Small Business Fraud Prevention, Audit Techniques
Subject: Financial Controls Curriculum
19 chapters
1. 1 Why Small Businesses Are Vulnerable
[Verse 1]
Sarah runs her bakery with pride and care
One person handles money everywhere
Records the sales and pays the bills too
Same hands that count are balancing through
No separation of the tasks at hand
One person controls where the money lands
[Chorus]
Small business, big target, can't you see
One-fifty thousand lost on average, easily
Twelve to eighteen months they steal away
Trust without checking leads you astray
Segregate duties, audit the books
Don't let blind faith give criminals hooks
[Verse 2]
Maria's been here fifteen faithful years
The owner trusts her, never any fears
But trust can blind you to the warning signs
When loyalty crosses over the lines
Long tenure doesn't guarantee they're clean
The books might hide what's never been seen
[Chorus]
Small business, big target, can't you see
One-fifty thousand lost on average, easily
Twelve to eighteen months they steal away
Trust without checking leads you astray
Segregate duties, audit the books
Don't let blind faith give criminals hooks
[Verse 3]
No audit team to watch the money flow
No second set of eyes to help you know
The owner's busy running day to day
While financial controls just slip away
Operations first, that's how they think
But weak controls can push you to the brink
[Bridge]
Offshore bookkeeping, cheap but risky game
No accountability, no one to blame
They don't know your business, context is lost
Saving pennies but counting the cost
[Chorus]
Small business, big target, can't you see
One-fifty thousand lost on average, easily
Twelve to eighteen months they steal away
Trust without checking leads you astray
Segregate duties, audit the books
Don't let blind faith give criminals hooks
[Outro]
Under one hundred employees means you're at risk
ACFE data shows you can't dismiss
The highest median loss per case
Small business owners, protect your base
2. 2 The Three Fraud Categories (Fraud Triangle Foundation)
[Verse 1]
There's a theory from fifty-three, Cressey found the key
Three conditions come together when integrity breaks free
First there's pressure building up, financial stress runs deep
Performance targets out of reach, promises they can't keep
[Chorus]
Pressure, Opportunity, Rationalization
Three points of the triangle, fraud's foundation
When all three align, that's when trust breaks down
Controls stop opportunity from coming around
Pressure, Opportunity, Rationalization
Guard against the triangle, protect the organization
[Verse 2]
Second comes opportunity, when controls are weak or gone
Trusted access becomes the door when oversight moves on
Systems with no checks in place, approvals skipped in line
Access without validation, crossing every boundary line
[Chorus]
Pressure, Opportunity, Rationalization
Three points of the triangle, fraud's foundation
When all three align, that's when trust breaks down
Controls stop opportunity from coming around
Pressure, Opportunity, Rationalization
Guard against the triangle, protect the organization
[Bridge]
"I'll pay it back tomorrow"
"They'll never even know"
"I deserve this compensation"
That's how rationalization grows
Transparency breaks the spell
Makes excuses hard to sell
[Verse 3]
Third is rationalization, the stories people tell
To justify the actions when their judgment starts to fell
"Just borrowing for now" they say, "I've earned this anyway"
Mental gymnastics justify what conscience should betray
[Chorus]
Pressure, Opportunity, Rationalization
Three points of the triangle, fraud's foundation
When all three align, that's when trust breaks down
Controls stop opportunity from coming around
Pressure, Opportunity, Rationalization
Guard against the triangle, protect the organization
[Outro]
Build your walls around opportunity
Let transparency shine bright
Three points make a triangle
But controls can win the fight
3. 1 The Classic Bookkeeper Schemes
[Verse 1]
Sarah works the register, customers pay in cash
But the numbers don't add up when the manager checks the dash
Revenue per transaction's dropping week by week
Cash sales looking lower than the cards, something's bleak
She's taking money before it hits the books
Skimming off the top with those innocent looks
[Chorus]
Five classic schemes that bookkeepers play
SLLFP - remember this way
Skimming, Lapping, Lying vendors too
Fictitious payroll, checks they'll pursue
Watch the signals, build controls that stay
SLLFP schemes won't get away
[Verse 2]
Customer A just paid but their balance stays the same
Mike took that payment in his little stealing game
When Customer B pays next, he'll credit A's account
Lapping scheme cycling, hope no one will count
Aging receivables shifting all around
Payment dates mismatched when the truth is found
[Chorus]
Five classic schemes that bookkeepers play
SLLFP - remember this way
Skimming, Lapping, Lying vendors too
Fictitious payroll, checks they'll pursue
Watch the signals, build controls that stay
SLLFP schemes won't get away
[Verse 3]
ABC Consulting sends invoices every month
But they're fake as can be, it's just a stealing stunt
Ghost vendor address matches the employee's home
Round dollar amounts, red flags they should've known
One contact person, no purchase order trail
Fictitious vendor schemes are bound to fail
[Bridge]
Ghost employees on the payroll list
Inflated hours that don't exist
Unauthorized raises, off-cycle runs
Payroll fraud until the damage is done
Check tampering with forged names
Sequence gaps expose their games
[Chorus]
Five classic schemes that bookkeepers play
SLLFP - remember this way
Skimming, Lapping, Lying vendors too
Fictitious payroll, checks they'll pursue
Watch the signals, build controls that stay
SLLFP schemes won't get away
[Outro]
Auto-reconcile and flag the trends
Platform controls defend
Match the dates and verify
Keep your money safe and dry
SLLFP - now you know the way
Financial controls will save the day
4. 1 Segregation of Duties (SOD)
[Verse 1]
In the world of finance where the numbers flow
There's a golden rule that you need to know
One person alone should never hold the keys
To authorize, record, and custody
When Sarah can approve and write the check too
And lock up the cash when her work is through
That's a recipe for risk we can't ignore
Three duties split keeps fraud from your door
[Chorus]
Segregation of duties, keep them apart
Authorize, record, custody - three separate hearts
When one person does it all, that's where danger lies
Split the power, share control, that's how trust survives
A-R-C, remember the three
Never let them meet in one employee
Segregation of duties, it's the foundational way
To keep your business safe another day
[Verse 2]
But small business owners know the truth so well
You can't always split when you've got just a few
Your bookkeeper handles both the books and payments
That's where compensating controls break through
Owner reviews every check above a limit
Monthly bank statements straight to your hands
HR runs payroll but you approve the final
These backup measures help you take a stand
[Chorus]
Segregation of duties, keep them apart
Authorize, record, custody - three separate hearts
When one person does it all, that's where danger lies
Split the power, share control, that's how trust survives
A-R-C, remember the three
Never let them meet in one employee
Segregation of duties, it's the foundational way
To keep your business safe another day
[Bridge]
In the digital age with role-based access
Configure your workflows to create the gaps
Set approval thresholds, require second login
Technology helps where staff size limits
From accounts receivable to cash deposits
From purchase orders to expense reports
Every transaction needs its checks and measures
Internal controls are business treasures
[Chorus]
Segregation of duties, keep them apart
Authorize, record, custody - three separate hearts
When gaps appear, compensating controls
Fill the spaces, protect your goals
A-R-C, remember the three
Foundation stone of financial security
Segregation of duties, it's the proven way
To build strong controls that are here to stay
[Outro]
Three duties separate, or compensate the risk
That's the lesson you don't want to miss
Segregation of duties, your financial guard
Making fraud prevention less than hard
5. 2 Dual Control & Authorization Thresholds
[Verse 1]
When money moves through company doors
Two sets of eyes must check what's yours
No single person holds the key
That's dual control security
One thousand dollars is the line
Where vendor payments need two to sign
[Chorus]
Two approvals, independent minds
Dual control protects what's mine
Always check the critical flow
New vendors, payroll, accounts below
Two-five-zero for expenses too
Authorization, me and you
[Verse 2]
Creating vendors needs a pair
New bank routing handled with care
Employee joining payroll team
Always requires the double scheme
Off-cycle runs can't go alone
Two signatures before they're shown
[Chorus]
Two approvals, independent minds
Dual control protects what's mine
Always check the critical flow
New vendors, payroll, accounts below
Two-five-zero for expenses too
Authorization, me and you
[Bridge]
Journal entries adjusting books
Always need those second looks
Thresholds configurable and smart
But separation is the art
Independence is the key
No collusion, you and me
[Verse 3]
Significant transactions wait
For dual approval at the gate
One person's bias can't decide
When company assets are applied
The table shows us when to pause
Following financial control laws
[Chorus]
Two approvals, independent minds
Dual control protects what's mine
Always check the critical flow
New vendors, payroll, accounts below
Two-five-zero for expenses too
Authorization, me and you
[Outro]
When in doubt, get two to see
That's the way it's meant to be
Dual control will always guard
Against the fraud that hits so hard
6. 3 Bank Reconciliation Controls
[Verse 1]
When the numbers don't align between your books and bank
There's a story being told, don't leave it blank
Manual adjustments made to force the match
Could be hiding stolen cash from the latest batch
Reconciliation sitting there incomplete
Gives fraudsters time to make their theft complete
[Chorus]
Three controls to keep your money safe and sound
Auto-import, time alerts, and patterns found
Flag the overrides when someone breaks the chain
Catch late reconciliations hiding financial pain
Aging items tell a tale of what's gone wrong
Bank reconciliation controls keep fraud from growing strong
[Verse 2]
Platform power brings the bank feeds streaming in
Plaid and Finicity make the data spin
But when someone overrides what the system sees
That's a red flag waving in the digital breeze
Manual changes to automated flows
Often hide the theft that nobody knows
[Chorus]
Three controls to keep your money safe and sound
Auto-import, time alerts, and patterns found
Flag the overrides when someone breaks the chain
Catch late reconciliations hiding financial pain
Aging items tell a tale of what's gone wrong
Bank reconciliation controls keep fraud from growing strong
[Bridge]
Thirty sixty ninety days the items age
Each old reconciling item turns a page
Patterns in the differences repeat each month
Same amount keeps missing from the financial hunt
Period close should trigger reconciliation quick
Late completions are a fraudster's favorite trick
[Verse 3]
Book to bank variances that show a trend
Same gaps appearing time and time again
Could be skimming operations taking their share
Systematic theft hidden with fraudulent care
Detection algorithms watch for these signs
Protecting company assets and bottom lines
[Chorus]
Three controls to keep your money safe and sound
Auto-import, time alerts, and patterns found
Flag the overrides when someone breaks the chain
Catch late reconciliations hiding financial pain
Aging items tell a tale of what's gone wrong
Bank reconciliation controls keep fraud from growing strong
[Outro]
Where most frauds are exposed or hidden away
Bank reconciliation holds the key each day
Three controls working together as one
Keep your financial house safe when day is done
7. 4 Benford's Law Analysis
[Verse 1]
In nature's numbers there's a hidden law
Frank Benford found what auditors now saw
Thirty percent begin with digit one
Eighteen with two, and then the pattern's done
Seven gets ten, and nine just gets five
This distribution keeps fraud detectors alive
[Chorus]
Benford's Law will show the way
When fabricated numbers start to stray
Thirty, eighteen, twelve, nine, eight, seven, six, five, four
Real transactions follow this natural score
Flag the deviations, find what's fake
Benford's Law is all it takes
[Verse 2]
Fraudsters think five thousand sounds just right
But real expenses rarely align so tight
They pick the round numbers that feel natural
Missing the randomness that's statistical
When populations drift from expected curves
That's when the red flag system serves
[Chorus]
Benford's Law will show the way
When fabricated numbers start to stray
Thirty, eighteen, twelve, nine, eight, seven, six, five, four
Real transactions follow this natural score
Flag the deviations, find what's fake
Benford's Law is all it takes
[Bridge]
Run it on expenses and vendor bills
Payroll data and reimbursement fills
High volume datasets work the best
Put leading digits to the test
AP invoices tell their tale
When Benford's distribution starts to fail
[Verse 3]
Load up the platform, run the analysis
Flag populations with digit paralysis
Too many fives and tens appearing
Statistical anomalies are clearing
The fabricated from the genuine flow
Benford's mathematics starts to show
[Chorus]
Benford's Law will show the way
When fabricated numbers start to stray
Thirty, eighteen, twelve, nine, eight, seven, six, five, four
Real transactions follow this natural score
Flag the deviations, find what's fake
Benford's Law is all it takes
[Outro]
From one to nine the pattern's clear
Benford's Law keeps auditors near
The truth that's hidden in the data stream
Financial controls fulfill their dream
8. 5 Duplicate Payment Detection
[Verse 1]
In the world of payments flowing fast and free
Hidden duplicates can drain your company
But automation's here to save the day
Four simple rules will keep the fraudsters at bay
[Chorus]
Same vendor, same amount, check the days between
Same vendor, same invoice, catch what can't be seen
Same amount, different vendor, split-scheme on the prowl
Same employee, different periods, automated controls now
Duplicate detection, highest ROI around
Easy implementation, let the system scan it down
[Verse 2]
When Johnson pays the office rent again
Three days later, same amount, same pen
The system flags it red before it's through
Two thousand dollars saved with rule number two
[Chorus]
Same vendor, same amount, check the days between
Same vendor, same invoice, catch what can't be seen
Same amount, different vendor, split-scheme on the prowl
Same employee, different periods, automated controls now
Duplicate detection, highest ROI around
Easy implementation, let the system scan it down
[Verse 3]
Invoice twelve-thirty-four from Acme Corp
Even if the amount's been changed or warped
The number stays the same, the flag goes high
No duplicate invoice will slip on by
[Bridge]
Split payments try to hide behind new names
Same amounts to different vendors playing games
And employees shifting dates from month to month
But our four rules will stop them with one punch
[Chorus]
Same vendor, same amount, check the days between
Same vendor, same invoice, catch what can't be seen
Same amount, different vendor, split-scheme on the prowl
Same employee, different periods, automated controls now
Duplicate detection, highest ROI around
Easy implementation, let the system scan it down
[Outro]
Four rules of gold in your financial fight
Automated guards working day and night
Easy to build and the returns are clear
Duplicate detection, keep your ledger clear
9. 6 Journal Entry Review
[Verse 1]
In the ledger late at night, someone's making changes
Override the rules we built, rearrange the pages
Same person posts the fix who made the first mistake
Red flags are flying high, how much more can we take?
[Chorus]
Review every entry, check the time and user
Round dollars after hours make you a flag refuser
No descriptions, vague adjustments, reversals of the past
Journal entry nightmares, catch them running fast
S-A-M-E user posting, T-I-M-E stamps telling lies
R-O-U-N-D numbers floating, V-A-G-U-E replies
[Verse 2]
Miscellaneous adjustment with no paper trail behind
Thousand-dollar entries, suspiciously aligned
Weekends and the midnight shift, when nobody's around
That's when fraudsters strike the most, without making a sound
[Chorus]
Review every entry, check the time and user
Round dollars after hours make you a flag refuser
No descriptions, vague adjustments, reversals of the past
Journal entry nightmares, catch them running fast
S-A-M-E user posting, T-I-M-E stamps telling lies
R-O-U-N-D numbers floating, V-A-G-U-E replies
[Bridge]
Platform logs with timestamps, every single move
Flag the non-owner entries, make the owners approve
After-hours gets attention, round numbers past the line
Locked periods stay protected, by our control design
[Verse 3]
Owner countersignature when it's not their hand
Threshold limits watching every dollar in the land
Closed periods are sacred, hard flags block the way
Manual journal mastery keeps the fraud at bay
[Final Chorus]
Review every entry, check the time and user
Round dollars after hours make you a flag refuser
No descriptions, vague adjustments, reversals of the past
Journal entry mastery, controls that really last
Log and flag and verify, the power's in your hands
Journal entry review, the strongest defense stands
[Outro]
Six red flags to remember, platform controls in place
Journal entry review wins the financial race
10. 7 Accounts Receivable Aging & Lapping Detection
[Verse 1]
Sarah in accounting noticed something strange today
Invoice paid in March but money came in May
Payment timing differs from the cash receipt date
This mismatch could mean fraud we need to investigate
When periods don't align between the payment and the cash
Someone might be hiding something in the financial dash
Flag these transactions, mark them with a star
Timing inconsistencies show us where the problems are
[Chorus]
Check the aging, spot the lapping
Period shifting, balances mapping
Flag the timing, flag the drops
When AR suddenly stops
Days outstanding falling fast
That improvement might not last
Aging buckets tell the tale
When the controls start to fail
[Verse 2]
Customer balance hits zero overnight
Then weeks later shows up with numbers that aren't right
Balance disappears then reappears again
This could be lapping, so let's investigate when
Mary's account went from high to zero clean
Then popped back up like nothing's been seen
This vanishing act is a warning sign
Someone's moving money down the line
[Chorus]
Check the aging, spot the lapping
Period shifting, balances mapping
Flag the timing, flag the drops
When AR suddenly stops
Days outstanding falling fast
That improvement might not last
Aging buckets tell the tale
When the controls start to fail
[Bridge]
Trend the days outstanding by each customer name
When performance improves too quick, that's the game
Sudden drops in aging days should raise a flag
Someone might be using payments like a bag
Moving cash from A to B to make things look clean
But the aging report will show what's really been seen
[Verse 3]
Build alerts for period mismatches in your code
Flag those balance swings along the audit road
Monitor the trends in days outstanding too
These three controls will see the fraud scheme through
Thirty sixty ninety day buckets in a row
When they shift too fast, that's how we'll know
Lapping schemes unravel when we watch the time
Detection through aging stops financial crime
[Chorus]
Check the aging, spot the lapping
Period shifting, balances mapping
Flag the timing, flag the drops
When AR suddenly stops
Days outstanding falling fast
That improvement might not last
Aging buckets tell the tale
When the controls start to fail
[Outro]
Three red flags to always see
Period shifts and balance spree
Trending days that fall too quick
Aging analysis does the trick
11. 8 Payroll Audit Controls
[Verse 1]
Every month the numbers flow, paychecks ready, set to go
But before we hit that final send, audit controls must be our friend
Count the heads upon the floor, match the payroll, nothing more
Active workers on the list, not a single soul gets missed
[Chorus]
Eight controls to keep us straight, payroll fraud we'll terminate
Head count, ghosts, and direct pay, rate changes in the light of day
Off-cycle runs and benefit trails, proper records never fail
Eight controls to keep us straight, payroll fraud we terminate
[Verse 2]
Ghost employees haunt the books, phantom workers, take a look
No benefits upon their name, no reviews, it's quite a shame
No timesheets but still they're paid, red flags rising, don't be swayed
HR activity is the key, real employees we must see
[Chorus]
Eight controls to keep us straight, payroll fraud we'll terminate
Head count, ghosts, and direct pay, rate changes in the light of day
Off-cycle runs and benefit trails, proper records never fail
Eight controls to keep us straight, payroll fraud we terminate
[Verse 3]
Cash equivalent in their hand, direct deposit is our plan
Flag the workers paid in cash, fraud risk rising, move too fast
Pay rate jumping ten percent, where's the HR document
Changes need approval clear, proper records we hold dear
[Bridge]
Off-cycle payroll runs appear, special payments, look with care
Every penny must align, documentation by design
Benefits and reviews in place, ghost detection shows its face
[Chorus]
Eight controls to keep us straight, payroll fraud we'll terminate
Head count, ghosts, and direct pay, rate changes in the light of day
Off-cycle runs and benefit trails, proper records never fail
Eight controls to keep us straight, payroll fraud we terminate
[Outro]
Reconcile and verify, every worker, you and I
Eight strong controls guard the gate, payroll integrity is great
12. 1 Rule-Based Alerts (Tier 1)
[Verse 1]
When the same vendor sends the same amount twice
Within ninety days, that's not rolling dice
Duplicate invoices trigger our first alert
Round numbers over five hundred make us more alert
If it ends in zeros, question what you see
These deterministic rules protect our company
[Chorus]
Rule-based alerts, they're black and white
Either they trigger or they don't tonight
Tier one controls watching every flow
Ten simple rules that we need to know
Duplicate, round, new vendor too
Address matching, routing changes new
Rule-based alerts keeping fraud at bay
Deterministic guards work night and day
[Verse 2]
New vendor payments when they're under thirty days
Vendor addresses matching employee ways
When routing numbers change without approval clear
Bank account switches should ring alarm bells here
[Chorus]
Rule-based alerts, they're black and white
Either they trigger or they don't tonight
Tier one controls watching every flow
Ten simple rules that we need to know
Duplicate, round, new vendor too
Address matching, routing changes new
Rule-based alerts keeping fraud at bay
Deterministic guards work night and day
[Verse 3]
Off-cycle payroll running out of time
After-hours journal entries past the nine
Ten PM to six AM raises red flags high
Closed period changes make the systems cry
[Bridge]
Reconciliation overrides
Check sequence gaps we cannot hide
Manual changes to auto-matched
These rules ensure that fraud gets caught
[Chorus]
Rule-based alerts, they're black and white
Either they trigger or they don't tonight
Tier one controls watching every flow
Ten simple rules that we need to know
Duplicate, round, new vendor too
Address matching, routing changes new
Rule-based alerts keeping fraud at bay
Deterministic guards work night and day
[Outro]
Ten rules standing guard so true
Financial controls protecting you
Either triggered or they're not
Rule-based systems hit the spot
13. 2 Statistical Anomaly Detection (Tier 2)
[Verse 1]
When the numbers start to whisper secrets in the night
Statistical anomalies hiding from plain sight
We need more than just a snapshot, need the history to show
Baseline patterns tell the story of the fraudulent flow
[Chorus]
Benford's Law with chi-square testing
First digits never lie
Vendor spend trends are investing
Fifty percent makes us cry
Expense ratios we're detecting
Industry norms as our guide
Revenue per transaction
Payroll creeping up the side
[Verse 2]
Leading digits follow nature, one appears the most
Benford's distribution catches when the books are ghost
Chi-square test will prove the pattern, fraudsters don't obey
Mathematical laws of nature give their crimes away
[Chorus]
Benford's Law with chi-square testing
First digits never lie
Vendor spend trends are investing
Fifty percent makes us cry
Expense ratios we're detecting
Industry norms as our guide
Revenue per transaction
Payroll creeping up the side
[Verse 3]
Vendors spending fifty percent more than last year's take
Without a purchase order, that's a red flag we can't fake
Expense categories climbing way above the industry line
Average transaction values showing a declining sign
[Bridge]
AR lapping signals dancing
Customer balance rotation
Payroll as percentage rising
Revenue manipulation
Data history is the foundation
Baselines show the deviation
[Chorus]
Benford's Law with chi-square testing
First digits never lie
Vendor spend trends are investing
Fifty percent makes us cry
Expense ratios we're detecting
Industry norms as our guide
Revenue per transaction
Payroll creeping up the side
[Outro]
Six anomalies detecting
Tier two controls protecting
History-based reflecting
Financial fraud rejecting
14. 3 Relationship Graph Controls (Tier 3 — Advanced)
[Verse 1]
When vendors hide behind familiar names
Check their contact info against your claims
Match the phone numbers, addresses too
Email domains that look like someone you knew
Employee records hold the smoking gun
Are you paying staff through vendor runs?
[Chorus]
Link the vendors, detect relations
Network analysis across all stations
Fingerprint the source, trace the connection
Three-tier controls need your protection
Match and flag and analyze the flow
Hidden relationships you need to know
[Verse 2]
Related parties share the same address
Common ownership creates this mess
Principals hiding in the company tree
Shared locations are the master key
Flag the payments when the dots connect
These connections you must not neglect
[Chorus]
Link the vendors, detect relations
Network analysis across all stations
Fingerprint the source, trace the connection
Three-tier controls need your protection
Match and flag and analyze the flow
Hidden relationships you need to know
[Verse 3]
Vendor networks share their bank accounts
Phone numbers linking when you make the counts
Same financial footprints leave a trail
Cross-reference data, you will not fail
Multiple vendors, single banking source
Red flag rising, time to change the course
[Bridge]
IP addresses tell their story
Device fingerprints reveal the glory
Employee laptops submitting bills
Vendor invoices from corporate skills
Same location, different name
But the digital signature's just the same
[Chorus]
Link the vendors, detect relations
Network analysis across all stations
Fingerprint the source, trace the connection
Three-tier controls need your protection
Match and flag and analyze the flow
Hidden relationships you need to know
[Outro]
Entity resolution across the board
Contact matching is your mighty sword
Related parties cannot hide away
Network analysis saves the day
15. Phase 1 — Foundation Controls (MVP, months 1–3)
[Verse 1]
Connect your bank feeds, let the data flow
Plaid and Finicity make transactions show
Auto-import streaming, no more manual entry
Three months to build your foundation century
Every dollar tracked from source to ledger line
Phase one controls keep your books in time
[Chorus]
B-A-R-D-L-R, foundation controls we are
Bank feeds, Access, Reconcile, Duplicates, Lock, Review
B-A-R-D-L-R, these six will take you far
Build your MVP with controls that see you through
[Verse 2]
Role-based access, owner holds the key
Approval workflows set your people free
Who can see the books, who can make a change
Permission levels keep your data arranged
Every user action needs the proper gate
Foundation security, never leave to fate
[Chorus]
B-A-R-D-L-R, foundation controls we are
Bank feeds, Access, Reconcile, Duplicates, Lock, Review
B-A-R-D-L-R, these six will take you far
Build your MVP with controls that see you through
[Verse 3]
Duplicate detection stops the double pay
Same vendor, same amount, flags the risky way
Match by name and address, clean your vendor file
Deduplicate masters, organize with style
No more paying twice for services you need
Smart controls prevent the costly deed
[Bridge]
Lock those periods when the month is done
Journal entry audit trails for everyone
Reconcile with aging on unmatched items
Control your close process, no more problems
[Verse 4]
Three months to implement, foundation phase complete
Bank feeds automated, duplicate defeat
Roles and locks in place, reconciliation tight
Vendor masters clean, everything's just right
MVP controls provide the solid base
For complex systems you'll eventually face
[Chorus]
B-A-R-D-L-R, foundation controls we are
Bank feeds, Access, Reconcile, Duplicates, Lock, Review
B-A-R-D-L-R, these six will take you far
Build your MVP with controls that see you through
[Outro]
Phase one foundation, built to last and grow
Financial controls, the bedrock that you know
16. Phase 2 — Anomaly Engine (months 4–8)
[Verse 1]
In the fourth month we turn detective mode
Building engines that will crack the code
Benford's Law says ones appear the most
Thirty percent should be our leading host
When invoices don't follow nature's way
That's a red flag at the end of the day
[Chorus]
Anomaly engine running through the night
Catching what's wrong, bringing truth to light
Round numbers, gaps, and duplicate claims
After hours work and payroll games
Six detection methods working as a team
Nothing gets past our forensic machine
[Verse 2]
After hours when the office sleeps
Off-cycle transactions, secrets it keeps
Legitimate business happens nine to five
Suspicious patterns help fraud come alive
Flag those entries logged at two AM
Question why they're outside normal rhythm
[Chorus]
Anomaly engine running through the night
Catching what's wrong, bringing truth to light
Round numbers, gaps, and duplicate claims
After hours work and payroll games
Six detection methods working as a team
Nothing gets past our forensic machine
[Verse 3]
Round numbers make the fraudster lazy
Fifty thousand, hundred thousand, crazy
Real expenses end in random digits
Round amounts should trigger audit visits
People don't spend exactly ten grand flat
Natural variation's where the truth is at
[Bridge]
Count the heads against the payroll list
Ghost employees shouldn't exist
Check sequences should flow in line
Missing numbers are a warning sign
When Jimmy claims the same receipt twice
Duplicate detection pays the price
[Chorus]
Anomaly engine running through the night
Catching what's wrong, bringing truth to light
Round numbers, gaps, and duplicate claims
After hours work and payroll games
Six detection methods working as a team
Nothing gets past our forensic machine
[Outro]
Months four through eight we build the wall
Six detection systems catch them all
From Benford's patterns to sequence breaks
Your anomaly engine never mistakes
17. Phase 3 — Intelligence Layer (months 9–18)
[Verse 1]
In months nine through eighteen, we build the intelligence layer
Connecting dots between vendors and employees as players
Graph relationships mapping every transaction flow
Who talks to whom, and what the patterns show
[Chorus]
Intelligence rising, patterns we're finding
AR lapping, revenue mapping, fraud scores aligning
Red light, yellow light, green light we go
Dashboard traffic lights help executives know
Graph it, map it, score it, show it
Intelligence layer, now we really know it
[Verse 2]
Accounts receivable lapping, payments shifting around
Customer A pays for B, but the cash can't be found
Detection algorithms scanning every payment trail
When timing doesn't match up, red flags never fail
[Chorus]
Intelligence rising, patterns we're finding
AR lapping, revenue mapping, fraud scores aligning
Red light, yellow light, green light we go
Dashboard traffic lights help executives know
Graph it, map it, score it, show it
Intelligence layer, now we really know it
[Verse 3]
Revenue per transaction, trending month by month
If numbers look too smooth or show a sudden jump
Predictive scoring engines rate each vendor's risk
Employee-vendor pairs that make the system's alarm list
[Bridge]
External validation, IRS EIN check
Cross-reference databases, what do we expect
Traffic light dashboard for the C-suite view
Green means all clear, red means review
[Chorus]
Intelligence rising, patterns we're finding
AR lapping, revenue mapping, fraud scores aligning
Red light, yellow light, green light we go
Dashboard traffic lights help executives know
Graph it, map it, score it, show it
Intelligence layer, now we really know it
[Outro]
Phase three complete, intelligence in place
Financial fraud detection at executive pace
18. The 10 Things Owners Must Do (Regardless of Platform)
[Verse 1]
Don't just trust the reconciliation sheet
Read your bank statements line by line complete
Every transaction tells a story true
Financial control starts with what you do
When vendors knock upon your business door
Never let one person handle the whole score
Approve each new name before they're in the game
Separation of duties is the claim to fame
[Chorus]
Ten things owners must do, can't delegate away
Review, approve, require - that's the owner's way
Trust but verify, rotate and supervise
Financial control through your watchful eyes
[Verse 2]
Payroll day is coming, do you know your count
Every single employee, every last amount
Credit cards are swiping, charges here and there
Line by line inspection shows you really care
Bank statements in the mail should come to you direct
Not filtered through the books, that's what fraudsters expect
Dual approval threshold, set the limit right
Two signatures required keeps your money tight
[Chorus]
Ten things owners must do, can't delegate away
Review, approve, require - that's the owner's way
Trust but verify, rotate and supervise
Financial control through your watchful eyes
[Bridge]
Make them take vacation, fraud needs constant care
Two weeks away from books will show what's really there
Know your key ratios, the numbers tell the tale
Gross margin, payroll percent, before the ship sets sail
[Verse 3]
Rotate your bookkeepers or audit every year
Fresh eyes on the ledger make the truth appear
Mini-audits cost less than the lawyer's fee
Prevention beats litigation, can't you see
[Final Chorus]
Ten things owners must do, the power's in your hands
Review, approve, require, take your final stands
Trust but verify, it's your business to protect
Financial mastery through diligent respect
[Outro]
From bank statements to ratios, the owner leads the way
Financial control mastery, each and every day
19. Relevant Standards
[Verse 1]
When building systems that handle the cash
You need a framework that's built to last
COSO's five components show the way
Control environment starts the day
Risk assessment comes next in line
Control activities by design
Information flows and monitoring too
Internal controls will see you through
[Chorus]
Standards guide us, keep us right
COSO, SOC, and GAAP in sight
Privacy rules and license laws
Financial controls without a flaw
C-O-S-O framework strong
A-I-C-P-A keeps us on track along
Document, verify, comply each day
Standards show us the proper way
[Verse 2]
SOC 1 reports on controls that matter
When financial data could scatter
Type 1 shows the design today
Type 2 proves they work that way
If your platform touches revenue streams
SOC 1 compliance fulfills the dreams
Auditors need to see the proof
Your controls provide the truth
[Chorus]
Standards guide us, keep us right
COSO, SOC, and GAAP in sight
Privacy rules and license laws
Financial controls without a flaw
C-O-S-O framework strong
A-I-C-P-A keeps us on track along
Document, verify, comply each day
Standards show us the proper way
[Verse 3]
IRS wants substantiation clear
Receipts and records must appear
Business expenses need their proof
Documentation is the roof
GAAP principles standardize the books
GAAS tells auditors where to look
Generally accepted, widely known
These standards help your business grown
[Bridge]
But watch your boundaries, know your place
Don't give tax advice without the base
State CPA licensing draws the line
Keep your platform's role defined
PIPEDA guards Canadian data tight
CCPA gives California rights
Privacy matters when money's involved
These regulations must be solved
[Chorus]
Standards guide us, keep us right
COSO, SOC, and GAAP in sight
Privacy rules and license laws
Financial controls without a flaw
C-O-S-O framework strong
A-I-C-P-A keeps us on track along
Document, verify, comply each day
Standards show us the proper way
[Outro]
Six standards strong will guide your path
Financial controls that truly last
Build your platform on solid ground
Where compliance can be found
Back to Home