Share this content
prevent fraud

Why Clients Need to Pay Special Attention to Checks Made Out to Cash


During the pandemic, many clients are focused simply on staying in business. But, that doesn't mean they can overlook their internal controls to prevent fraud. Forensic expert Steven Hovland explains.

Aug 12th 2020
Share this content

Many small businesses struggle with their internal controls. This struggle can and does impact the client’s bottom line. Additionally, the lack of controls impacts the opportunity costs of the client’s business. CPA firms, with their wealth of knowledge in controls and financial statements, can help mitigate these struggles.

Internal control weaknesses can range from the most simplistic, such as checks to cash, to the more complex, such as illegal kickbacks from vendors. The main objective of the perpetrator is to gain access to the businesses’ cash.

In this article we cover one of the more simplistic control weaknesses, checks written to cash. We also will discuss quick ways a CPA firm can protect their clients even if they do not perform attest services.

Segregation of Duties

As a quick refresher, remember that the most basic internal controls center around segregation of duties. Those duties are:

  • Authorization
  • Custody of assets
  • Recording
  • Monitoring

Per the 2018 ACFE Report to the Nations, almost half of all fraud happens because of a lack or breakdown of internal controls. Unfortunately, some of these are due to the client’s overall lack of understanding.

As we provide services to our clients, we need to be aware of obvious control weaknesses.

Many times, the controls that are lacking are some of the most foundational, such as not allowing one person to have access to all four areas in the segregation of duties. Identifying these lack of controls, especially when the only service being provided is filling out a tax return, is tough. However, some control breakdowns can stand out even when doing non-attest services.

Checks to Cash

When a client allows checks to be written to cash, they are creating a breakdown in the segregation of duties. To illustrate, assume a client allows the bookkeeper to write a $1,000 check to cash for various vendor expenses. The breakdown in the controls is as follows:

  • Custody of Assets – Most bookkeepers have access to the checkbook (hardcopy or electronically). In this illustration the bookkeeper has processed the check, therefore by default they have access to the checkbook or custody of the asset.
  • Recording – by the nature of the bookkeeper’s position, they have access to the accounting records and are recording the payment in the accounting system.
  • Authorization – In this example, the bookkeeper is not personally signing the check. The owner allowing the check to be written to cash is the authorization. When it’s presented to the owner for signing, the signature will be a formality.
  • Monitoring – The monitoring area is the most important of all the segregation areas. The owner allowing checks to be written to cash restricts the monitoring function. The owner cannot specifically monitor who received the funds, the vendor or the employee. This lack of being able to monitor indirectly allows the bookkeeper to have control over this area.

Here, the bookkeeper has access to three of the areas and can indirectly limit access to the fourth. This ability allows for theft.

Theft of cash comes straight from the bottom line. This means the client must earn a net income equivalent to all the cash stolen to get back to pre-fraud levels.

Internal Controls: Checks to Cash

The internal controls over checks to cash should be quite simple. Checks should never be written to cash from a business account. If an employee is going to the bank to replenish petty cash, then the check should be made out to that employee for the exact amount. Vendor payments should be written directly to the vendor. Distributions and dividends should be written directly to the individual who should be receiving the payment.

When the ability to write checks to cash is eliminated, the monitoring function is strengthened.

Case Study

We have come across several cases were the fraud started with checks being issued to the payee of “Cash.” In fact, when we start an investigation, the first analysis sorts out all checks in the general ledger and sees how many went to cash. In one case, the amount was astonishing:

ABC Partnership had two partners. Partner A primarily worked on operations and marketing, and Partner B worked on finance and customer service. In the early 2000s, Partner B wanted an easy way to pay vendors when away from the office. He decided to take a check with him when he left. For ease, he started to just write the check to “cash” versus the vendor name. Slowly, this transpired to Partner B making multiple checks payable to “cash.” Some were for petty cash reimbursement, but many were for actual payments on Partner B’s personal expenses. Over the course of 5 years, this partner had written over 300 checks to “cash.” The total dollar amount came to over $400,000. Some of the checks were written for uneven amounts, such as $2,131. These transactions were then entered into the general ledger as various expenses. The partner ended up making restitution for the amount plus interest. Partner A was not only upset at the amount, but at the fact the theft had gone on for so long.

In the above case, the partnership never received an audit nor review. So, there was no outside accountant examining either the controls or the fluctuations in the accounts. Had a control been in place to forbid checks to cash, then the fraud might have never started.

What Can be Done for Your Clients?

The clients who engage in attest services already receive a CPA firm’s expertise in this control. The firm is required to understand the internal controls of their audit clients. For other attest services, the traditional checklist has the checks to cash as one of the inquiry questions.

However, what can be done for a firm’s non-attest clients?

The time public accounts have allocated for non-attest clients is usually tight. Here are some steps you can take to help protect them:

  1. If staff receive or have access to the client’s accounting records, such as QuickBooks or Xero, have them perform a quick sort. Drill down into the bank accounts, and sort them by payee. A quick glance will tell if there have been checks written to cash. If there have been, make a simple phone call to ask the client if they are aware of the checks.
  2. If the client only fills out an organizer, ask whether they allow checks to be written to cash. Having the client answer the question will at least get them thinking about this control. Fraud typically happens due to a lack of monitoring. Nudging the client on this question will get them focused on monitoring this aspect of their company.

These steps will take a few minutes but can save the client tremendous amount of money. This will further the value of the CPA firm to the client.

The cost of fraud is more than just the funds stolen. There is the emotional toll to the client that sometimes costs much more than the money lost. Additionally, the expense to investigate the fraud can at times dwarf the costs of a financial statement audit or tax return.

Clients are busy growing and developing their businesses. Monitoring of controls tends to take a back seat. Doing a quick check will not only save them money, it will also build up and enhance your relationship with the them.