With the amount of financial info you have to track, a spreadsheet is one of your most potent tools. But the more important (and complicated) a spreadsheet is, the more likely it is to have one of these major flaws. The good news: They’re all fixable. And those fixes can help you work more efficiently in the long run. Here’s what to look out for:

1. Hidden errors. No matter how well — or often — you check, a big complicated spreadsheet is bound to have some errors sneak in over time. And it’ll happen twice as fast if it’s a worksheet that multiple people have access to.  The fix: Periodically use one of the many programs that searches spreadsheets for cells that have missing formulas, broken links, references to empty cells, etc.
2. Too many chefs stirring the pot. There may be good reason for a dozen people to have access to see a spreadsheet — but chances are they don’t all need access to input data. Whenever possible, use Excel’s existing features (such as password-protection) to limit access to “read-only” for key files that need to be shared among many people.
3. Not knowing who did what. Even if access to input data into the worksheet is limited to only two trusted people, there may be times when it’s not clear which version of the spreadsheet is the last one. Make sure you have a system in place to track who made what changes and when. (For larger departments, software is available to handle this. For smaller companies, you may be able to get by with a solid naming/”save as” system.)

Chances are you’ll face more security threats this year. Are you ready?  Whenever the economy slumps, more would-be fraudsters are minted. Part of it is that people are desperate for money and get tempted by the apparent ease with which they can steal.

Others take advantage of everyone else’s fear, and use seemingly legit offers to con people — and companies — out of their money.

There are signs it’s already happening. The SEC has pursued 88% more enforcement actions related to securities fraud this year than it did in 2006. And the FBI recently said it expects its fraud investigations to increase from 38 cases last year to hundreds in the next year or two.

Internal solutions to internal and external threats

No matter how unlikely it seems that Betty in the next cube could be embezzling, or that a fake vendor could get its invoices approved and paid, it’s smart to take preventative steps now.

Your best bet is a two-prong plan to ensure that:

• no one inside the company has the ability to commit fraud, and
• if anyone from outside attempts financial shenanigans, that you’ll be able to catch it right away before any damage is done.

Start by doing an internal review of procedures to find any weak spots and shore them up first. And if you were debating any changes to procedure that might tighten controls, start implementing them. (Upper management isn’t going to grumble about changes or time lost if you can explain how this will help save money long-term.)

Once Accounting has done its part, there’s still one more step: Explaining the changes to other departments. If they aren’t on board, your controls won’t be fully effective.

Granted, you don’t want to give away too much detail — otherwise, you could actually make some types of internal fraud easier. But there are  a few key things you’ll want to communicate to employees:

• Controls have been made even stronger, and their compliance with new procedures is expected
• A way for them to report any suspicious activity they see so it can be investigated, and
• A list of fraud prevention red flags so they know what to look for when dealing with people outside the company.

Are you worried about more fraud attempts this year? What are you doing to shore up your procedures? Share your ideas in the comments.

Think of all the sensitive company info on your computer. It’s all at risk if someone guesses the right 6-8 characters. Which makes it all the more disconcerting that the most popular password in America is: “password,” closely followed by “123456.”

That’s the result of a study by PCMag.com.

If your password is on that list, the time to change it is yesterday.

Of course, part of the reason people rely on such easy to remember passwords is that we need a password for almost everything these days. Many find it too difficult to have truly secure log-ins that are unique and memorable.

Tips for secure passwords

Here’s some tips for making stronger, easy to remember passwords — and keeping them private:

• Don’t write your password down. Seems like a no-brainer, but you’d be shocked how many people keep passwords on a sticky note next to their computer. If you simply must have something in writing, use a reminder, to jog your memory, not the actual password.
• Use a mix of numbers as well as upper and lower case letters. Tip: To remember which letters are uppercase, use a shortened multi-word phrase and capitalize the “start” of each word. Example: “Time for lunch” could become “Tm4Lnch”
• Avoid using a password that appears in the dictionary. Automated programs can crack these passwords as easily as a squirrel cracks an acorn.
• Another option: If you only want to remember one word, use it backward or with a “creative” spelling.
• Assign individual passwords even for shared tasks. If you have three staffers who need access to a financial account, don’t use a “team” password. If someone is tempted to misuse information, you won’t be able to trace it to the guilty party — and knowing it can’t be traced can be very tempting to some people. Instead, have IT create separate log-ins. (Note: That doesn’t mean using a sequence like, Payroll1, Payroll2, Payroll3.)

The catch: The form is real. The fax number isn’t. But like all tax forms, it asks for information (Social Security Numbers, bank account numbers, addresses, etc.) that would be a gold mine for fraudsters.

We can’t say it often enough: IRS will not contact you directly via e-mail. Only press releases, public notices, etc, are sent electronically. If you get an e-mail from IRS don’t click on any links, don’t reply and don’t call any numbers listed in the message.

When in doubt, call IRS (using numbers you’ve looked up on your own).

And forward any IRS-related phishing messages to phishing@irs.gov so they can be investigated — and hopefully stopped.

And a surprisingly low 75% said they support zero-tolerance policies and/or strict discipline, including firing, after fraud is uncovered.

Prior research has shown that a tough response (or the threat of one) can not only deter potential fraud but also minimize the damage done. So it seems upper management’s reluctance to play hardball with internal fraud may actually make your job more difficult.

What do you think: Should companies take a zero-tolerance approach to fraud, or should everything be handled on a case-by-case basis? Share your thoughts and experiences in the comments.

It’s easier to catch T&E swindlers if you know why — and how — they do what they do. A recent survey by T&E Magazine got the real scoop from people who freely admit to having fudged their travel expenses in one way or another. Some of the findings may surprise you.

For starters, employees appear to be getting more honest. 83% said they were always totally honest on their expense reports. That’s up from just 70% in 2004.

Of those who admit to cheating, the amount they wrongfully claimed is down: 8% said they padded their expenses $100 or more — that figure was 34% in 2004. Another 32% said they padded expenses by $50 to $99.

Most travelers who admitted to cheating (66%) said they did so because being on the road cost them in ways that don’t fit on any expense report category. Another 30% said they routinely have to use personal money for business costs when traveling. Padding is their way of “righting” the books.

And 26% say taking a little extra cash is their way of being compensated for the hassles of being on the road. Only 4% said they cheat because they can. [Note: Respondents could pick more than one reason.]

While no one wants to have cheaters in their office, those “reasons” for padding expenses give you a good opportunity to make sure you don’t see any of it in the future. It indicates that people are less likely to inflate their expenses if they feel the company appreciates the hassles — and out-of-pocket expenses — of being on the road.

It’s a good reminder to periodically review your company’s T&E policies and guidelines. Making sure they’re still fair to your road warriors could end up saving you time and money, as well as improving employee morale.

What do you think: Do most traveling employees pad their expenses to right a perceived wrong? Or is that simply an attempt to justify stealing from the company?

And what’s the most egregious attempt at expense report padding you’ve seen? Share your stories in the comments.

IRS recently released the following information to help you prevent fraud attempts — and to educate employees and others about what risks they may face. Here are four excellent resources you and employees should be aware of to stay safe from phishing attempts and other common fraud:

1. IRS has a special department, Identity Protection Unit, just to deal with identity theft. You can reach it by calling 800-908-4490.
2. IRS will never contact your company or any individual taxpayer via e-mail. If you get a message that claims to be from the Service, forward it to phishing@irs.gov for investigation.
3. For certain fraud attempts, you may also want to contact the Federal Trade Commission at 877-ID-THEFT.
4. At OnGuardOnline, you can get tips on how to strengthen your company’s online security, take quizzes on cyber-threats and much more.

The right vendor will help you narrow your options so you get all the functionality you need without adding services you don’t need — and which cost more.

With that in mind, here are four questions to ask potential vendors when you’re shopping for a program:

1. How much support do you offer once the program is set up? Ideally, you’ll want access to a dedicated rep who can answer your questions. Depending on how complicated your program is and what new software you may be adding, it may be a good idea to have scheduled training sessions with someone from the card issuer. If that’s the case, make sure the training is done efficiently (no drawn out multi-day programs) and that it’s not a separate charge.
2. How much paper/time/money will this actually save us? If parts of the process (like handling receipts and P.O.s) are still manual, or will require printing out documentation, you may not be getting as much benefit as it seems. Get a detailed estimate of how much time and money you’ll be saving with the proposed system. And then figure out how long it’ll take for those savings to recoup your upfront expenses.
3. Does your program address our biggest headache? If T&E is where most of your paperwork roadblocks develop, a standard p-card program probably won’t suit you as well as a travel-specific card. Make sure potential vendors know what your top concern is — and that their programs are adapted to meet those needs.
4. How secure is our info? No financial transaction should even be considered until you have solid answers about how secure all the electronically based info really is.

If you’ve already been down this road, what questions are you glad you asked your vendor — or wish in hindsight you had? Share your perspective in the comments.

Fortunately, a few key steps are all you need to significantly increase the security of any cards you issue to employees. The Association for Financial Professionals identified  the four most commonly used controls to make sure that only authorized and approved transactions get put on company cards:

1. Requiring employees submit either original receipts or printed confirmations of Web-based transactions
2. Setting spending limits based on department/employee level (as opposed to setting one limit for all employees with cards).
3. Having a permanent card administrator or co-ordinator to monitor usage, train cardholders, etc.
4. Writing a detailed cardholder agreement (of their rights and responsibilities, as well as company policies) that all cardholders and their managers must sign.

Do you have your own advice on controls that have — or haven’t — worked at your company? Share it with us in the comments.

No matter how strong your controls or how much thought goes into hiring, eventually someone will try to scam your company.

Think it can’t happen at your company? We asked readers to share some of their experiences to show just how brazen — and outright stupid — some of the cons are.

For example, “Payroll girl” recently noted that an employee used a company account with the local grocery store to purchase everything from dog food to beer, as well as gift cards to other stores. The real kicker: When the employee was confronted and fired, he asked for time to finish the employer-provided breakfast.

Pattie Finn related a story of a worker who tried to pass off beer purchases as a legitimate expense for a children’s residential care program.

Pretty brazen, but perhaps not creative as the employee Dana Campbell says tried to get reimbursed for tires for his personal car — even though the company provided a business vehicle.

What goes through the minds of these would-be crooks? Hard to say. But the good news is that they all got caught. Vigilant Accounting pros, strong internal controls and support from upper management are keys to quickly finding — and stopping — any would-be scammers from getting the best of your company.

The most vulnerable areas will depend on your company, industry and general practices. But for the most part, you’ll want to keep a closer eye on:

1. any check-writing functions (vendor, payroll or employee reimbursements & benefits)
2. corporate credit or purchasing cards, and
3. petty cash.

Not only are those the places where theft is most often attempted — it’s where it’s costliest, too. No doubt you already have solid controls in place — especially on those functions. But it’s worth doing a regular review of controls and procedures — as well as mini-audits — throughout the year.

Constantly reviewing your procedures is the only way to stay ahead of would-be thieves.

Have you encountered an attempted fraud at your company? Tell us what they tried — and how you discovered it.