Fraud Prevention at Scale: DSO Internal Controls

With one location, you might notice something wrong. With fifty locations, fraud can hide for years. The control structure that works at scale is different from what works for a single practice.

The Scale Problem for Fraud Prevention

Single-practice fraud prevention often relies on the owner's presence and attention. The doctor knows the staff, sees the daily activity, and notices when something feels wrong.

That model breaks at scale. DSO executives cannot be present at every location. They cannot know every employee. They cannot see every transaction. Distance creates opportunity for fraud.

DSOs need control structures that work without constant executive presence. They need systems that detect anomalies, deter bad actors, and catch problems before they become crises.

This guide covers how to build fraud prevention that scales.

Common DSO Fraud Schemes

Cash and Payment Theft

The most direct form of theft.

Schemes:

• Skimming cash before recording
• Recording cash as different payment type
• Pocketing cash and adjusting patient balance
• Stealing checks before deposit

Why it works at scale:

• No local oversight
• Cash handled by one person
• Reconciliation not verified
• Trust in long-term employees

Scale of impact: $5,000-$50,000+ per location before detection.

Insurance Payment Diversion

Redirecting insurance payments.

Schemes:

• Changing EFT to personal account
• Forging endorsements on checks
• Posting payment then reversing
• Creating fake insurance payments

Why it works at scale:

• Insurance processes are complex
• Multiple payers obscure patterns
• EFT changes not monitored
• ERA-to-deposit reconciliation weak

Scale of impact: Can be very large, as insurance payments are significant.

Adjustment Abuse

Using adjustments to hide theft.

Schemes:

• Write off balance after stealing payment
• Create adjustment to offset stolen funds
• Manipulate insurance adjustments
• Round down to pocket difference

Why it works at scale:

• Adjustments are routine
• Volume obscures patterns
• Documentation often weak
• Review limited to dollar thresholds

Scale of impact: Difficult to detect and can continue for years.

Vendor and Expense Fraud

Creating fictitious expenses or kickbacks.

Schemes:

• Fake vendors receiving payments
• Kickbacks from real vendors
• Personal expenses as business
• Inflated invoices with rebates

Why it works at scale:

• Purchasing decentralized
• Invoice approval weak
• Vendor setup not controlled
• Expense patterns not analyzed

Scale of impact: Can be substantial, especially in supply-heavy practices.

Payroll Fraud

Manipulating compensation.

Schemes:

• Ghost employees
• Unauthorized overtime
• Unauthorized raises
• Falsified hours

Why it works at scale:

• Location managers control schedules
• Time tracking not verified
• Payroll processed without local knowledge
• Headcount not physically verified

Scale of impact: Ongoing losses until detected.

Control Framework for Scale

Preventive Controls

Stop fraud before it happens.

Segregation of duties:

• Different people handle different parts of transactions
• No one person controls entire process
• Rotation of duties where feasible

Authorization requirements:

• Approval thresholds for transactions
• Dual signatures for large items
• Corporate approval for key changes

Access controls:

• System access limited by role
• Sensitive functions restricted
• Regular access review

At scale implementation:

• Standard role definitions across locations
• Technology-enforced restrictions
• Central control of key functions (EFT changes, vendor setup)

Detective Controls

Identify fraud that occurs.

Reconciliation:

• Daily deposit verification
• Bank-to-PMS matching
• Credit card batch comparison
• Variance investigation

Monitoring:

• Transaction pattern analysis
• Adjustment trending
• Exception reporting
• Benchmark comparison

Auditing:

• Surprise cash counts
• Periodic location audits
• Sample transaction testing
• Control compliance verification

At scale implementation:

• Automated reconciliation
• Centralized monitoring dashboards
• Exception-based attention
• Risk-based audit scheduling

Corrective Controls

Respond appropriately when fraud is found.

Investigation procedures:

• Standard investigation protocol
• Evidence preservation
• Legal/HR involvement
• Documentation requirements

Recovery processes:

• Insurance claims
• Legal action where warranted
• Restitution requirements

System improvements:

• Root cause analysis
• Control enhancements
• Communication of lessons learned

Implementing Controls at Scale

Centralize High-Risk Functions

Move sensitive functions to corporate.

Functions to centralize:

• Bank account changes
• EFT enrollment and changes
• Vendor master file maintenance
• Employee master file maintenance
• Credit card merchant setup

Benefits:

• Separation from location staff
• Specialized expertise
• Consistent processes
• Better oversight

Implementation:

• Clear handoff procedures
• Response time commitments
• Escalation paths
• Documentation requirements

Automate Reconciliation

Replace manual reconciliation with automated systems.

Automated reconciliation provides:

• Daily verification without location involvement
• Independent data sources (bank, PMS)
• Consistent application of rules
• Exception flagging for investigation

Key automations:

• Bank deposit matching
• Credit card batch verification
• Insurance EFT tracking
• Adjustment monitoring

Scale benefit: Same level of verification across all locations without proportional headcount.

Implement Exception-Based Monitoring

Focus attention on anomalies.

Exception categories:

• Reconciliation variances
• Unusual adjustment patterns
• Trend deviations
• Threshold breaches

Alerting:

• Real-time for critical items
• Daily digest for routine exceptions
• Weekly summary for trends
• Aging for unresolved items

Response:

• Clear ownership for each exception type
• Required investigation timeline
• Documentation of resolution
• Escalation for unresolved items

Conduct Risk-Based Auditing

Audit where risk is highest.

Risk factors:

• Time since last audit
• Control weakness indicators
• Financial performance anomalies
• Complaint or tip history
• Manager tenure and stability

Audit frequency:

• High risk locations: Quarterly
• Medium risk: Semi-annually
• Lower risk: Annually
• All locations: Random surprise audits

Audit procedures:

• Cash counts
• Deposit verification
• Adjustment sampling
• Process observation
• Staff interviews

Technology Enablers

Automated Reconciliation Systems

The foundation of scalable fraud detection.

Capabilities:

• Automated data collection from all sources
• Matching algorithms that identify discrepancies
• Exception workflows for investigation
• Audit trails for documentation

Benefits:

• Consistent verification everywhere
• Early detection of variances
• Independent of location staff
• Scales with location count

Analytics and Pattern Detection

Identify fraud through data analysis.

Analytics to implement:

• Adjustment trending by location
• Collection rate deviation detection
• Cash percentage analysis
• Comparison to benchmarks

Pattern detection:

• Unusual sequences of transactions
• Round-number patterns
• Timing anomalies
• Concentration of activity with specific individuals

Access Management Systems

Control who can do what.

Capabilities:

• Role-based access control
• Audit logging of all activity
• Regular access review and certification
• Privileged access management

Tip and Complaint Systems

Enable reporting of concerns.

Components:

• Anonymous hotline option
• Clear reporting procedures
• Non-retaliation policy
• Investigation protocol

At scale: Centralized hotline with standard investigation procedures.

Organizational Elements

Clear Accountability

Define who is responsible for what.

Location level:

• Office manager accountable for compliance
• Clear expectations documented
• Performance includes control compliance
• Consequences for violations

Regional level:

• Regional leaders oversee location controls
• Audit results factor into evaluation
• Escalation for serious issues

Corporate level:

• Control design and monitoring
• Investigation of serious matters
• System and policy ownership

Culture of Control

Build fraud awareness into culture.

Elements:

• Training on fraud risks
• Communication of expectations
• Visible consequence for violations
• Recognition for ethical behavior

Messaging:

• "We verify, not because we distrust, but because verification protects everyone"
• Controls as professional practice, not accusation

Competent Personnel

Staff financial roles appropriately.

At locations:

• Background checks for financial roles
• Training on control procedures
• Clear expectations for behavior

At corporate:

• Professional finance staff
• Audit expertise
• Investigation capability

Responding to Fraud

When Fraud is Suspected

Immediate steps:

1. Preserve evidence
2. Secure access (consider suspending system access)
3. Involve appropriate parties (HR, legal, executive)
4. Document everything

Do not:

• Confront the suspect prematurely
• Discuss with other staff
• Destroy or alter evidence
• Ignore or minimize

Investigation Process

Standard investigation:

1. Assemble investigation team
2. Define scope and timeline
3. Collect and analyze evidence
4. Interview relevant parties
5. Document findings
6. Determine appropriate response

Documentation:

• Investigation memo
• Evidence inventory
• Interview summaries
• Conclusion and basis

After Investigation

If fraud confirmed:

• Employment action as warranted
• Consider legal action
• File insurance claim if applicable
• Improve controls
• Communicate appropriately

If not confirmed:

• Document conclusion
• Address any control weaknesses found
• Monitor going forward

Measuring Control Effectiveness

Control Metrics

Track:

• Reconciliation completion rate
• Exception resolution time
• Audit finding trends
• Fraud losses detected
• Hotline activity

Testing and Validation

Regular testing:

• Control compliance testing
• Penetration testing for access controls
• Audit result trending

Continuous Improvement

Improve based on:

• Fraud trends (internal and industry)
• Audit findings
• Control failures
• New fraud schemes
• Technology advances

Building fraud prevention at scale? Zeldent provides the automated reconciliation foundation that makes fraud detection systematic rather than accidental. Daily verification across all locations, pattern detection, and exception alerting that catches problems before they compound. Schedule a demo to see fraud prevention that scales.