Fraud in General Practice – How to Keep Your Practice Secure
25.06.2018 , BY Laurence Slavin
25.06.2018 , BY Laurence Slavin
Fortunately, fraud in general practice is rare but, in recent months, we have seen an increase in behaviour resulting in a loss to the practice. In some cases, whether the action is fraud or not is a matter of perception. The perpetrator may see the action as perfectly reasonable, whilst the employer may take a very different view and of course, some cases are more serious than others.
Very recently, at a meeting with a practice to discuss the accounts, the amounts spent on staff welfare seemed disproportionately large. A quick review of the items showed a number of charges to a well-known department store which could not be explained. The member of staff who made the payments admitted they were personal and is no longer working in the practice.
One of the factors that made this easier to spot was a consequence of the practice moving to a cloud-based accounting system that made it easy for users to see what is going on and the audit trail built into the program made it difficult to hide such transactions.
The lesson here is to be vigilant and to use accounting software that helps. With the move to Making Tax Digital for some practices in less than a year, now is a good time to review your accounting system.
In the last few months, we have come across two practices where the salary bill has increased significantly for no apparent reason. On closer investigation, it turns out that the Practice Manager had paid themselves significant amounts of overtime without it being authorised by any of the partners. This is probably not uncommon and the Practice Manager may well be working longer hours but, unless the overtime is authorised, the risk exists that the payment of overtime could be exploited.
The lesson here is that all overtime must be subject to approval in the practice.
Some fraud is more overt and significant. We came across a practice which received an unexpected refund from the NHS of more than £100k, which, in fact, was a mistake. The Practice Manager then made a series of payments out of the practice for the same £100k to himself but showed this in the accounts as payments for locums. Since the bank balance was unaffected by these in and out transactions, this did not draw anyone’s attention but, of course, came to light when NHSE asked for the £100k back.
The lesson here is that this is not so easy to spot unless someone is regularly looking at the accounts. Modern cloud-based accounting systems download the bank transactions directly into the practice’s accounting system, so there is not the same opportunity to change the names of the recipients.
In one of the major frauds we came across, the Practice Manager employed members of her family in the practice without the consent or approval of the partners and paid all of them a high salary with significant amounts of overtime. At the annual accounts meeting, we questioned the fact that the key performance ratio of staff to core income was excessive, but the Practice Manager always had an answer which the partners felt was acceptable.
The lesson here (and one we learned too) is that the payroll records should be looked at regularly. This will identify excessive expenditure for certain individuals and will also detail all the employees on the practice’s payroll and the payroll summaries should agree to the payments out of the bank.
One point worth making here is that, while the practice’s accountant might be able to help in spotting areas that look unusual, it is not their responsibility to identify fraud - that rests with the practice. The accountants will spend a few weeks working on the records to complete the accounts, but the practice will need to have systems in place to reduce the possibility of fraud.
It is worth making the point that fraud may not always be committed by the staff, but by the partners themselves! Some time ago now, a partner made payments out of the practice ostensibly to suppliers (drug companies and utilities), but actually made the payments to himself. This got spotted after the accounts meeting, when the high expenditure on certain items was identified.
The lesson here is that, for large payments, there should be more than one signature to approve payments and again, using cloud-based software with a direct bank feed, there is less opportunity to alter the recipient.