Trust, Then Verify; Systems That Win

The following is an excerpt from David Harris’ upcoming book on protecting yourself from embezzlement. Stay tuned for the book release.

By now you know that embezzlement will eventually strike the majority of practicing dentists, and that amounts stolen can be significant.

There are a couple of things about this crime that surprises most of the dentists with whom I speak. First, when I bring up this topic with a dentist, typically what is in his or her mind is the theft of cash. And while employees who embezzle are thrilled to steal $20 bills, the amount that most practices receive in cash is small and decreasing. For most embezzlers to be able to steal the amounts that they think they should, many will evolve beyond stealing cash into targeting other forms of wealth transfer.

Cashing checks payable to you or the practice, hijacking credit card payments made to the practice, and intercepting direct deposits from insurance companies are all possibilities, and within the grasp of most thieves. The increasing level of automation in the banking system, and other technological innovations like e-deposits and devices that allow a smartphone to accept credit card payments, all play squarely into the hands of embezzlers.

The second area of surprise for most dentists is the interactive nature of this crime, and the ability of embezzlers to evaluate the systems in place in a particular office and to determine how to overcome or bypass those systems.

Many dentists start with an oversimplified view of embezzlement. They believe, and this belief has been reinforced by some of the dental literature, that blocking specific methodologies of embezzlement is the key to protecting yourself. So, for example, the practice owner should make bank deposits personally because doing so will thwart a would-be thief from stealing money from the deposit.

Someone in this situation who wants to steal will adapt, and the most common adaptation would be to find a way to have the practice management software underreport the amount received by the practice. Many practice owners believe that what is reported by their practice management software must be accurate, and this is not necessarily true.

There are lots of potential options for an embezzler; over the years I have seen hundreds of different methodologies employed, and ultimately this is what dooms the “denial of opportunity” strategies – embezzlers have too many possibilities for you ever to block them all.

So if the options available to a thief exceed your ability to block them, is this problem hopeless? Not at all; we need to shift our focus from blocking specific embezzlement methodologies to something more broad-minded.

Embezzlement consists of two elements – the act of stealing, which happens quickly and at the time and place chosen by the thief, and the act of concealment. Because of its fleeting nature, stealing is rarely observed by a dentist. However, concealment tends to be permanent, and therefore far easier to find.

The other “observable” is the behavior of a thief. In a study done by the American Dental Association, embezzlement victims were surveyed to determine what led them to realize that they were being stolen from. More than two-thirds of the victims who were surveyed said that some element of the thief’s behavior was the cause of their awakening.

The following series of steps are designed to maximize your chances of finding concealments and the behavioral indicia of embezzlement.

  1. The daily and monthly reports from your practice management software that you review should be ones that you have printed yourself. Allowing a staff member to generate reports for you created the possibility of “selective reporting, where you are looking at a subset of the practice’s transactions while believing that you are seeing the whole practice. Once you have reviewed a report, put your initials on it to confirm that it is the one you saw, and store it under lock and key for at least a year.
  2. The day-end reports from your software need to total accurately to the month-end report. Checking that these reports agree will allow you to detect if someone is processing payments on a day when the office is closed.
  3. Every month, review the “deleted transactions” report and the “modified transactions” report, which may have slightly different names depending on the practice management software that you use. Deleted and modified transactions deserve particular scrutiny for irregularities.
  4. Have all statements that you receive by mail such as your bank statement, credit card statements for office credit cards, merchant terminal statement (from the machine in the office that accepts credits card payments) sent to your home instead of your office. Let’s ensure that you see these first, and create a level of mystery about what you do with them.
  5. Review the Accounts Receivable report, and when printing it, ask your software to print a report without credit balances. Sometimes embezzlers use “phantom” credit balances to conceal some balances owing by patients that represent amounts that the patients have actually paid, and a thief has pocketed.
  6. On a monthly basis, reconcile the following to the totals in your practice management software:
    a. Bank account deposits including both those made by the practice and automatic payments from credit card companies.
    b. Credit card payments received
    c. Amounts placed with third-party financing and amounts paid to the practice from third-party financing
    If doing these reconciliations isn’t something you enjoy or are good at, it is permissible to outsource them to an external bookkeeper or an accounting firm. These reconciliations should never be done by someone working in the office or with access to your practice management software.
  7. Ensure that every staff member takes vacation each year, and ensure that the majority of it is taken together. Every staff member needs to be away from the practice for at least two consecutive weeks each year. If someone is embezzling, making them leave the practice for long enough that someone else has to cover for them provides one of the best opportunities for you to catch them.
  8. Where possible, divide up front desk duties so that the same person does not receive payments, record them in your practice management software and deposit them.
  9. Have a written anti-fraud policy that clearly spells out what is fraudulent conduct.
  10. Insist on cross-training of staff so that there is someone who can provide backup for every function performed by your front desk.

These ten steps will not take a lot of your time, but will dramatically increase your chances of spotting embezzlement in your practice quickly.