Risk Mitigation in Family Offices: Effective Strategies for Internal Control

People sitting at a table and talking.

Contrary to what you might imagine given the name, family offices are more subject to fraud and malfeasance than small- to medium-sized businesses. Why? Aren’t we all family? Don’t we treat everyone with care and respect?

To paraphrase Willie Sutton: “Because that is where the opportunity is.” Most family offices have few employees. Their staff may include team members who believe they are underpaid and on whom the principals rely on for a variety of tasks. Internal controls are usually lacking or not designed properly. Separation of duties relating to cash, for instance, is exceedingly difficult due to a lack of personnel.

Areas of Concern

Within family offices, several key areas present significant risks:

  • One person managing all aspects of cash–receipts, bill pay, movement among bank accounts, bank reconciliations (if done at all), vendor management, etc.
  • Lacking proper processes and oversight of the bank reconciliation process.
  • Not using available technology tools to mitigate the risk of cash being moved without the express authorization of the family.
  • Using the ubiquitous QuickBooks for accounting purposes when it’s not the most effective tool. If the family has complex activity and reporting requirements for numerous legal entities, the number of manual activities required to keep separate entities accurate and complete within QuickBooks can lead to significant errors, delays in reporting, and an ability to hide nefarious activities. Moreover, QuickBooks allows users to enter dates for a prior period, which can be used to disguise transactions in the current period.
  • Poor or nonexistent vendor management processes can facilitate embezzlement. Most malfeasance includes creating false vendors for the purpose of stealing.
  • Lack of good technology hygiene. When was the last time they had a cybersecurity review? Are their software programs updated consistently to avoid the latest hacking threats? Can they answer the question, “How safe is your data?”

Eight Tips for Effective Internal Controls Within a Family Office

While challenging, there are prudent measures and straightforward solutions that can significantly mitigate the opportunity for embezzlement or financial misstatements. These include:

Mandatory Vacation Policy

Require key employees to take a two- to three-week vacation every year. It is extremely difficult for an employee to maintain an embezzlement scheme if they are not there to monitor or hide it. Watch for employees who work excessive hours, especially when no one else is present.

Bank Reconciliation Oversight

Implement a robust oversight process for bank reconciliations. Use outside consultants if, as a principal, you do not think you can do an adequate job with this process. At a minimum, separate the employee who handles the cash from those who record the cash and reconcile the two activities on a timely basis. In today’s digital world of cash movement, electronic oversight of the reconciliations is critical.

Cash Movement Approvals

Employ technology that requires someone other than the person creating the payments to approve the movement of cash. Approvals can take place on your mobile phone from anywhere in the world.

Regular Vendor Reviews

Review and approve your vendors periodically. Any new vendor should be approved contemporaneously and before being paid for the first time.

Consistent Technology Assessments

Perform technology assessments consistently, such as every year or, at most, two. Technology is moving so rapidly that significant opportunities to improve your technology environment may be available.

Third-Party Internal Control Reviews

Obtain periodic third-party reviews of your internal control environment to establish and reinforce a robust, right-fit system of controls. This provides additional comfort regarding the completeness and accuracy of the data that underlies the financial reports. Internal control processes and procedures should be well-documented and tested periodically for compliance.

Budget and Variance Analysis

Set and approve budgets and report actual-to-budget variances to identify when activity differs from your expectations.

Annual Net Worth Statement Review

Conduct an in-depth review of the details that make up your net worth statement at least annually to avoid the unpleasant surprise of finding assets or liabilities you might not be aware of.

Professional Guidance for Family Offices

Malfeasance, embezzlement, and fraud can easily occur unless the family recognizes risks and takes the appropriate steps to mitigate them. If you would like to discuss your family office situation, our team would be more than pleased to visit with you and provide suggestions.