Checklist of Internal Controls

doren.com

The typical organization loses an estimated 5 percent of annual revenue to fraudsters, according to a recent report prepared by the Association of Certified Fraud Examiners (ACFE). Occupational fraud can be broken down into three categories:

• Asset Misappropriation
• Corruption
• Financial Statement Fraud

To combat such activity, here is a checklist of the most common controls applied by small to medium-sized businesses:

Physical Assets

• Use physical security protection measures such as locks on premises, the use of security cameras and retaining a security service
• Keep smaller valuables in a safe
• Lock small but valuable items to desks
• Provide access codes to employees on a need-to-know basis
• Maintain an asset register with all relevant details of each asset  Perform a regular asset-register audit
• Take out appropriate insurance coverage
• Review insurance coverage details regularly

IT Systems & Data Security

• Use passwords to limit access to business records
• Change computer passwords regularly
• Install firewalls, anti-virus software and other protective devices on computers
• Develop written policy guidelines on personal use of IT equipment

Financial Data Integrity

• Use sequentially numbered business forms (checks, orders, invoices, etc.) to provide an audit trail
• Perform reconciliation of accounts regularly
• Develop automated controls such as valid date ranges or dollar-value limits
• Implement budget and cash-flow projection reports and a regular comparison of budgeted against actual figures and investigate any significant discrepancies
• Segregate the duties involved in financial transactions such as ordering, recording and paying for purchases
• Institute supervisor-level review of financial records
• Build in validation checks to processes, for instance, checking invoice totals against the individual items on the invoice to ensure accuracy
• Carry out exception routines such as spot checks or reviews
• Develop a hierarchy of spending-level approval authority
• Rotate duties involved in financial transactions and recording, i.e., petty cash and receipting
• Keep sufficient financial record details to provide useful management information, i.e., double entry bookkeeping
• Keep books and records up to date and balanced
• Ensure employees with financial functions take their annual vacations
• Develop a records-retention schedule

Separation of Duties

• Small and medium-sized business or those experiencing a reduction in staff may feel they don’t have the resources to achieve the separation of duties necessary to help prevent internal theft, but procedures can be developed to help companies of any size protect themselves.

Competent & Ethical Employees

• Develop a competency-based hiring policy
• Before you hire a new employee, perform a background check and require references
• Ensure new employees are adequately trained in routines and procedures
• Provide adequate employee supervision
• Implement a performance management system
• Provide clear job description and role responsibility documentation for employees
• Develop lines of communication with employees, i.e., suggestion boxes, team meetings, etc.
• Bond employees who deal with sensitive information
• Provide employees with a copy of the internal control system policy, explaining its value to the business and the consequences of non-compliance
• Institute a confidentiality guaranteed employee feedback mechanism

Fraud Facts

The ACFE’s most recent survey revealed:

• Only 7% of those who commit fraud were previously convicted of such an offense
• Behavioral red flags include an employee living beyond his or her means (43% of victims surveyed) or experiencing financial difficulties (36%)
• More than 80% of frauds occur in one of six departments: accounting, operations, sales, executive management, customer service, purchasing
• Executive-level frauds often take longer to detect

Payroll

• Maintain security over payroll system passwords and change them regularly
• Review bank account deposits to ensure that each pay goes to a different bank account
• Separate payroll preparation, disbursement and distribution duties
• Check payroll-budgeted figure against payroll-actual figure and investigate variations
• Maintain accurate employee attendance records
• Reconcile salespersons’ commission records with their records of sales
• Maintain complete and accurate payroll records for holiday and sick-leave entitlements and leave used
• Use direct bank deposits for pays
• Ensure that more than one person can process the payroll
• Separate the duties of personnel records management and payroll
• Develop and document a policy on allowable payroll deductions and who can authorize them
• Maintain security over attendance-recording systems
• Periodically review the payroll register against actual employees

Sales

• Develop and document a pricing and discounting policy, including authorization to vary rules
• Check sales figures against their individual source, such as invoices
• If salespeople work on commission, ensure that their sales figures are valid
• Don’t pay commissions to salespeople until monies are received
• Reconcile sales register records with cash takings and credit card receipts
• Dispatch goods COD or with a copy of the invoice
• Require evidence of delivery
• Record orders on pre-numbered forms
• Compare sales invoices to shipping documents before dispatching
• Record sales invoices promptly
• Have customer complaints handled independently of the sales department

Accounts Receivable

• Develop and document a credit approval/balance limit policy; include information on who must authorize new applications
• Conduct credit checks on new credit customers
• Review credit balances on a regular basis
• Develop an aged accounts procedure that includes regular reporting and follow-up
• Prepare trial balance of individual accounts receivable regularly
• Reconcile trial balances with general ledger control accounts
• Use numerical or batch processing controls over billing
• Record credit purchases as soon as the transaction occurs
• Keep the duties involved in accounts receivable separate from cash receipting
• Ensure mailing of accounts cannot be tampered with and separate mailing duties from statement preparation duties
• Cross check early payment discounts and penalties on overdue accounts
• Have transactions such as non-cash credits and write-off of bad debts cross checked

Accounts Payable

• Develop and document a purchasing and accounts payable procedure, including authorization levels and any price comparison requirements prior to purchase
• Pay on original invoices only to avoid duplicate payment
• Mark paid invoices to prevent resubmission or double payment
• Set payment amount authorization permissions
• Separate the duties of supplier refund checks due from invoicing
• Check invoices from suspect sources e.g. businesses with only a post office box address
• Separate the duties of approving new suppliers from responsibility for payment of invoices
• Check the record of supplier billing each month and investigate any suspicious activity, i.e., increasing purchases from one vendor
• Carry out random checks of the invoices of individual suppliers
• Investigate invoices for poorly defined services, e.g. “listing the business in a directory”
• Develop a process that brings together the purchasing order and receiving reports, along with the check for payment, for review before signature
• Develop a procedure that ensures direct shipments to customers are properly billed to them.

Receipt of Goods

• qInspect goods for condition at time of receipt
• Check goods against order before approving payment
• Use pre-numbered receiving dockets
• Promptly pass invoices to accounts payable for payment
• Document a procedure for dealing with partial receipt and claims for damaged goods

Handling Cash & Checks

• Keep checkbooks in secure storage
• Use pre-numbered checks
• Endorse checks “for deposit only”
• Enter check details in a way to prevent easy alteration
• Maintain a check register and review checks against it regularly, but at varying (unpredictable) intervals
• Mutilate voided checks before disposing of them
• Use a cash register to keep a record of cash sales
• Balance cash daily or more regularly according to the amount of cash handled
• Balance cash at the end of each shift where another employee is taking over transactions
• Post cash receipts to appropriate journals promptly
• Deposit cash receipts regularly to minimize the amount on hand
• Reconcile bank accounts monthly and give check-related duties to separate employees, i.e., reconciliation, check authorization, mail opening, writing deposit slips, banking
• Separate duties for cash disbursement and purchases from the approval process
• Conduct audits on a varying (unpredictable) schedule and do not warn employees of the date
• Impose a limit on the amount of petty cash held and the money value limit of petty cash purchases
• Require that petty cash reimbursement requests be for pre-approved purchases only and supported by approved types of documentation
• Keep petty cash in a secure repository
• Require a second signatory for petty cash disbursement
• Periodically have petty cash audited by a person separate from the person who pays it out

The controls covered here apply to the processes most businesses have in common – protecting physical assets, handling cash, etc. Naturally, each business will also have its own industry-specific processes and regulations that it needs to comply with, and each of these will need controls to address those areas as well.

Doeren Mayhew can help develop and implement controls for your business, or perform an audit of your existing controls to identify areas of risk.

Source: RAN ONE