Lack of Internal Controls Creates the Greatest Opportunity for Loss

The median loss due to fraud of businesses with fewer than 100 employees is $200,000 according to a recent report released by the Association of Certified Fraud Examiners (ACFE). Lack of internal controls accounted for 42% of fraud at small businesses.

Frauds that happened most frequently at small businesses, according to the ACFE report, included check and payment tampering, skimming, and payroll. Many small business owners believe their business is immune to fraud – but they are clearly wrong. The two key reasons small businesses have increased risk for fraud are a lack of basic accounting controls and misplaced or assumed trust.

With that in mind, here are some fundamental steps you can use to control your environment and reduce the risk of fraud.

Internal Controls

When someone mentions internal controls, most of us relate it only to fraud prevention. However, the control environment of a company can accomplish far more than that.   A strong, healthy framework of internal controls can provide benefits such as:

• Improving reliability of financial statements
• Promoting efficiency
• Enabling quick reaction to a dynamic competitive environment
• Aligning the company towards achieving its profitability goals
• Keeping the company on track to accomplish its mission

Here are some controls that can be useful for companies of many sizes and industries:

1. Physical Control – Manual and/or systematic controls should be implemented to safeguard both physical assets, such as fixed assets or cash, and intangible/electronic assets, such as bank account numbers or patents.

2. Proper Authorization/Approval – Preferably, systematic controls (e.g. usernames/passwords) should be set up within a company’s software to limit the access of employees to only those areas within the system for which they are responsible. Alternatively, a physical control in which employees are required to sign off on their work could suffice if the former option is not viable.

3. Segregation of Duties – If possible, custody, authorization, recordkeeping, reconciliation, and review functions should be given to different people.  If this proves unfeasible, increased review by an independent employee can help to compensate for a lack of segregated duties (see below).

4. Independent Review – Subsequent to the posting of journal entries, completion of reconciliations, remittance and reception of payments, etc., an employee (preferably a manager/supervisor) should review the related documentation.

Here are some examples of how internal controls can be put in place:

Controls Over Receipts

1. Have two people open the mail, stamp checks for deposit only, and create a list of receipts to be reconciled to deposit slips after deposited.

2. Limit the access to company bank account info/access to only those employees who need such to do their job.

3. Set up usernames and passwords to ensure employees cannot access areas of a company’s software which they are not authorized to access/make changes.

4. Require a sign off on documents after a task has been completed (e.g. creating a list and totaling cash receipts).

5. Different employees should have the ability to add customers, open mail and create list of receipts, make deposits, post journal entries, reconcile GL accounts, and review transactions.

6. Designate an employee (preferably who does not perform other tasks in the process) to review accounts receivable, bank reconciliations, and reconcile deposit slips to receipts list.

Controls Over Disbursements

1.Keep checkbooks locked away and/or systematically limit ability of staff to generate checks, ACHs, wire transfers, etc. to those who handle this part of the process.

2. Create systematic controls that limit employees to their appropriate purchasing level.  Designate only one or two individuals to sign checks.

3. Separate the functions of controlling approved vendor file, initiating purchases, shipping goods, generating checks, and making payments.

4. Designate an employee to review purchase orders, invoices, receiving documentation, etc. before a purchase is paid.

These standard internal controls can be applied to most companies; however, due to varying company sizes and industries, an effective control environment should be tailored specifically for each company.

Price CPAs is prepared to support your efforts to reduce the risk of fraud in your company – and in a variety of other ways. You can explore the variety of services we provide by visiting our website (www.pricecpas.com) or call us at 615-385-0686 to discuss how our services can be of value to you today.

Daniel Widick
Audit Manager