1. Create a policy to stop terminated employees’ computer user access – and make sure responsibilities are clear.
Every dealer should have a policy that immediately stops all terminated employees’ access to the organization’s network. Without such a policy, former employees potentially can access the computer systems to transfer funds, destroy files, plant malware, or pull customers’ and employees’ confidential information. However, even when policies are in place, dealers can’t assume they are being executed. For example, Crowe has observed circumstances where such a policy was in place, but annual testing revealed that the employee responsible for terminating access was unaware of this responsibility. As a result, approximately 20 former employees continued to have access to the dealer’s systems. 
2. Pay attention to off-hours access to systems.
When systems are being accessed late at night, on weekends, or on holidays, this activity might be an indication of mischievous behavior. Dealers should generate reports of off-hour access and follow up with any individuals who are using the system at unusual times.  
3. Establish formal general journal entry policies.
General journal entries are a common vehicle for hiding fraud. To reduce their risk, create formal general journal entry policies to: 
    - Limit general journal entries to corrections, write-offs, and unusual items.  
- Properly document general journal entries on a journal voucher.
- Segregate the preparation, review, and recording of general journal entries among different employees, and limit the number of employees with access to the general journal. 
- Review the general journal monthly to confirm that each entry is supported by a journal voucher and that each journal voucher is accounted for in the general journal. This is important enough that it should be performed and documented by someone who cannot generate journal entries.  
- Limit access to the general journal to only those individuals approved to record general journal entries.  
- Prohibit the recording of corrections and write-offs through nonadjusting journal entry sources such as cash disbursements, cash receipts, or vehicle sales.  
- Regularly review and adjust the list of users with access to the general journal.  
- Generate reports to facilitate review of the general journal. 
4. Don’t assume all finance and insurance chargebacks are accurate.  
The organization should have a policy to verify that the associated contracts are indeed the organization’s and that the amounts charged are properly calculated, particularly for larger amounts.  
5. Monitor repair order discounts.  
Service writers giving customers discounts without proper approval or documentation cuts into dealers’ margins. The organization should have a policy to monitor discounts by generating reports of repair orders (ROs) with discounts from the dealer management systems, selecting a sample, and checking for coupons or manager approval.
6. Examine open ROs regularly. 
Lingering open ROs are another troubling sign. Organizations should establish processes to pull their open RO lists, determine why the ROs remain open, and address any process issues. 
7. Review policy adjustments.  
Policy adjustments can eat into a dealer’s bottom line. Managers should be responsible for making sure policy adjustments are approved, and organizations should have processes in place to select samples of policy adjustments to verify manager approval, determine the reason, and make any necessary changes. 
8. Develop policies for successful warranty claims.
Even if eventually reversed, warranty claim rejections can impede cash flow and require additional administrative time. Though rejections happen, companies should create processes to help mitigate those rejections. Also, organizations should review rejections to determine what went wrong (coding errors, for example) and alter policies accordingly.
9. Document overtime pay.
Overtime compensation adds up quickly, so organizations should have a policy to review any overtime pay for documentation of manager approval and justification. For dealers that have implemented a 37.5-hour workweek, every employee could work an extra 2.5 hours without the dealer incurring any overtime obligations (note that wage and overtime laws vary by state).
10. Look at voided cash receipts.  
Cash receipts are a higher-risk area, and proper segregation of duties in the cashier function, or any function involving cash, is essential. A cashier could receive a cash deposit, for example, void the receipt, and keep the cash. The organization should generate a voided cash receipts list each month to determine the reason for voiding and verify manager approval.
11. Pull samples of purchase orders.  
Purchase orders are basically blank checks if not properly completed. To prevent misappropriation, each purchase order should be completed with a dollar amount and manager approval. Organizations should pull samples to review for completeness and approval and should restrict access to purchase orders.
12. Make a vendor list.  
Dealers should establish an approved vendor list for all purchases and review payments to see if any are being made to unapproved vendors. Unapproved vendors could be fictitious, be in collusion with a fraudster employee, or have uncompetitive pricing.
13. Spot-check as part of parts testing.  
If a dealership uses a perpetual inventory system – and all dealerships should – the quantity in the system should exactly match the quantity on the shelf. The organization should not rely on just an annual physical inventory to confirm quantities. Someone independent of the parts department should conduct periodic spot checks on high-dollar items that can easily disappear, such as sound systems and tire rims.