Internal controls are a system of policies and procedures organizations put in place to protect assets and improve operating efficiency. Effective internal controls are critical to accurate financial reporting. A solid system of controls can help prevent, detect, and correct financial misstatements due to errors and fraud.
Internal and external risk factors evolve over time. So, upon completion of the year-end financial statements, managers and internal auditors should reassess whether internal controls are up to snuff and brainstorm ways to solidify controls. Start your annual assessment with the following three basic controls:
1. Physical Restrictions
Employees should only have access to those assets necessary to perform their jobs. Locks and alarms are examples of ways to protect valuable tangible assets, including petty cash, inventory, and equipment. But intangible assets — such as customer lists, lease agreements, patents, and financial data — also should require protection with controls including passwords, access logs, and appropriate legal paperwork.
2. Account Reconciliation
Management should confirm and analyze account balances on a regular basis. To illustrate, strong organizations reconcile bank statements and count inventory on a regular basis. Waiting until year-end to complete these basic procedures is a potential red flag of weak oversight.
Interim financial reports, such as weekly operating scorecards and quarterly financial statements, also keep management informed. However, reports are only useful if management finds time to analyze them and investigate anomalies. Supervisory review takes on many forms, including observation, test counts, inquiry, and task replication.
3. Job Descriptions
Another basic control is maintaining detailed, up-to-date job descriptions. This exercise can help you better understand how financial job duties interact with one another. It also can highlight possible conflicts of interest that could lead to improper recordkeeping.
Your policies should call for job segregation, job duplication, and mandatory vacations. For example, the person who receives customer payments should not also approve write-offs (job segregation). In addition, two signatures should be required for checks above a prescribed dollar amount (job duplication).
It is important to confirm during the annual review whether employees are aware of internal control policies and procedures — and whether they are being strictly followed. At some organizations, certain internal controls procedures have been suspended while employees are working remotely during the COVID-19 pandemic.
No Time Like the Present
For many businesses and non-profits, the pandemic has slowed operations. Unfortunately, times of financial distress also may entice some employees to exaggerate financial results or even commit fraud. We can help you identify potential weaknesses and — regardless of whether your organization is large or small — find cost-effective ways to reinforce your controls.