Preventing Community Association Fraud: Part Two – Your Property Management Company’s Role
Fraud can strike just about any association – even one that is professionally managed – regardless of how small or large your community may be. However, a good property management company will have checks and balances and other security measures in place to help reduce the risk. How do you know if a management firm has taken those precautions? Is there something specific you should look for?
In part one of our two-part series on fraud prevention, we looked at what your association board could do to help protect your community from fraudulent activity. In part two, we share four key ways you can tell whether a management company has what it takes to protect your community.
1. The company has strong internal controls.Internal controls consist of systems and processes that a management company implements to protect your association’s money, prevent or deter fraud and quickly uncover fraudulent activity if it should happen. A company with strong controls will gladly tell you if it:
- Segregates duties. According to Drew Ahrensdorf, vice president at FirstService Financial, a provider of best-in-class financial services to communities managed by FirstService Residential, embezzlement is the most likely type of fraud to impact an association. A key way to help prevent it, he says, is to “ensure that people with access to money do not also have the ability to record the transactions.”
- Has formal invoice approval protocols. Ahrensdorf stresses the importance of a consistent approval process that includes sign-offs by a board member and the property manager. To ensure this, he recommends working with a management company that uses an electronic payment approval tool.
“The tool should establish a workflow for accounts payable and create detailed audit logs to document approvals for each invoice,” he says. “It also should assign a superior to your manager, like a regional director, to review and approve any invoice that exceeds a certain dollar amount.”
- Uses multifactor authentication. A company that offers the convenience of electronic access to your association’s funds should also require that users verify their identity through a separate channel or device. This type of authentication – whether by mobile phone, email or text message – mitigates access by unauthorized users.
- Automates bank reconciliations. It’s important that the management company’s internal records are matched against your bank’s transaction records. Having an automated process to do this eliminates one opportunistic touch point where human intervention can result in fraud or simple mistakes.
- Provides access to banks that offer a fraud detection service. The company should encourage your association to work with banks that offer Positive Pay, an automated fraud detection service that verifies any checks that are presented for payment against a list of checks your association has issued and authorized. Dollar amounts, check numbers and account numbers must match what is on the list in order for the bank to make a payment. If any of the information doesn’t match, the bank will contact the appropriate board member and make the payment only upon that person’s approval.
2. The company has the necessary resources.
The best of intentions won’t protect your community’s finances from fraud. Resources must be available to make those intentions a reality. For example, to successfully segregate financial duties, a management company will need to have employees available to staff separate payables, receivables and record-keeping departments.
Also, verify whether the company provides your association with a web-based platform where residents can make online payments (among other things) to reduce the risk of check fraud. Be sure the company’s in-house information technology (IT) department can provide robust security for that platform as well. Cyber attacks are a growing problem, even for small organizations like associations, so don’t underestimate the importance of cyber security in protecting financial and personal data.
A company with substantial resources will also be able to offer much-needed financial training to its associates and to your community board members. “It’s not unusual for board members to not understand financials,” says Ahrensdorf. “But if you don’t know what you’re looking at, you’re not likely to act on it.” Taking advantage of training courses offered by your management company will help your board become more financially savvy so your association is less vulnerable to fraud.
3. The company demonstrates a desire to be accountable, transparent and secure.
The primary way that a company ensures accountability is by undergoing an annual financial audit by a third-party certified public accountant (CPA). Public companies must get audited every year and make their financial information available to the public.
Private or public, make sure that the management company you work with is willing to disclose a range of financial activities. It should periodically conduct its own audits (in addition to the annual audit by a CPA) to ensure that it is complying with local laws and appropriately protecting the data and assets of each community it manages.