When someone mentions internal controls, most of us immediately think of fraud prevention. However, the control environment of a company (if effective) can accomplish far more than that. A strong, healthy framework of internal controls:
- Improves reliability of financial statements
- Promotes efficiency
- Enables a company to react quickly to a dynamic competitive environment
- Aligns a company towards achieving its profitability goals
- Keeps a company on track to accomplish its mission
Here are some descriptions of several valuable controls that are useful for companies of any size and are applicable in virtually any industry:
- Physical Control – Manual and/or systematic controls should be implemented to safeguard both physical assets, such as fixed assets or cash, and intangible/electronic assets, such as bank account numbers or patents.
- Proper Authorization/Approval – Preferably, systematic controls (e.g. usernames/passwords) should be set up within a company’s software to limit the access of employees to only those areas within the system they are responsible for. Alternatively, a physical control in which employees are required to sign off on their work could suffice if the former option is not viable.
- Segregation of Duties – If possible, custody, authorization, recordkeeping, reconciliation, and review functions should be given to different people. If this proves infeasible, increased review by an independent employee can help to compensate for a lack of segregated duties (see below.)
- Independent Review – Subsequent to the posting of journal entries, completion of reconciliations, remittance and reception of payments, etc., an employee (preferably a manager/supervisor) should review the related documentation.
To help make this even clearer, here are some examples that demonstrate application of internal controls in the interest of both efficiency and protection:
Controls Over Receipts
- Have two people open the mail, stamp checks for deposit only, and create a list of receipts to be reconciled to deposit slips after deposited.Limit the access to company bank account info/access to only those employees who need such to do their job.
- Set up usernames and passwords to ensure employees cannot access areas of a company’s software which they are not authorized to access/make changes.Require a sign off on documents after a task has been completed (e.g. creating a list and totaling cash receipts)
- Different employees should have the ability to add customers, open mail and create list of receipts, make deposits, post journal entries, reconcile GL accounts, and review transactions.
- Designate an employee (preferably who does not perform other tasks in the process) to review accounts receivable, bank reconciliations, and reconcile deposit slips to receipts list.
Controls Over Disbursements
- Keep checkbooks locked away and/or systematically limit ability of staff to generate checks, ACHs, wire transfers, etc. to those who handle this part of the process.
- Create systematic controls that limit employees to their appropriate purchasing level.Designate only one or two individuals to sign checks.
- Separate the functions of controlling approved vendor file, initiating purchases, shipping goods, generating checks, and making payments.
- Designate an employee to review purchase orders, invoices, receiving documentation, etc. before a purchase is paid for.
These basic internal controls can be applied to most companies; however, due to varying company sizes and industries, an effective control environment should be tailored specifically for each company. Please contact us to find out more about how to enhance your control environment or any other financial concern you have.