Thank you for sharing!

Your article was successfully shared with the contacts you provided.
Law firm leaders plan and budget every year to identify strategies to improve their bottom-line net income by increasing revenues and reducing expenses. They also evaluate various business risks and consider which measures are necessary to mitigate potential losses. Some of these protective measures are malpractice insurance, business interruption insurance, and disaster recovery plans. An additional business risk that requires management attention is the risk of fraud. The Association of Certified Fraud Examiners estimated in 2002 that occupational fraud and abuse cost U.S. organizations more than $600 billion (6 percent of revenues) annually. Taking strong protective measures against fraud will reduce your exposure to losses from theft or misappropriation and improve your bottom-line net income. In response to reports of corporate fraud, the American Institute of Certified Public Accountants (AICPA) issued a new audit standard effective for all financial statement audits with a period beginning after Dec. 15, 2002. This new standard, “SAS 99, Consideration of Fraud in a Financial Statement Audit,” requires auditors to assess the risk of material misstatement in financial statements due to fraud. Accordingly, financial statement audits will include additional procedures designed to consider the risk of fraud. Generally, however, only large law firms have their financial statements audited each year, and an audit, even under the new standards, cannot be relied upon for prevention or detection of fraud. Consequently, it is critical for management to recognize the risks of fraud and to implement anti-fraud programs and controls. MISAPPROPRIATION OF ASSETS As noted in SAS 99, fraud can range from minor employee theft and unproductive behavior to misappropriation of assets and fraudulent financial reporting. For publicly held companies, fraudulent financial reporting is a significant issue and public embarrassment. For law firms, which are closely held businesses owned by a relatively small number of owners, fraudulent financial reporting is usually not as significant a business risk as misappropriation of assets. Therefore, management’s primary concern should be the prevention, deterrence, and detection of asset misappropriation. Some examples of the misappropriation of assets in law firms: • A paralegal assistant with late-night access to partner offices stole personal checks and implemented a scheme to deposit fraudulent checks into a bank account opened for his personal benefit. • A payroll manager created fictitious employees and made direct deposits into personal accounts that he controlled. This fraud was reported to have cost the law firm $7 million over many years. • A secretary filed fraudulent travel advances presumably related to partner work for a client, intercepted the travel reimbursement check for the partner, and forged the partner’s endorsement on the check. • A law firm administrator created a phony supply company, approved fraudulent invoices, and prepared checks that were mailed to an address the administrator controlled. • An associate submitted fraudulent expense reimbursements for meals and other entertainment expenses that had not been incurred. • A petty cashier used petty cash funds as a personal bank account, drawing funds and submitting fraudulent reimbursement requests to replenish the funds. In order to reduce the risk of fraud in any organization, it is very important for management to set the appropriate tone at the top of the organization. Management must communicate and support a culture of honesty and ethical behavior. Rest assured that when management tolerates unethical behavior that might have a short-term benefit to the business, it also creates an atmosphere in which employees may rationalize their own unethical behavior. It has been said that “good controls keep honest people honest.” So, along with setting the appropriate tone, management must implement appropriate internal controls designed to prevent opportunities for fraudulent behavior. PREVENTIVE CONTROLS Because law firms are such demanding employers, they are also usually very supportive of employees, providing generous fringe benefits and a collegial culture. In this environment, management often assumes that the trust earned by an employee reduces the need for necessary internal controls. In fact, a common factor in each of the fraud examples noted above is that the law firms came to trust their employees too much. Preventive controls should be implemented in every instance involving a potential check or wire transfer disbursement and any contact with a cash receipt. These controls should include segregating duties related to these transactions to ensure that no single employee can authorize, execute, and record the related transaction. If you fail to segregate these types of duties between at least two employees, you are gambling on the trust of one employee � with the stakes being your law firm’s assets. In smaller law firms, preventive controls may require that a partner approve and sign checks and review deposits. A partner may also be involved in detective controls, such as opening bank statements, examining bank statements, and reviewing canceled checks. For larger law firms with multiple accounting and management personnel, these duties can be assigned to other employees, without partner involvement. Law firm management needs to evaluate the firm’s vulnerability to fraud wherever a significant dollar loss could occur. Some of the most likely areas are: Billing. If partners defer substantial billing approval responsibilities to their (understandably) trusted secretaries, the risk of a secretary submitting fraudulent client expenses will increase. If a partner compensation structure penalizes write- offs, but ignores the aging of work in process, a partner may have a built-in personal incentive to avoid writing off worthless work in process. Payroll. Payroll is a meticulous and detailed series of transactions that can often be efficiently performed by one trusted employee, but payroll is the most significant expense for any firm. As a law firm grows, and particularly as branch offices are opened, the potential for fictitious employees and unauthorized raises also grows. Although efficiency is an important consideration in any accounting process, it is especially critical to reduce the risk of fraud in the payroll process by segregating duties and having supervisory oversight. Disbursement. During an internal control review performed for a law firm a few years ago, we were surprised to learn that while procedures required all checks prepared for signature to be accompanied by an original supporting invoice, along with documentation that confirmed the service or product had been received, the controller regularly signed the checks without reviewing the supporting documentation. In this situation, it would not take long for a dishonest accounting clerk to determine that he or she could submit fraudulent payment information with little risk of prompt detection. The controller should always review supporting documentation and the amounts and payees to a check before signing it, and should periodically question the accounting clerk about invoices, in order to establish an environment where oversight is expected. Client escrow funds. Transactions from client escrow accounts can sometimes escape normal accounting processes with only limited oversight by an accounting clerk and attorney. Management should ensure that procedures for the authorization and execution of transactions in client escrow funds are also subject to appropriate internal controls. DETECTIVE CONTROLS When it comes to fighting fraud, the first steps are establishing a culture of ethical behavior, evaluating the vulnerability of your firm, and addressing those risks with sufficient internal controls. Along with these preventive efforts, SAS 99 encourages management to communicate its commitment to deter fraud by terminating violators and referring fraudulent behavior to the appropriate authorities. Management must also communicate that it is committed to detecting fraud by adopting detective controls, including the preparation of bank reconciliations and the investigation of any questionable transactions. Also valuable as a detective control is a process whereby employees can report on a confidential basis behavior suspected of violating firm policies. In most of the press stories of corporate unethical and fraudulent behavior, someone in the organization said they noticed some kind of unusual behavior, but no one asked them specifically about it. So they didn’t say anything. Law firms, like any other business, need to encourage employees to report suspicious behavior and to report when another employee appears to be living far beyond their means. Employees need to have confidence that they will not be penalized for helping to maintain the ethical culture that is critical for mitigating fraud risks. As law firms contemplate 2004 action plans designed to increase revenues and reduce expenses in order to improve their bottom-line net income, we strongly recommend investing in the prevention, deterrence, and detection of fraud. If even 1 percent of your revenues are at risk due to fraud, it is well worth the effort to manage this risk. John T. Niehoff, CPA, is a partner in the Law Firm Services Group of Beers & Cutler, specializing in audit, tax and business consulting services to law firms. He can be reached at [email protected] or at (202) 449-4224.

This content has been archived. It is available exclusively through our partner LexisNexis®.

To view this content, please continue to Lexis Advance®.

Not a Lexis Advance® Subscriber? Subscribe Now

Why am I seeing this?

LexisNexis® is now the exclusive third party online distributor of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® customers will be able to access and use ALM's content by subscribing to the LexisNexis® services via Lexis Advance®. This includes content from the National Law Journal®, The American Lawyer®, Law Technology News®, The New York Law Journal® and Corporate Counsel®, as well as ALM's other newspapers, directories, legal treatises, published and unpublished court opinions, and other sources of legal information.

ALM's content plays a significant role in your work and research, and now through this alliance LexisNexis® will bring you access to an even more comprehensive collection of legal content.

For questions call 1-877-256-2472 or contact us at [email protected]


ALM Legal Publication Newsletters

Sign Up Today and Never Miss Another Story.

As part of your digital membership, you can sign up for an unlimited number of a wide range of complimentary newsletters. Visit your My Account page to make your selections. Get the timely legal news and critical analysis you cannot afford to miss. Tailored just for you. In your inbox. Every day.

Copyright © 2020 ALM Media Properties, LLC. All Rights Reserved.