Fraud Prevention at Scale: DSO Internal Controls
With one location, you might notice something wrong. With fifty locations, fraud can hide for years. The control structure that works at scale is different from what works for a single practice.
📚 Part of our DSO series: This article is part of The DSO Financial Operations Playbook, our comprehensive guide to building scalable financial operations across multiple dental practice locations.
The Scale Problem for Fraud Prevention
Single-practice fraud prevention often relies on the owner's presence and attention. The doctor knows the staff, sees the daily activity, and notices when something feels wrong. Intuition and proximity serve as informal controls that catch problems before they escalate.
That model breaks completely at scale. DSO executives cannot be present at every location, cannot know every employee personally, and cannot see every transaction. Distance creates opportunity for fraud that would never survive in a closely-watched single practice.
DSOs need control structures that work without constant executive presence. They need systems that detect anomalies automatically, deter bad actors through visible verification, and catch problems before they become crises that threaten the entire organization. Building this capability requires understanding the specific fraud schemes that thrive at scale and designing controls that address them systematically.
Common Fraud Schemes That Exploit Scale
Cash and payment theft represents the most direct form of fraud in dental practices. Common schemes include skimming cash before recording it in the system, recording cash as a different payment type to obscure the theft, pocketing cash and adjusting patient balances to hide the discrepancy, and stealing checks before they reach the deposit. These schemes work at scale because local oversight is absent, cash handling often falls to a single person without verification, reconciliation is not independently verified, and long-term employees accumulate trust that reduces scrutiny. The scale of impact typically ranges from five thousand to fifty thousand dollars or more per location before detection.
Insurance payment diversion redirects payments that should go to the practice. Schemes include changing EFT enrollment to direct funds to a personal account, forging endorsements on insurance checks, posting payments and then reversing them after capturing the funds, and creating fake insurance payments to offset stolen cash. These schemes work at scale because insurance processes are inherently complex, multiple payers obscure patterns that might be obvious with fewer carriers, EFT changes are not monitored closely, and ERA-to-deposit reconciliation is often weak or nonexistent. The scale of impact can be very large because insurance payments represent significant dollar amounts.
Adjustment abuse uses the legitimate adjustment function to hide theft. Schemes include writing off patient balances after stealing their payment, creating adjustments to offset stolen funds, manipulating insurance adjustments to pocket the difference, and rounding down payments while keeping the difference. These schemes work at scale because adjustments are routine and expected, high transaction volume obscures suspicious patterns, documentation requirements are often weak, and review is typically limited to transactions above dollar thresholds that fraudsters learn to avoid. The scale of impact is difficult to quantify because these schemes can continue undetected for years.
Vendor and expense fraud creates fictitious expenses or extracts kickbacks from real vendors. Schemes include setting up fake vendors that receive payments, accepting kickbacks from real vendors in exchange for business, running personal expenses through business accounts, and creating inflated invoices with personal rebates. These schemes work at scale because purchasing is decentralized to locations, invoice approval processes are weak, vendor setup lacks adequate controls, and expense patterns are not analyzed across the organization. The scale of impact can be substantial, especially in supply-heavy practices.
Payroll fraud manipulates compensation systems. Schemes include creating ghost employees who receive paychecks, authorizing overtime without legitimate basis, processing unauthorized raises, and falsifying time records. These schemes work at scale because location managers control local schedules, time tracking is not independently verified, payroll is processed centrally without local knowledge to catch anomalies, and headcount is not physically verified against payroll records. The scale of impact represents ongoing losses that continue until someone detects the discrepancy.
Building a Control Framework That Scales
Preventive controls stop fraud before it happens. Segregation of duties ensures that different people handle different parts of transactions, preventing any single person from controlling an entire process from initiation through completion. Authorization requirements establish approval thresholds for significant transactions, require dual signatures for large items, and route key changes through corporate approval rather than local discretion. Access controls limit system access by role, restrict sensitive functions to appropriate personnel, and require regular review of access rights.
Implementing preventive controls at scale requires standard role definitions that apply consistently across all locations, technology-enforced restrictions that cannot be circumvented locally, and central control of high-risk functions like EFT changes and vendor setup.
Detective controls identify fraud that occurs despite preventive measures. Reconciliation includes daily deposit verification, bank-to-PMS matching, credit card batch comparison, and variance investigation. Monitoring encompasses transaction pattern analysis, adjustment trending over time, exception reporting for anomalies, and benchmark comparison across locations. Auditing involves surprise cash counts, periodic location audits, sample transaction testing, and control compliance verification.
Implementing detective controls at scale requires automated reconciliation that does not depend on location cooperation, centralized monitoring dashboards that provide visibility across all locations, exception-based attention that focuses resources on problems rather than reviewing everything, and risk-based audit scheduling that directs audit effort where it matters most.
Corrective controls respond appropriately when fraud is detected. Investigation procedures should follow a standard protocol that preserves evidence, involves legal and HR appropriately, and documents everything thoroughly. Recovery processes include insurance claims, legal action where warranted, and restitution requirements. System improvements should follow every fraud incident through root cause analysis, control enhancements, and communication of lessons learned across the organization.
Implementing Controls Across Multiple Locations
Centralizing high-risk functions moves sensitive activities to corporate where they can be controlled more effectively. Functions that should be centralized include bank account changes, EFT enrollment and modifications, vendor master file maintenance, employee master file maintenance, and credit card merchant setup. Centralization provides separation from location staff who might be compromised, specialized expertise in handling these functions, consistent processes across all locations, and better oversight of activity.
Implementation requires clear handoff procedures so locations know how to request changes, response time commitments so centralization does not create operational bottlenecks, escalation paths for urgent situations, and documentation requirements that create audit trails.
Automating reconciliation replaces manual processes with systems that verify independently. Automated reconciliation provides daily verification without requiring location involvement, uses independent data sources like bank feeds and PMS exports, applies rules consistently without human judgment or fatigue, and flags exceptions for investigation rather than requiring review of every transaction.
Key automations include bank deposit matching, credit card batch verification, insurance EFT tracking, and adjustment monitoring. The scale benefit is significant because the same level of verification applies across all locations without proportional increases in headcount.
Implementing exception-based monitoring focuses attention on anomalies rather than attempting to review everything. Exception categories include reconciliation variances, unusual adjustment patterns, deviations from historical trends, and threshold breaches. Alerting should be real-time for critical items, daily digest format for routine exceptions, weekly summary for trend analysis, and aging reports for items that remain unresolved.
Response to exceptions requires clear ownership for each exception type so nothing falls through the cracks, required investigation timelines so issues do not age indefinitely, documentation of resolution, and escalation for items that remain unresolved past their deadline.
Risk-based auditing directs audit effort where risk is highest. Risk factors include time since the last audit, indicators of control weakness, financial performance anomalies compared to peers, history of complaints or tips, and manager tenure and stability. Audit frequency should be quarterly for high-risk locations, semi-annual for medium risk, annual for lower risk locations, plus random surprise audits that can hit any location at any time.
Audit procedures should include cash counts, deposit verification, adjustment sampling, process observation, and staff interviews that can surface concerns that do not appear in data.
Technology That Enables Scalable Fraud Prevention
Automated reconciliation systems form the foundation of scalable fraud detection. Required capabilities include automated data collection from all relevant sources, matching algorithms that identify discrepancies, exception workflows that route items for investigation, and audit trails that document everything. Benefits include consistent verification everywhere, early detection of variances before they compound, independence from location staff who might be compromised, and scaling with location count without proportional cost increases.
Analytics and pattern detection identify fraud through data analysis. Analytics to implement include adjustment trending by location, collection rate deviation detection, cash percentage analysis, and comparison to benchmarks. Pattern detection looks for unusual sequences of transactions, round-number patterns that suggest manual manipulation, timing anomalies, and concentration of activity with specific individuals.
Access management systems control who can do what across the organization. Required capabilities include role-based access control, audit logging of all activity, regular access review and certification, and privileged access management for sensitive functions.
Tip and complaint systems enable reporting of concerns by employees who observe problems. Required components include an anonymous hotline option, clear reporting procedures, a non-retaliation policy that employees trust, and an investigation protocol that ensures tips are followed up appropriately. At scale, this means a centralized hotline with standard investigation procedures that apply across all locations.
Organizational Elements That Support Controls
Clear accountability defines who is responsible for what at each level of the organization. At the location level, the office manager is accountable for control compliance, with clear expectations documented, performance evaluation including control compliance, and consequences for violations. At the regional level, regional leaders oversee location controls, audit results factor into their evaluation, and they serve as the escalation point for serious issues. At the corporate level, responsibility includes control design and monitoring, investigation of serious matters, and ownership of systems and policies.
Culture of control builds fraud awareness into the organizational culture. Elements include training on fraud risks so employees understand what to watch for, communication of expectations so standards are clear, visible consequences for violations so deterrence is credible, and recognition for ethical behavior so the right actions are reinforced. The messaging matters greatly here. Controls should be positioned as professional practice that protects everyone, not as accusations of wrongdoing. Verification exists because it is good business practice, not because leadership distrusts the staff.
Competent personnel means staffing financial roles appropriately at every level. At locations, this means background checks for anyone in financial roles, training on control procedures, and clear expectations for behavior. At corporate, this means professional finance staff, audit expertise, and investigation capability when problems arise.
Responding When Fraud Is Suspected
Immediate steps when fraud is suspected include preserving evidence before anything can be altered or destroyed, securing access by considering suspension of system access for suspected individuals, involving appropriate parties including HR, legal, and executive leadership, and documenting everything from the moment suspicion arises.
Equally important is knowing what not to do. Do not confront the suspect prematurely before evidence is secured. Do not discuss the situation with other staff who might alert the suspect. Do not destroy or alter any evidence, even inadvertently. Do not ignore or minimize concerns that seem credible.
The standard investigation process begins with assembling an investigation team with appropriate expertise, defining scope and timeline, collecting and analyzing evidence, interviewing relevant parties, documenting findings thoroughly, and determining the appropriate response based on what the evidence shows. Documentation should include an investigation memo summarizing the matter, an evidence inventory, interview summaries, and a conclusion with the basis for that conclusion clearly explained.
After the investigation, if fraud is confirmed, appropriate responses include employment action as warranted by the circumstances, consideration of legal action to recover losses, filing an insurance claim if coverage applies, improving controls to prevent recurrence, and communicating appropriately within the organization. If fraud is not confirmed, the investigation should still be documented, any control weaknesses discovered should be addressed, and monitoring should continue going forward.
Measuring Whether Controls Actually Work
Control metrics that should be tracked include reconciliation completion rate, exception resolution time, audit finding trends over time, fraud losses detected, and hotline activity levels.
Testing and validation should include regular control compliance testing to verify that controls operate as designed, penetration testing for access controls, and trending of audit results over time.
Continuous improvement should be driven by fraud trends both internal and across the industry, audit findings that reveal weaknesses, control failures that indicate design problems, new fraud schemes that emerge, and technology advances that enable better detection.
Building fraud prevention at scale? Zeldent provides the automated reconciliation foundation that makes fraud detection systematic rather than accidental. Daily verification across all locations, pattern detection, and exception alerting that catches problems before they compound. Schedule a demo to see fraud prevention that scales.
