Achilles Restaurant Santa Clara

Fraud Investigation Report

AJ Collishaw, Kyla Inouye, Max Kroeger, Nick York

ACTG 150

Professor Ushman

May 23, 2019

Executive Summary

The fraud investigation began after an assignment from Professor Ushman. Achilles was

an immediate target for us as we knew they were a small business with great customer service

and owners who were very personable. We approached D, one of two co-owners, about

working with Achilles, to which he immediately accepted. After initial research on fraud within

the restaurant industry, we sat down with D on May 16th, 2019, and discussed the internal

controls in place at Achilles.

After gaining a basic understanding of the internal controls at Achilles, we met as a

group and discussed what they do well, as well as suggestions for areas of improvement. It was

obvious to us that D and Elias, the other co-owner, have a very good understanding of sound

business practices, and it shows in their internal controls.

Based on our investigation, we found their controls surrounding cash, inventory

management, revenue collections, and payroll are more than sufficient. With either D or Elias

almost always at the restaurant, it makes these controls much easier to manage, yet they still

make a concerted effort to maintain them. For the time being, almost everything they need is in

place.

However, with the goal of expansion in mind, we believe it is important to maintain

their strong controls, so we have provided several suggestions on how to do so: consider

Goodhire as an option for background checks, encourage direct deposit for employees as well

as create a positive payment match system with the bank so checks are not cleared to a fake

employee, create a code of conduct for new employees to sign, and reduce the responsibility of

the bookkeeper and have D or Elias review bank recs monthly.

1
Investigation Process

Our group selected Achilles restaurant as the organization to complete our fraud

investigation. Achilles is a quick service restaurant located in Santa Clara that serves

Mediterranean fare, with a menu offering customers delicious options such as gyros,

shawarma, and falafel. Achilles’ philosophy is to offer customers “the freshest and highest

quality ingredients, generous portions, and great tasting Mediterranean meals at affordable

great value.”1 Similar to national chain restaurants such as Chipotle and Panda Express, Achilles

offers quick-service dining. Unlike at a sit-down restaurant, servers do not collect a customer’s

payment from their table at the end of the meal and charge their bill at a computer in the back

of the restaurant. Instead, customers order, receive, and pay for their food at the counter.

In addition to being a popular spot to eat amongst our group members, Achilles was also

recognized as the ninth-best restaurant on Yelp’s “Top 100 Places to Eat in the US for 2019,”

bringing the small and relatively new business an influx of customers and positive online

reviews.2 An increase in business due to the positive press has been greatly beneficial for the

owners of Achilles, who are considering expanding their restaurant. However, as discussed later

in the “Potential Problems” and “Suggestions” sections, this may also present new

opportunities for fraud to occur as the business grows. Furthermore, according to the National

Restaurant Association, independent restaurants lose up to 5% of sales per year due to fraud

and theft, “most of which is committed by employees.”3 Because of this, we knew the potential

for fraudulent activities existed at Achilles.

1
Achilles Restaurant
2
Brenae Leary, Yelp
3
restaurantowner.com

2
 Achilles is run by a pair of co-owners: Diaa Altali, who goes by “D” and whom our group

interviewed on-site, and his partner Elias Stanon. Known by frequent and first-time customers

alike for his friendly demeanor, D spends much of his time at the restaurant and is the owner

primarily responsible for the day-to-day operations of the business. Before our group’s

scheduled interview with D on May 16th, we began the investigation process by conducting

research on the nature of small businesses and non-chain restaurants so we could better

understand Achilles’ operating environment and potential threats facing the business with

respect to fraud. We used our research to draft informed interview questions. Our research is

described below, followed by the findings from our interview with D.

Research

We began our research by investigating some of the basic internal controls that are

strongly recommended for restaurants by the public accounting firm BDO. According to BDO,

there are six categories of internal controls that are essential for restaurants to place in

operation to “help prevent and identify high-risk behaviors.”4 The first of these categories is

cash, which BDO advises: “restaurants should reconcile their daily deposit reports and compare

these reports to both what is deposited in the bank and reports from the point of sale. They

should also perform monthly bank reconciliations timely and without fail, and the person

preparing bank reconciliations should not be the individual making deposits in the bank.”5 As a

small business that commonly receives cash as a form of payment, we determined these

4
Giselle El Biri, BDO
5
El Biri

3
concerns to be extremely relevant to our investigation of Achilles, and prepared a list of

cash-related questions to ask in our interview.

The second category of internal controls that BDO advises be put in place is payroll.

Many payroll fraud schemes involve the creation of fictitious employees. Because Achilles only

has 8 employees, not including the owners, the creation of new fictitious employees by

someone within the organization is unlikely. However, we determined it is still important for

Achilles’ owners to monitor payroll records to ensure that all employees are clocking in and out

on the payroll register in accordance with their actual hours worked.

The third category of internal controls for a restaurant is software rights. BDO

encourages management to “consider an annual review of each individual’s [software] access

rights to ensure that their rights continue to fit their job responsibilities.”6 We determined it

was important to discover the various types of software used by Achilles, and each employee’s

access to that software. The fourth category of relevant internal controls concerns accounts

payable. From our research we learned that “employees in the accounts payable function can

set up new vendors, enter invoices and produce checks—and by extension, create fictitious

vendors and misappropriate cash. Responsibilities should be divided among multiple

employees wherever possible to reduce this risk.”7 Because Achilles is a small, independent

restaurant, we did not deem it likely that employees would be able to set up fictitious vendor

accounts without the owners’ knowledge. Nonetheless, we wanted to address this concern

with D in our interview, to ensure proper oversight into Achilles’ accounts payable.

6
El Biri
7
El Biri

4
 BDO’s fifth internal control category for restaurants is financial statements review. This

review includes reconciling all accounts to the general ledger, “documenting and signing off on

all manual journal entry reviews,” and implementing a balance sheet log that “assigns

responsibility for updates to one employee and reviewing entries to another.”8 From this, we

wanted to ensure we communicated to D the importance of reconciling accounts and

separating duties between employees who update and review entries. The sixth and final

category is store monitoring. BDO advises the store manager to review store invoices for

reasonableness, examine daily sales reports, ensure completeness and accuracy of inventory,

and observe store performance.9 Because these internal controls are essential to effective

operation of a restaurant and elimination of fraud, we wrote questions related to these

controls in preparation for our interview.

In addition to information gathered from BDO, our group discovered a checklist

designed for restaurants to evaluate the existence and effectiveness of their internal controls.10

We used the “items” on the checklist to formulate questions to ask D. After our interview, we

completed the checklist by checking “yes” or “no” for each of the items and making any

applicable comments. The completed checklist is included as Appendix 1. With our research

complete, we had formulated effective questions and were prepared to interview D about the

processes and internal controls in use at Achilles.

8
El Biri
9
El Biri
10
restaurantowner.com

5
Interview

Our interview with D took place at Achilles on May 16th at 9pm, just after the

restaurant closed for the evening. With our list of prepared questions, we interviewed D

regarding his business. D explained that either he or his partner Elias usually comes in early

around 8:00 am and opens the restaurant at 11:00 am Tuesday through Sunday. One of them

comes in at 8:00 am because they need someone to sign off on the meats and vegetables that

are delivered. They cross check their order with what has physically been delivered. If anything

is missing or damaged, their vendor, a startup called Cheetah, will give them credit for their

next order. At noon, the co-owner who has the morning off comes in and runs the restaurant

until it closes at 9:00 pm. On rare occasion, the restaurant’s supervisor will close the store

instead. Whoever is in charge at this time has the responsibility of reconciling cash in the

register with what appears in the daily sales report.

D and Elias employ 8 people at Achilles: a supervisor, team lead, and at least one line

server are present during business hours. Currently, Achilles cannot afford to hire a manager or

assistant manager. While D is close with his employees and has not had problems with them

stealing in the past, he did not conduct any background checks upon hiring, and employees

found the job listing from D’s post on Craigslist. Employees are paid hourly wages plus cash tips,

and D informed us that his employees have sick days but are not awarded vacation time.

Finally, D admitted to us that he has no formal code of conduct that he makes employees sign

and agree to upon being hired.

Achilles currently uses Homebase Software to clock in and out every day. All employees

must clock in to the system before working. If an employee tries to clock in before he or she is

6
scheduled to work, the system prevents them from doing so and alerts D via text. Only D and

Elias have access to Homebase and Square, their point of service (POS) software. If a customer

were to walk in the restaurant, he would notice that there is a co-owner always behind the

counter managing the cash register and POS. After the customer has gone through the cafeteria

setup, much like Chipotle is designed, he will pay either with cash or credit card. D and Elias are

the only ones to manage these transactions. Only in special situations will the team supervisor

step up as cashier. D made it very clear that he, Elias, and the supervisor are the only team

members who know the login information to access the cash register.

What Achilles does well

As a small business, it is extremely important to create an atmosphere where people

enjoy coming to work, and Achilles has done a great job of that. D says that his employees “feel

like family,” which instills the belief in everybody to do what is best for the business. However,

according to the ACFE, one of two reasons small businesses have a higher risk of fraud is

“misplaced or assumed trust.”11 With this in mind, it is a very good control for Achilles to have

five security cameras behind the counter, watching the cash register as well as employee

activity. Employees are much less likely to steal from the company when they know they are

being watched. According to Supreme Security Systems, “the presence of cameras

automatically deters criminal activity amongst employees because of the threat of being

caught. When cameras are present, one begins to think about the consequences of his or her

actions more.”12 The cameras act as a deterrent to any theft an employee may have thought

11
Signature Analytics
12
Supreme Security Systems

7
about commiting, and with D or Elias almost always at the restaurant, it provides them with a

second source of eyes should anything go wrong.

A second thing Achilles does well is the controls when it comes to cash. In order to open

the cash register, after registering a sale the employee must push a button which is tracked via

an online system. This system tracks every time the cash register drawer is open, and also

prevents the drawer from being opened unless there is a key or a registered sale. At the end of

almost every day, D or Elias reconciles the number of times the register is opened with the

number of sales as well as the total cash amount. This is a very good control since any sort of

cash theft will be noticed during the reconciliation process; and since D and Elias are the

owners, they are the people that should be doing this job, which is the case. They are the only

two people who have access to the cash drawer, and at the end of every night they make sure

no cash is left. Because “one of the most common causes of shrinkage or loss in your store is

through the mishandling of cash,”13 this is an extremely important control to maintain. The

control of emptying the register at the end of the night has already saved them money: a

couple months ago, somebody broke the front window in the middle of the night only to find

out the register was empty. This could have been a big loss, but because of the controls

surrounding cash, they were able to minimize their losses to the cost of a broken window.

To go along with their good cash controls, Achilles uses a very reliable and trusted POS

system in Square, “an easy-to-use credit card processing system and the most feature-rich free

Point of Sale (POS) system on the market today.”14 By using Square, Achilles can accurately

predict their expenses when it comes to credit card transactions because they use a flat rate

13
Hudson, Matthew
14
Sallows, Mark

8
per transaction. Without monthly subscription fees, it is the best low cost system on the market

that is trusted by all users.

Another area that is vulnerable in many companies is the use of a corporate credit card.

Employees can abuse their privilege and begin to charge personal expenses to the card.

However, the only two people at Achilles who possess the corporate cards are D and Elias, the

only two people who should have the card for the time being. Similarly, they are the only ones

with the ability to make purchases. Achilles uses a vendor called Cheetah for all their food

purchases.

Cheetah is an application downloaded onto any smartphone where restaurants can

place an order by midnight, and get it delivered the next day.15 Using this vendor has proved

very successful for Achilles, as it not only saves them money and time, but reduces risk when

they order inventory as D and Elias are the only two people who can purchase through the app.

They are also the only two people who receive inventory, and after receipt they look through to

ensure everything ordered is there. In the rare instances an order has not been correct,

Cheetah has proved very easy to work with and credited their account. By having one reliable

vendor, Achilles has eliminated a large risk that can come with purchasing inventory; but should

something happen and they can no longer order from Cheetah, they know several other

vendors than can supply their needs, virtually negating any risk that comes from using one

vendor.

Achilles also handles their payroll in a very effective manner. They use Homebase, an

employee scheduling software that greatly reduces the risk of any sort of payroll fraud. The

15
Cheetah

9
employees, besides logging in and out, have zero access to the system, which sends the hours

to the outside accountant, who prepares and sends the checks. By having a system where the

employees have no access, it reduces all risk of employees changing the books.

Besides the restaurant, Achilles also provides catering services. To ensure they collect

payment from their catering business, the client must pay 24 hours in advance. This mitigates

all risk surrounding the collection of payment from the customer.

For a new small business, Achilles has very strong internal controls. If you refer to

Appendix 1, you can see they meet the majority of controls recommended for restaurants. It is

obvious D and Elias care deeply about their restaurant as well as their employees, and they

have found a way to create an atmosphere of trust and family while maintaining sound

business practices.

Potential Problems

Elias and D’s effort and care have allowed Achilles to become an incredibly successful

restaurant. Although we were very impressed by Achilles’ current procedures, we still found

some areas for improvement. As a group, we discussed several problems that may exist based

on our research and class teachings. We categorized these problems into five main topics:

hiring, employment, bookkeeping, management power, and plans for growth.

One of the first questions we asked during the interview had to do with Achilles’ hiring

process. As we mentioned earlier, Achilles only has eight employees, so making sure these

employees are well-qualified and have a strong work ethic remains vital for the continuing

success of the restaurant. D revealed that he finds most of his employees through Craigslist or

10
putting fliers up on his restaurant windows. In many cases, this leads to few or no candidates,

which shows that this might not be the most effective way to find potential applicants.

The other problem we noticed with the hiring process related to background checks.

According to the ACFE’s 2018 ​Report to the Nations,​ one out of every ten fraudsters could have

been revealed solely by performing background checks.16 Based on what we learned from

various case studies of fraud, fraudsters often have a history of fraud or other negative work

experiences that indicate they are a bad choice for the position. D stated that he does not

perform background checks on potential employees due to cost. D is not alone. Only around

52% of companies perform background checks, but those background checks could potentially

prevent companies from experiencing fraud and dealing with the approximate median fraud

loss of $350,000.17

Nevertheless, Achilles’ current employees still play a huge role in the company and

seem to be trusted by both Elias and D. However, for preventive measures, we believe that

addressing some of the missing areas within the company may be helpful. Financial/accounting

item number three in Appendix 1 shows the importance of the owners handing out the

paychecks to employees. D stated that he sometimes sends employees checks by mail and has

not set up direct deposits for any of his employees. Sending the employees checks by mail

makes it easier for the information contained on the checks to be seen, such as signatures,

addresses, and the bank account number, and creates the possibility of the checks getting

intercepted during the mailing process.

16
Gaul, Michael
17
Gaul, Michael

11
 We also learned that Achilles does not have a code of conduct for their employees. A

code of conduct helps an employee understand the values and mission of the organization and

acts as “a central guide and reference for employees.”18 A company’s code of conduct allows

employees to know what is expected of them and mitigates risk for the company since it shows

the company did their best to reduce financial risks and ethical misconduct.19

Another potential problem for Achilles has to do with the segregation of duties for the

bookkeeper. The bookkeeper’s job consists of signing checks, distributing payments, and

reconciling the bank statements. The bookkeeper currently has the power and ability to

authorize and handle checks, with minimal supervision. These tasks that the bookkeeper must

perform do not allow for the proper segregation of duties. There are three activities that must

be done by separate people in order to allow for proper segregation of duties: authorization of

transaction, recordkeeping, and custody of assets. When executed correctly, these activities are

done by different people in order to prevent anyone from having too much control in an

operation. In addition, the bookkeeper is in charge of the bank reconciliation, which normally

acts as a control. Bank reconciliations allow for a comparison of the bank’s records to the

company’s financial records in order to detect theft or accounting errors. Giving the

bookkeeper, who already is in charge of the authorization and custody of checks, the ability to

also check their work and compare the records to the bank statements prevents the internal

control of bank reconciliations from being effective. We realize that Achilles is a small company,

but the bookkeeper is taking on three activities, custody, authorization, and bank

reconciliations, that are usually meant to be separate duties.

18
Ethics & Compliance Initiative
19
Ethics & Compliance Initiative

12
 Along with the bookkeeper, the co-owners themselves, Elias and D, also seem to have a

lot of responsibilities when it comes to running Achilles. Among other things, Elias and D are in

charge of controlling the cash register, reconciling the cash, monitoring the surveillance videos,

and are two of the three people that can open and close the store. The checklist from Appendix

1 shows that many of the non-existent internal controls such as surprise cash counts and

mystery shoppers are due to the fact that Elias and D are responsible for the cash and the cash

register. Although this is usually a good thing that Elias and D are taking responsibility for the

company’s revenue and handling cash themselves, it can also pose problems. Since both Elias

and D have such a high position in the company and the entire workforce has a strong

relationship and sense of trust, Elias and D’s work regarding cash and the cash reconciliation

are less likely to be checked for accounting errors. We believe a potential problem with Elias

and D’s control over cash could be the existence of material misstatements due to accounting

error and nobody, including Elias and D, checking the other co-owners’ work.

Furthermore, due to the important responsibilities of both Elias and D, the following

was a question that needed to be asked: What happens if both of the co-owners are sick or are

unable to go to work? In response to this question D said, “When you open your business you

don’t think about this.” Since D and Elias are in charge of vital everyday procedures like

operating the cash register and controlling the financial aspects of the closing of the store, it

has become absolutely necessary for one of them to be at the restaurant for most of the time

that Achilles remains open. The worry is that, should something happen that prevents both

Elias and D from going to work, do they have a plan? And who will access and work at the cash

register in their absence?

13
 This idea of Elias and D having too much responsibilities becomes especially important

should they choose to expand Achilles. The expansion of the company would only heighten

some of the problems already mentioned. Having no managers is not an area of concern for

Achilles due to the size of the company and the small number of workers. This might change

since Elias and D would most likely need help with managing all of the employees and the larger

scale of operations. Elias and D would have an even more difficult time handling all of their

responsibilities since expanding the company alone would take up a lot of their time and effort.

They would have to consider how to maintain the bigger company and new internal controls to

implement. All of this being said, expanding Achilles might be a good idea due to the current

success of the company, but the uncertainty of what must be done for the expansion causes a

lot of potential problems to arise.

Suggestions

As mentioned in the previous section, background checks are a great deterrent for

preventing potential fraud from the time an employee is hired. Achilles does not do this for

their employees. D brought up the same reason most small businesses avoid background

checks altogether: they are too costly. While some may argue that background checks can be

done for free, on the company’s own accord, they may not “comply with regulations”20 and can

get a business into trouble. Inc., a small business magazine, does an annual review of

companies that provide the best background check services at the most affordable cost. In

20
​Kolditz, Kaylee

14
2018, Goodhire got the magazine’s seal of approval as the best background service for a small

business. Inc. wrote the following:

GoodHire gets our vote for Best Background Check Service for Small Business 2018. Accredited by BBB with an A+
rating, FCRA compliant and NAPBS accredited, GoodHire offers three packages as well as add-on report options; all
of which fall within the price ranges of competitors. Their website is easy to navigate and understand. This is
particularly helpful to those who are new to background screenings.

GoodHire’s simplest package, which confirms an employee’s SSN and searches for his or her

name on a criminal and sex offender database, is $29/check. While this may seem like a lot, it is

relatively inexpensive when compared to other companies offering similar services. Even if the

background check is not used for employees who will work in the kitchen or on the service line,

it will become a necessity when the company expands. D and Elias eventually need to hire a

manager once another one of their restaurants opens up. When the time comes, they will have

to hire someone who can pass more than just an eye test, considering the responsibilities and

assets that will have to be managed.

While check fraud seems like a thing of the past, it still poses as a potential issue in any

environment where they are still used. There are a few ways to mitigate this threat. Firstly,

Achilles can set up direct deposit as a method of employee compensation. By doing this, money

from Achilles goes straight into an employee account. If used, Achilles will also want to

encourage their current employees to switch over from their check payment method.21 An easy

way to incentivize this is by reminding workers that doing so puts money in their account a few

days earlier than check. At the end of the day, there is only one reason needed to justify direct

deposit as a payment method: checks can be manipulated and forged much more easily than an

electronic cash transfer. In the meantime, while the restaurant still distributes physical checks,

21
​“7 Steps”

15
it is important that Achilles sets up a positive payment match system with their bank.

Essentially, this tool provides their bank with a list of people who are authorized to receive

payment from Achilles. If a check is given to the company and the recipient’s name and account

information do not match, then D, Elias, and the bookkeeper are all notified and the check is

bounced. Finally, all checks should be distributed in person rather than through the mail. The

main point of this is to cut out the middleman -- to ensure D and Elias that no one else has

access to the check but their employee. On top of that, D mentioned how the bookkeeper is the

one who writes the checks. Instead of dropping them off, she mails them to Achilles. Again, a

simple way to mitigate the risk of a fraudster manipulating a check through the mail is by

having D or Elias pick them up from the bookkeeper.

Segregation of duties is a popular term when discussing fraud, and should be

implemented at all stages of the company. While every Fortune 500 company is conscious of

duty segregation and its implication, it is often an afterthought among small businesses. This is

the biggest area that Achilles can improve upon, specifically with the amount of trust and

power they place in their bookkeeper. Charles Hall, a CPA and certified fraud examiner for over

30 years writes, “If your bookkeeper prints your checks, then she can write checks to herself,

can she not?” Even a business owner, who “may be thinking, ‘but I’m the only authorized check

signer,’” cannot stop their bookkeeper from forging a signature22. This becomes a problem too

if “she alone reconciles the bank statement” because “she may be the only person that sees

cleared checks.” Thankfully there is a simple, preventative measure that Achilles can implement

this month if it wanted to. Instead of having the monthly bank statement sent directly to the

22
Hall, Charles

16
bookkeeper, D should request that it be sent to the restaurant or his home. It may seem

tedious, but, by doing this only once a month, D can confirm that there are no hidden checks

being sent off to an unknown account. After he has confirmed the statement, he can then bring

it to the bookkeeper.

Finally, D and Elias should consider having their employees sign a code of conduct. A

strong code of conduct shows what a company and its owners believe in. Having employees

sign it conveys not only that the company leaders believe in it, but they are also serious about

it. A small business whose owners and managers place heavy emphasis on their code of

conduct will most likely get their employees to follow suit. Not only that, but having certain

fireable actions in writing could prevent a potential lawsuit down the line from a former,

disgruntled employee.

17
 Appendix
1- Restaurant Internal Controls Checklist

18
 Works Cited

“Achilles Restaurant.” ​ACHILLES Restaurant​, 2019, ​www.achillesrestaurant.com/about-us​.

Cheetah. 2019, ​https://www.gocheetah.com/
El Biri, Giselle. “Internal Controls for Restaurants.” ​BDO​, BDO, 10 Sept. 2015,
www.bdo.com/blogs/restaurants/september-2015/internal-controls-for-restaurants​.
Ethics & Compliance Initiative. “Why Have a Code of Conduct - Free Ethics & Compliance
Toolkit.” ​Ethics & Compliance Initiative​,
www.ethics.org/resources/free-toolkit/code-of-conduct/​.
Gaul, Michael. “Do Background Checks Actually Stop Fraud?” ​Proforma Screening Solutions,​ 16
July 2018,
www.proformascreening.com/blog/2018/07/17/background-checks-stop-fraud/​.
Hall, Charles. “The Dangers of a Trusted Bookkeeper.” CPA Hall Talk, 30 May 2018,
cpahalltalk.com/danger-trusted-bookkeeper/
Hudon, Matthew, “Balancing the Cash Drawer,” ​Small Businesses, 21 J​ an, 2019,
https://www.thebalancesmb.com/balancing-a-cash-register-2890536
Leary, Brenae. “Yelp's Top 100 Places to Eat in the U.S. 2019.” ​Yelp​, 8 Jan. 2019,
https://blog.yelp.com/2019/01/yelps-top-100-places-to-eat-in-the-u-s-2019​.
“Restaurant Internal Control Checklist.” ​Restaurant Business Plans, Systems, Checklists &
Training, POS, Startup Tools & Resources,​ 5 Mar. 2009,
www.restaurantowner.com/public/DOWNLOAD-Restaurant-Internal-Control-Checklist.c
fm​.
Sallows, Mark, “What is Square? Why Small Businesses Love It.” ​Fit Small Business,​ 22 April,
2017, ​https://fitsmallbusiness.com/what-is-square/
Signature Analytics, “Employee fraud is more common in small businesses – Are you
protected?” 2019,
https://signatureanalytics.com/employee-fraud-common-small-businesses-protected/
Supreme Security Systems, “5 Ways Security Cameras Prevent & Stop Employee Theft”, 2018,
https://supremealarm.com/5-ways-security-cameras-prevent-stop-employee-theft/
Kolditz, Kaylee. “Best Background Check Service for Small Business - 2019.” Inc.com, Inc., 22
Aug. 2018,
www.inc.com/operations/best-background-check-service-for-small-business.html.
“7 Steps to Preventing Payroll Fraud.” NFIB, 22 Jan. 2018,
www.nfib.com/content/resources/alabama/7-steps-to-preventing-payroll-fraud-57312/
.

19
20