by Donna Roundy, CPA , published on 11/08/2011 in

Business West

It is good business practice to periodically review and revise control activities. Internal control is the process designed to ensure reliable financial reporting, effective and efficient operations, and compliance with applicable laws and regulations. Safeguarding assets against theft and unauthorized use, acquisition, or disposal is also part of internal control.

Monitoring your company’s assets can improve year-end bonuses to deserving employees and the owners. It safeguards funds to invest in company equipment or pay down debt, and ensures the accuracy of financial reporting to the bank.

Ultimately, the responsibility for internal control rests with the management and owners of an organization; monitoring the controls can be an ongoing exercise as staffing levels fluctuate and responsibilities change. If controls are not monitored, you risk using line-of-credit funds to offset misallocated cash or replace stolen inventory.

The news has brought us many stories of fraud over the past few years. There are three requirements for fraud — incentive or pressure, opportunity, and attitude or rationalization. Greed is not the only driving force; unfortunately, this economy brings many pressures, and an individual faced with a desperate situation can consider actions very unlike their character.

To reduce the risk of fraud, you need to break the triangle. Create an ethical environment, reduce opportunities, and monitor pressures on employees (without invading their privacy). Be alert if a staff person is experiencing financial difficulties. Prevention and detection techniques include performance reviews (for example, comparing current financial reports to other information, perhaps reported sales to merchandise shipments), independent checks (an employee’s work is re-performed or tested by a supervisor or the computer), and rotating employee responsibilities.

In speaking of internal controls, you’ll hear the phrase ‘tone at the top.’ Company leaders can let their employees know they value honesty and encourage whistle-blowing. Violators should be prosecuted.

In monitoring controls, consider first which assets are most vulnerable to theft or fraud. In most cases this is cash, although you could also have inventory that is easy to take and sell outside the company. As you review organizational control procedures and contemplate risk, consider implementing the following:

• An owner should avoid relying solely on one trusted individual, even if that person maintaining the ledgers is family or like family. Don’t let personal relationships blur your perspective.

• Know your company’s procedures. If they aren’t already, consider putting them in writing. Written procedures avoid misinterpretation. Start by asking each person to write down what it is they do. Review with an eye as to how and where in the process things can go wrong.

• Require employees to take one- or two-week vacations. This includes cross-training employees so that someone else does the job during the vacation.

• The business owner should receive the bank statement unopened, possibly sent to his home address. He should review the bank statement for reasonableness; note signatures on the imaged cancelled checks, the payees, and the amount; and check that transfers and other charges are appropriate.

• Once the bookkeeper has prepared the monthly bank reconciliation, the owner should review the reconciliation to question unusual reconciling items.

• Someone other than the bookkeeper should open the mail. A third office person can make a dated listing of the incoming checks that can later be compared to the related validated deposit ticket.

• Someone other than the person posting the payments to the customer ledger should inquire of customers regarding old accounts receivable. Periodically evaluate customer credit limits to their outstanding balances. Perhaps customers with old balances haven’t had their accounts suspended. Only the owner should approve customer write-offs, never the individual collecting the cash.

• Ideally the bookkeeper should never have check-signing authority or access to a signature stamp. The owner should sign all checks after reviewing attached invoices.

• Payroll registers should be reviewed for correct number of hours, proper pay rates, that withholdings are subjected and not shown as a negative (an add-back), and that all names are known employees. A separate individual could track paid time off to be sure the amount taken is in agreement with pre-approved days or hours.

• Review general journal entries for unusual items, and randomly review backup documentation. Journal entries should be approved by someone with authority over those who create and post the entry.

• All equipment should be marked for ownership.

• Inventories should be adequately safeguarded; it is often more difficult to prevent and detect inventory fraud than other asset thefts. This is due to the large quantity of items in the inventory, the number of employees with access to inventory (possibly due to complicated processes involved in production), and the many entries and possibly complex systems used to account for the inventory and production process. Inventory that is small, portable, high in value, or in high demand is more susceptible to theft.

Theft of inventory can include the following: stealing inventory and scrap for personal use or resale; scrapping good merchandise and, with collusion, selling it to customers or distributors; returned product being recorded as sales returns but never restocked and instead sold by the perpetrator; or concealing other fraud by increasing the inventory accounts, as when a perpetrator writes a check to himself and records the debit to inventory.

Preventive or detective controls for inventory include securing the perimeter of the building, separating the duties of purchasing and warehousing from approving inventory purchases and disbursements; and periodically analyzing the components of costs of sales (material, labor, and overhead) as a percentage of sales. Inventory should be periodically counted, costed, and compared to control accounts and/or perpetual records.

Business owners and managers can ask their office staff for internal control information in addition to regular monthly financials. Depending on what your business is, you could request product sales statistics, reports on inventory shrinkage, old inventory information, sales returns reports, and edit reports that compare like-items from different areas of the business.

In summary, know your company’s procedures — who, what, when, which document, and where can things go wrong. Implement cross-checks, and review procedures periodically. Are they being performed as designed, or do the procedures need to be modified to address a change in staff or business activities?

Your CPA can help if you have a question. Effective controls start and stop with management and the business owner. This doesn’t mean that you, individually, have to perform every check and balance. Set the tone, and let your employees and vendors know you adhere to good business standards. It also means making sure the controls are happening as designed, with periodic inquiries to staff and viewing their logs. Call your accountant to schedule their visit to your business to receive details on these and other steps that can help secure your business assets. This could reveal critical controls that have been overlooked. 

Donna Roundy, CPA, serves as the senior audit manager in charge of the not-for-profit practice at Meyers Brothers Kalicka, P.C. in Holyoke. She is also the firm’s technical advisor on uniform financial reporting and compliance. Her primary focus is auditing and includes servicing not-for-profit and real-estate organizations with subsidized housing, as well as financial-statement preparation for closely held businesses; (413) 536-8510.