% Option Explicit Response.Expires = 0 Response.Buffer = True %> <% 'If Session("passed")<>True Then ' Response.ReDirect "invalid_route.asp" 'End If %>
Maintaining honesty in your Cashiering Department
January 2002
While it is something we may not
often talk about, within any collection operation, we must accept the existence
of the potential for money to be "lost" in the area of cashiering.
While no system is perfect, understanding your processes, your software and
audit trails will help to minimize the risk of any losses. This document discusses
this area and is designed to make you aware of possible problems and some
of the solutions.
The most common problem you will face is the possibility that cash received
does not get deposited, and is removed from the office by an employee. In
every office there is a procedure for handling cash, and this usually involves
issuing a receipt and balancing the cash deposit to the total of the receipts
issued. This is usually a simple and effective system, but can be challenged
by creative individuals. Consider the following example.
In the above circumstances,
we have encountered creative employees who have found ways to overcome some
of the obvious clues that would be left in executing such a plan. Take the example
of entering the balance adjustment. During Nightly Processing, Intelec will
print a detail list of all transactions for the day, along with the UserID of
the person who posted the transaction. This information is also retained on
the payment history for future use. If a person wishes to process a balance
adjustment, without the risk of being detected, we have encountered instances
where a person has entered a transaction at a different user's display station.
(One that was left unattended and not signed off!)
A more creative method of hiding the transaction is to change the data on the
files! Most computer systems have utilities that allow a user to access a record
in a file and change some or all of the information on that file. As an example,
it is possible to locate a payment transaction and change the payment amount
after the transaction has been posted. Even if the method of doing this is known
to someone, Intelec has sufficient security to prevent this. Remember that Intelec
is a menu-driven system and users can only work within the menu options. Certain
users can be allowed to "get to the system", but this a special authority
that must be granted to that user. There is also a "Security Officer"
in any company, who has access to the system and its utilities. These users
will usually have more access to the system and will not be restricted
by the rules within Intelec. As an example, if someone wanted to reduce the
deposit for the day by $100, they could go into the payment history file and
reduce a payment by $100, after the transactions had been posted! In the case
of the AS/400, while a report may be printed when such a change is made, a determined
individual could destroy that report and any edit reports, to remove any trail
of their activities.
How does Intelec address these issues? While there is no specific safeguard
against the theft of money, there are several things that can be used to identify
a problem. Remember that if you give the authority to someone to access any
area of the system, including system utilities, it is very difficult to stop
such a person from using that authority to their advantage. This is no different
from an employee who has the keys to the office and chooses to misuse their
privileges.
Your defense against electronic fraud begins with good procedures. Make sure
you have a system that tracks all cash that is received and deposited. You must
restrict the number of people who have access to cash. You will need to decide
whether you use your own receipts or use Intelec's receipt for payments received.
Talk to your accountant about security such as numbered receipts, multiple receipt
books etc. In addition :
In this type of operational
area, where there are many variables to contend with, presenting an image that
you are in control is very important. Automation will not provide all the answers.
You have be alert at all times and ensure that everyone understands that you
have designed and implemented excellent procedures. Discouraging a person from
being dishonest may be the best plan of action for maintaining honesty within
your cashiering department!
© Quantrax Corporation, Inc. 2002
Please sent comments to ranjan@quantrax.com