Skip to content Skip to navigation

Is Your Business Office at Risk for Fraud?

September 1, 2006
by root
| Reprints
Five common fraudulent practices and ways to avoid them by Kylie Waters Whipple, CPA
BY KYLIE WATERS WHIPPLE, CPA Is your business office at risk for fraud?
A business office can be a hotbed of opportunity for theft and misappropriation of assets, especially in long-term care In the nursing home industry, theft and misappropriation of assets are all too common occurrences. Over the past two years as controller for Medical Rehabilitation Centers/Exceptional Living Centers, I have analyzed nursing home policies and operating practices and have identified five key risks of fraud in industry business offices and the mitigating controls that are critical to preventing these abuses. The situations described in this article are derived from industry observations as opposed to specific company experience. By identifying these risks and implementing controls to mitigate fraud and illegal acts, facilities and resident assets can be protected. The key risks of fraud are theft of resident payments, theft of miscellaneous contributions, misappropriation of resident funds, fictitious payroll, and fictitious accounts payable.

To examine fraud risks, it is necessary to establish a working definition for fraud. In its broadest sense, fraud is any deception made for personal gain. This definition spans a wide spectrum of fraudulent acts ranging anywhere from petty theft (stolen office and medical supplies, etc.) to outright fraud and illegal acts (personally cashing resident payments, etc). This article specifically focuses on identifying risks for fraudulent and illegal acts and implementing controls to prevent them.

Risk #1: Theft of resident payments. A facility's business office receives cash (including checks and currency) each day as families, donors, and government agencies settle debts and extend contributions. In the absence of preventive controls, accounts receivable (AR) personnel could easily conceal theft by manipulating residents' financial information, including the primary payer source. For example, the AR clerk could steal private payments and change the resident's payer source from "private pay" to "Medicaid pending." In this scenario, the facility administrator and corporate personnel would not expect payment from Medicaid until approval of the resident's application. This process often takes from six to eight weeks, and the approval may not be 100% retroactive. Therefore, uncollectible balances during the transition from private pay to Medicaid are common, which creates a ripe situation for theft.

The primary mitigating control to prevent theft of resident payments is segregation of duties (i.e., separating access to interrelated operations). This is a key preventive measure in all business office practices. Specific to this fraud risk, separating cash access and resident financial records will reduce the opportunity for theft. To illustrate, the AR clerk should not have access to live cash. Instead, an employee without access to resident financial information should receive and open private payments, make copies for the AR clerk, and then physically make the bank deposit.

Another process that assists in reducing the risk of theft involves administrator oversight of private-pay statements and the review of the Accounts Receivable Aging Schedule. Administrators should oversee monthly distribution of private-pay statements to ensure that only system-generated charges are listed. Fraud could be perpetrated by adding additional charges to private-pay statements through either typed or handwritten notes on the system-generated statement. (Handwritten charges are outside the accounting system and are not traceable.)

Furthermore, administrators should participate in a monthly review of the Accounts Receivable Aging Schedule. The AR clerk and administrator should participate in a conference call with a corporate officer to review all outstanding balances older than 90 days. This helps to identify issues and situations as they occur.

Risk #2: Theft of miscellaneous contributions. Donations are not anticipated and cannot be recorded until received. To mitigate the risk of theft, a standard facility policy of donor awareness is recommended. Signs posted in the facility and written correspondence should notify donors that contributions should be sent directly to an established local bank account. Furthermore, all donors should be notified that the administrator will contact them personally to express appreciation. Creating a standard operating policy and donor expectation improves the level of control and reduces the possibility of contributions theft.

Risk #3: Misappropriation of resident funds. The nursing home often serves as the overseer of residents' personal funds. Income (such as Social Security checks) is directly deposited into the resident's bank account, and expenditures are paid out by the nursing home's business office. Fraud occurs when resident funds are misappropriated through reimbursement of unauthorized expenses. For example, without oversight, the designated resident funds manager could submit reimbursement requests for purchase of gift cards, lunch, or supplies for a resident and then personally use the items. To guard against this, administrators should review all reimbursed expenses. The administrator should also ensure that statements of deposits and withdrawals are distributed to each resident or power of attorney (POA) in a timely manner. (Monthly statements are hand-delivered or mailed to the POA if the resident has dementia.)

Pages

Topics