Safeguarding Your Law Firm from Fraud

James Martin is senior manager at Cendrowski Corporate Advisors (CCA), a full-service financial consulting and litigation support firm with offices in Chicago and Detroit.

The risk of fraud is an omnipresent threat to any business organization and law firms are no exception.  In fact, the typical operating structure of law firms has made them more susceptible to fraudulent schemes.  The Association of Certified Examiners (ACFE) estimates that the typical business loses 5 percent of its revenues to fraud each year, which translates to a global annual fraud loss of $3.5 trillion.  While the numbers highlight the threat posed, there are simple procedures and safeguards that management can implement to mitigate the risks associated with fraud in a law firm.

The starting point to any successful attempt to minimize the risk of fraud is proper oversight by the managing partners.  There should be oversight at all levels of operations and continuous improvement of areas with weak controls.  This supervision should extend beyond just the accounting department and should encompass all areas, such as the IT department and individual partners.  Law firms are particularly vulnerable to fraud, and this can be attributed to several key factors.  Attorneys typically focus their attention on servicing their clients – not on a firm’s accounting. Moreover, the day-to-day operations usually will fall on the accounting staff within a firm.  Not only can fraudulent schemes be orchestrated by employees at all levels within a firm, firms must also be safeguarded against risks of fraud from external sources.

There is no magic elixir to make a law firm immune to fraud, but management can instill a culture and adhere to internal controls to reduce the opportunity for fraud. Management must have a clear policy in place.  Consistent with this principle, internal control guidelines should be explained upfront for each employee.  Ethical behavior is something that can never be stressed too much in creating a culture of compliance.  Firms should also have reporting mechanisms in place to receive anonymous tips, red flags and concerns.   These channels may range from reporting misconduct to one’s superior to an actual hotline. This can vary depending on the size or composition of the firm.

Creating the right culture is crucial, but continually improving oversight procedures must also be an objective in reducing the risk of fraud.  Bank accounts should routinely be reconciled along with an extensive review of all accounts receivable and payable. Firms should monitor employee behavior to discover red flags, such as an employee living beyond his or her means, addiction problems, or financial difficulties.  Firms should ensure a “separation of duties” as well.  Pursuant to this idea, different tasks should be assigned to different individuals and jobs should be rotated.  This is an effective way to make sure that an employee cannot conceal his or her own fraudulent activity.  Management must also have procedures in place to monitor for conflicts of interest of employees and clients.  In addition, firms should be proactive and have a screening process during interviews with all prospective candidates.

A firm’s risk management should consider both external and internal factors and their risk on a firm’s objectives.  Risk management must be about more than just insuring against known risks; it’s also about minimizing what could happen.  There is no definite way to ever be completely free of the risk of fraud.  However, by understanding this risk and taking appropriate mitigating actions, a firm can reduce its exposure to fraudulent activity.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s