Protect Your Company Through Internal Controls
The most important tool in the effort to improve efficiency, prevent fraud, and protect company reputation is an appropriately structured accounting department that is consistently applying strong internal controls. The accounting department is responsible for not only managing the company’s general finances, but also for paying any outgoing bills, including payroll and essential costs. They also control company assets, including inventory, and ensure the reliability of any external financial reports.
In particular, a system of internal control, also known as operational control, is imperative to the prevention of fraud and assurance of corporate financial security. Through such a system, your company may implement a number of safeguards against theft, fraud, or error, as well as detect any cases that may arise. Such a system is also ultimately a key component in the development of an efficient, successful accounting department.
What are Internal Controls?
Internal control is a process of checks and balances and is a feature of the company’s structure, flows of communication, and task allocation, which ultimately serves to help the organization accomplish specific goals and objectives, namely increased efficiency and the prevention of fraud or error in the management of company finances. Internal control was a major element of the Foreign Corrupt Practices Act (FCPA) of 1977 and the Sarbanes-Oxley Act of 2002, both of which required significant improvements in the level of internal control found in U.S. public corporations.
Through internal control structures, the organization will monitor the flow of resources and manage the allocation of accounting procedures so as to best protect the company’s resources. This generally consists of a number of important processes. Among these are risk assessment, information and communication monitoring, and control of environmental factors. However, the most notable component is typically the segregation of duties within the accounting department, which ensures that no one employee is completely responsible for the management of company assets.
An effective, internal control system can provide assurances in regards to the reliability of financial reporting. Such a structure can also help ensure the overall effectiveness and efficiency of company operations, as well as general compliance with applicable rules, laws, and regulations.
Preventive Controls and Detective Controls
An internal control system typically consists of a network of both preventive and detective controls. Both components are equally important and, together, they help ensure quality and the prevention of loss or fraud.
Preventive controls, as the name would suggest, operate in a proactive capacity to deter or prevent undesirable activities. Such controls might include the segregation of accounting duties, regulations requiring proper authorization or documentation, and physical control over company assets.
On the other hand, detective controls act as enforcement, to identify existing undesirable activities. Such controls exist primarily to prove if such an event has taken place, as well as simply to test whether the preventive controls are being effective. Detective controls generally include reviews, analyses, audits, and other investigative procedures. Also considered a detective control would be any kind of physical inventory of company assets. Through such procedures, it is possible to ascertain if any mistakes or fraudulent activities have taken place; this not only identifies current issues, but also deters such undesirable acts through the threat of discovery.
Segregation of Duties
Perhaps the most important form of internal control is the appropriate segregation of duties within the accounting department. This means that all tasks dealing directly with the management of assets are distributed among a number of employees.
As a general rule, no one employee should ever be responsible for initiating, approving, and recording transactions. A number of employees should also be assigned to reconciliation of company balances, handling of assets, and reviews of reports. These tasks should be allocated to a minimum of two employees, though more is ideal.
Segregation of duties is absolutely critical to the effective implementation of internal controls by significantly reducing the risk of both fraudulent and erroneous activities. Such organization is an important deterrent to fraud; by allocating tasks among a number of employees, this plan ensures that any fraud would require collusion with a number of individuals, thereby significantly reducing the chances. In addition, segregation of duties makes it more likely that any mistakes or fraudulent actions would be discovered quickly and efficiently. Through such measures, companies can improve their reputation and the reliability of their financial reporting, as there is less chance of internal miscommunication or theft.
While larger organizations apply segregation of duties in a more routine manner, it is traditionally more challenging to apply the concept in smaller accounting departments. At the very minimum, executives and managers overseeing smaller departments should implement the following two internal controls.
One currently popular, preventive method of internal control is the positive pay service, whereby the company shares its check register directly with the bank. The bank then will double-check any checks it receives against this register and only pay those that are present on the company list, with the exact same specifications as mentioned by the company. Positive pay acts as an important means preventing check fraud by ensuring that no checks for company assets are cashed without written company approval.
Another notable means of internal control is the remote deposit system. Though controversial, remote deposit has been growing exponentially in popularity since it became legal through the 2004 passage of the Check Clearing for the 21st Century Act (also known as the Check 21 Act). Remote deposit allows a client to deposit a check into their bank account from a remote location, such as an office or home, usually by scanning a digital image of the check and then transmitting that image to the bank. Supporters of remote deposit claim that by reducing the amount of paperwork in process – as well as the number of people involved – fewer mistakes are made and there is less opportunity for fraud. It is also an important detective control, as any issues with the check will become apparent far more quickly.
Effective organization of the accounting department is crucial to the assurance of efficient, reliable financial systems. Certain procedures and organizational methodologies can be implemented to increase the level of internal control, thereby reducing the chances of error or theft:
§ When designing a system of internal controls, it is important to consider both preventive and detective activities. While preventive controls act proactively to reduce the likelihood of problems arising, detective controls exist to find any existing undesirable activities.
§ At present, two particularly popular internal control procedures are positive pay and remote deposit. While positive pay ensures that all company checks have written approval before they are cashed, remote deposit reduces the amount of paperwork involved in depositing a check which, in turn, lowers the chances of mistakes or fraud.
§ Segregation of duties is the most important means of effecting internal control. By allocating duties associated with the management of company assets among a number of employees, it is possible to both reduce the chances of employee fraud and increase the likelihood of identifying any issues.
Internal control is incredibly important for ensuring the safety of assets and the good reputation of the company. However, if you feel like you cannot effectively reorganize your accounting department yourself, or have concerns regarding the implementation of control procedures, it is typically wise to consult with an outside service provider like a CFO services firm. An expert in the field will be able to provide an objective analysis and implement control procedures quickly and successfully.
References and Further Reading
Understanding Internal Controls: A Reference Guide for Managing University Business Practices; University of California
Segregation of Duties; Nick Stone; Internal Auditor Magazine: The Institute of
Internal Auditors; April 2009
Control Checklist; University of Florida; August 2011
(Original 2011 link updated March 2018)
Introduces Consumer Remote Deposit Solution; Maria Bruno-Britz; Bank Systems
& Technology; July 24, 2008
Arthur F. Rothberg, Managing Director, CFO Edge, LLC