to the totals in your practice management software:
    a. Bank account deposits including both those made by the practice and automatic payments from credit card companies.
    b. Credit card payments received
    c. Amounts placed with third-party financing and amounts paid to the practice from third-party financing
    If doing these reconciliations isn’t something you enjoy or are good at, it is permissible to outsource them to an external bookkeeper or an accounting firm. These reconciliations should never be done by someone working in the office or with access to your practice management software.
  7. Ensure that every staff member takes vacation each year, and ensure that the majority of it is taken together. Every staff member needs to be away from the practice for at least two consecutive weeks each year. If someone is embezzling, making them leave the practice for long enough that someone else has to cover for them provides one of the best opportunities for you to catch them.
  8. Where possible, divide up front desk duties so that the same person does not receive payments, record them in your practice management software and deposit them.
  9. Have a written anti-fraud policy that clearly spells out what is fraudulent conduct.
  10. Insist on cross-training of staff so that there is someone who can provide backup for every function performed by your front desk.

These ten steps will not take a lot of your time, but will dramatically increase your chances of spotting embezzlement in your practice quickly.

Why do people steal?

One of the most frequent comments we hear once the identity of an embezzler is confirmed is that he or she is “the last person I could imagine stealing”. Their surprise is understandable. We all have preconceptions about how criminals look, dress, speak, and act. Our mental image of the criminal is shaped by what we see on the news, TV dramas and by direct observation in our own communities.

Embezzlers will never fit this stereotype; many of them remind me of Sunday school teachers (which, in fact, some of them are). The explanation for why embezzlers do not fit the preconception is simple – you would never hire someone who looks your image of a criminal. So as an employer, you have already eliminated certain people because they haven’t passed your personal “smell test”, whereas everyone you hire has.

Criminologist Donald Cressey probably had the greatest influence on the development of our current understanding of economic crime. In his landmark 1973 book Other People’s Money, he proposed a framework called the Fraud Triangle. Cressey theorized that there were three necessary preconditions for fraud — Pressure, Opportunity and Rationalization.


Donald Cressey’s Fraud Triangle

Pressure
Pressure can be either financial or emotional, and we sometimes label embezzlers with these characteristics as “Needy” and “Greedy” respectively.
Needy embezzlers steal to address a financial need; some event has created a financial imbalance where more money is being spent by their household than what is being earned, and this deficiency has threatened their ability to keep themselves afloat. They steal to fund necessities like rent and mortgage payments. There are many possible triggering events. Some common ones are divorce, a spouse losing his or her job or an addiction of some kind.

In contrast, Greedy thieves steal to address an emotional deficit. In many cases, they feel that society (represented by you, their employer) has failed to recognize the true value of their talents, and they steal to address this perceived inequity (and to prove how truly smart they are). They may, perhaps even with justification, look at you as an intellectual peer. They conveniently forget the outlay you made to acquire your education and the financial and emotional burdens of practice ownership, and in their simplified worldview it seems unfair that you earn ten or twenty time what they do. Most of your staff, including any embezzlers you might be harboring, chronically overestimate what you take home. This overestimation increases the embezzler’s perception of inequity.

There are also those who derive emotional pleasure from the act of successfully taking a risk; they are somewhat analogous to the “celebrity shoplifters” we occasionally hear about. A spectacular example of this is one embezzler who we investigated who had been stealing from her doctor for several years when she won a $3 million lottery prize. If most dental staff staff members had that kind of lotto winning, they would probably quit their job, and on the way out the door would tell the doctor what they really thought of him or her.

This embezzler did not quit her job; she kept working. She also continued stealing and here is the interesting part. After her big win the amount she was stealing monthly increased. Since she clearly did not need the money that she was stealing, at that point her stealing was to address an emotional deficit and not a financial one.

One of the differentiating characteristics of Greedy thieves is how they spend their money. Needy thieves steal to protect their basic standard of living, but Greedy thieves spend conspicuously, and normally on luxury items that would otherwise be unaffordable; we have seen $140,000 automobiles, yachts and in one notable case the chartering of a plane to take friends on a shopping trip. The “egotistical” spending that we often see reinforces the view that the Greedy are stealing to address a self-esteem deficit.

A question I am often asked is whether embezzlement is more common when the economy is booming or in recession. Economic conditions affect our two cohorts differently. Tough times create more situations of financial desperation, and therefore more Needy thieves. When the economy is doing well, the perception that their friends are getting ahead more quickly than they are motivates some people to join the ranks of the Greedy.
Embezzlement could take place at any point in a dentist’s career. An employee’s decision to become dishonest actually has relatively little to do with you, and is far more related to their own needs and wants. I would describe someone’s decision to start embezzling as a statistical “random walk”.

While there is no correlation between the existence of embezzlement and career stage, my view is that dentists who are in the first five or last five years of their careers are likely to take longer to realize that they have a problem than mid-career dentists. I think that in the case of new dentists, their inexperience in business, plus often trying to juggle their practices, the effort needed to build their clinical skills, and often raising young families at the same time. The dentists in the twilight of their careers are (hopefully) financially comfortable and probably are not watching the pennies as closely as they once did. Also, many senior dentists who started practicing before practices were computerized have never become conversant with their practice management software, and that puts them at a marked disadvantage when it comes to detecting embezzlement.

What isn’t often understood is how powerful the motivation to steal is, and how the combination of determination, cleverness, and knowledge of how your office operates creates a climate where embezzlement can be successfully carried out, at least for a time.

Rationalization
In addition to feeling some form of pressure, an embezzler needs to decide that stealing from you is an acceptable way to address the pressure that they are facing.

We are all taught from an early age that taking other people’s things is wrong, and every embezzler must get to the point where they can tell themselves that “it is ok to break that basic rule because…”
I often explain rationalization as an ethical “bar” that a thief must be able to jump over before stealing. This bar has different heights for different people, and various factors can have the effect of lowering the bar.

Sometimes (probably without realizing it) the actions of the dentist may have the effect of lowering the bar for someone in their office. For example, if staff members see you cutting ethical corners or cheating on your income taxes, or if you do something that a staff member interprets as rubbing your relative affluence in their face, you are making it much easier for them to justify stealing from you.

I remember a doctor taking his entire team to a conference in an exotic location – great idea, except that the doctor purchased plane tickets in First Class for himself and his wife, while the rest of the team were crammed into Coach seats on the same plane. Another doctor used to regularly complain to staff about how expensive repairs to his Mercedes were; you can imagine the animosity this caused since the car cost more than the annual salary of any member of his staff.
At a minimum, this kind of behavior shows the doctor to be insensitive; it can also provide the would-be embezzler with sufficient rationalization to start stealing.

Other rationalizations that I have heard are that “the doctor would only waste the money anyway” or that the doctor is greedy or exploits patients or insurance companies.

Opportunity
The final precondition for embezzlement is opportunity, and opportunity exists in every practice.

The biggest misconception I encounter, and I think a major enabling factor for embezzlement, is the belief that policies, procedures and “checks and balances” can prevent, or reduce the likelihood of embezzlement. Unfortunately, this misunderstanding afflicts not only practicing dentists, but also the large community of those advising dentists.

To be clear, the misunderstanding is an honest one; most of us understand other types of crime better than embezzlement, and there is a tendency to assume that what is effective in controlling other criminal activity will also control embezzlement.

Most people understand that a burglar alarm installed in a house or business dramatically reduces the chance of burglary. Locking your car’s doors decreases the probability that your car’s contents will be stolen. We assume that the same approach (i.e., increasing the perceived difficulty of stealing) will reduce the likelihood of being embezzled, and that is where we have misapplied the analogy.

The difference between burglary and embezzlement is that it is quite easy for a burglar to switch victims. If a burglar is standing on your doorstep with the plan to rob your house, a burglar alarm sticker or loudly barking Doberman will cause them to reconsider. But what happens from their reconsideration? They do not abandon their plan to steal; instead they modify it. So if your neighbor’s house looks less protected, the burglar simply robs your neighbor instead. So all of your control measures did not convert a would-be thief into a law abiding citizen; instead they caused adaptation.

But here is where analogizing to burglary reaches its limit – for a burglar, changing victims is an easy adaptation. I simply walk a few yards down the street to find an easier victim. In contrast, changing victims is a major undertaking for a would-be embezzler; they would need to quit their current job and find a new one, preferably with a doctor who they have assessed and determined to be an easy mark. Then, the thief would need to spend sufficient time in the new practice to understand the controls in place well enough, and build sufficient trust with the doctor, to steal. Thieves simply aren’t that patient, and a much easier adaptation is to keep working for you and find a different way to steal.

Put another way, what embezzlers can control, and therefore what you can influence, is not their choice of victim; it is their choice of methodology. If you block an embezzler’s first idea for stealing from you, they will move on to their second, third or twelfth choice until they find something that works. And with dental offices being highly porous in this respect, thieves have lots of options.

Relating this back to Cressey’s Fraud Triangle, I view Opportunity as a binary factor – it either exists or it doesn’t. For embezzlement, more opportunity does not correlate with increased probably of embezzlement, and reducing (but not eliminating) opportunity does not decrease the likelihood. Let’s assume that you have a motivated thief in your office who knows you well – what are the chances that they will be unable to find some method of going through or around your controls? Sadly, their chance is excellent.

“My Day-end Report Balances to my Deposit, so I Must Be Safe From Embezzlement”

We hear this a lot.  At the core of your practice management software is a concept called “double-entry accounting.”  This means that a transaction mandatorily affects two different “accounts” maintained by your software. 

So, for example, entering a dental procedure increases both your “charges” and the receivable due from that patient.  Entering a payment decreases the patient’s receivable balance and adds to “collections.”

In a perfect world, stealing money would cause one of two issues; either the day-end report would not balance to the bank deposit if the amount stolen had first been entered as a payment in the practice management software. On the other hand, if the amount received was stolen without anything being entered into the practice’s practice management software. the software would show some unfortunate patient having a balance that is higher than what it is supposed to be.

Many dentists believe that the existence of this double-entry accounting will prevent would-be thieves from successfully stealing from the practice.

There are a couple of flaws in that logic. First, many dentists do not thoroughly check reports from their practice management software against the bank deposit. It isn’t sufficient to limit the review to the amount of cash and checks being taken to the bank; the practice owner must also verify deposits made directly by third parties, such as credit card payments and “ACH” (automated clearing house) deposits made by some insurance companies and other third parties like patient financing companies. A complicating factor is that there is often a timing difference — if a patient pays by credit card today, the practice management software treats this payment as being received today, although there is typically a delay of a couple of days before this payment is deposited to the practice’s bank account.

So if the practice owner is not verifying deposits or is doing an incomplete verification, a thief may not be required to display any artistry — they simply create an out-of-balance situation in the knowledge that the doctor will not find it.

If the day-end routing is done properly by the practice owner, a thief must become more creative. There are a number of methods of generating “fake news” where so that the reports produced by the practice management software are inaccurate, so that the day-end appears to balance while at the same time patient account balances are accurate. This is common, and something that we see almost daily.

Because we do not want to add to the tool kits of any embezzlers who happen to be reading this article, we are not going to enumerate the methods of “cooking the books” here; however a dentist with concerns or questions is welcome to contact us for a private discussion.