KANSAS CITY — It happens all the time: A real estate business puts too much faith in a single individual to handle their finances and ends up getting ripped off.
For real estate brokerages, MLSs and other real estate organizations, the key to avoiding this fate is to put in place the most effective anti-fraud control there is: segregation of duties.
That’s according to Matt McNamara, audit partner at Barley, McNamara and Wild CPA & Associates. He spoke at the Conference of MLS Financial Executives (CoMFE) Tuesday, hosted by the Council of Multiple Listing Services (CMLS). McNamara audits financials for the largest MLS in Florida, My Florida Regional MLS.
Rationalization, pressure and opportunity
According to McNamara, fraud arises when three conditions are in play: rationalization, pressure and opportunity.
Example of rationalizations on the part of the employee could be:
- “They don’t pay me enough.”
- “I was a key cog in the wheel to get that much revenue.”
- “That person made $2 million last year and I only make $60,000.”
Pressure could come from outside the organization (large personal debts, perhaps) or from within the organization (incentives to meet membership forecasts and revenue, for example).
But those things can be mitigated if the third prong, opportunity, is covered, McNamara said. If the employee has no opportunity to steal, it is less likely that he or she will.
Amounts subject to fraud could be big or small. For instance, at MFRMLS, one of the MLS’s three financial staff members took a member refund check and cashed it. The MLS let him go, according to the MLS’s chief financial officer, Jay Markell.
“Why would you throw away your career for a $500 check?” Markell said.
Sometimes employees will start small, see if they get caught, and then go for something bigger, McNamara said.
Preventing fraud is better than catching it
First things first: Don’t assume anyone — whether at the top or bottom of the food chain — would never, ever steal.
You might think, “Billy’s been with us 20 years, there’s no way he’d steal from us, so we don’t need to worry about fraud.” But it turns out Billy is the one ripping you off, McNamara said.
That doesn’t mean you should look at your current finance head with suspicion, just that a neutral process should be put in place, according to McNamara.
“This is not an indictment. This is something that has to be done (and) has to be done in a vacuum,” McNamara said.
“The potential for fraud is at risk, so identifying all possibilities and permutations and then deciding what is or isn’t a severe issue is more prudent than presupposing that there’s no way a particular process (or) area could result in a significant occurrence,” he added.
Next, a business should decide whether it prefers to put in preventative or detective controls. The goal of the former is to prevent errors or fraud that could lead to incorrect financial statements, and the goal of the latter is to detect such errors or fraud, according to McNamara.
Detective controls include reviews, exception reports, reconciliations and financial analyses.
Proper segregation of duties is a preventative control for an organization — and the most powerful, McNamara said.
“I push like crazy to put in the preventative control, even if it’s bringing in somebody from the outside to do a cash log,” and then compare it to what was actually deposited, he said.
He believes in keeping internal controls with a company team that’s present on a daily basis. For smaller companies, however, an outside bookkeeping firm could be a cost-effective way to ensure segregation of duties, McNamara said.
Divvying up who does what
Segregation of duties “prevents a single employee from being able to negatively affect a company. This is the case regardless of whether an employee wishes to do so, or might otherwise do accidentally,” McNamara said.
Key areas to ensure appropriate segregation of duties are in place include cash inflow, cash outflow, and payroll, he said.
Here is his six-step assessment process for separating duties:
- Identify all significant accounting-related processes (or ‘cycles’).
- Break these processes down into sub-process components, both transaction-level and general (for example, steps in performing a check run vs. vendor creation).
- In a two-dimensional manner (one-to-one), compare each step to identify whether an individual performing both processes would have the ability to both obtain personal value and affect the recording of it and highlight the intersection of these functions.
- Identify which of these steps requires access, either physical or electronic, to perform. For those steps that require neither, assume anyone can do them.
- For those steps that require either, determine who has access to perform each of these steps and work with IT personnel to determine who has write access to these functions (not read-only).
- Summarize all of your potential issues and identify the reasons why, if any, each issue is effectively mitigated.
Be conscientious. “The easiest way to lose your job is to have this process fail on you. Nobody that’s doing a volunteer board wants to show up in the newspaper the next day,” McNamara said.