It’s Time to Reassess your Internal Controls

Given the post-pandemic new world order, in which employees are more often working remotely, your internal controls may need an overhaul – or at least a second look, to be sure they are accomplishing what they were intended to do.

Internal controls are a set of principles, procedures and practices to ensure your organization can prevent and/or detect errors or fraud.

Conduct a risk assessment.

When reviewing internal controls, start by considering high risk areas in your organization. These will often involve high-dollar-value transactions. Start by asking the question, “What could go wrong?” Focus on high-risk areas, such as cash disbursements, wire transfers, cash receipts and payroll. Then identify the internal controls that are in place to prevent or detect errors or fraud in each of the risks identified. Finally, determine if those internal controls are being followed and if proper monitoring is in place.

Evaluate existing policies and procedures.

If you haven’t revised your organization’s Policies and Procedures Manual in the last year, now is a good time to review it. Since the pandemic, many things have likely changed. How are accounting tasks reviewed and approved under your organization’s current work structure? Is there proper management oversight for each area of activity? Where is there potential for employees to commit fraud?

Ensure proper segregation of duties.

All organizations should attempt to separate functional responsibilities to ensure that errors, intentional or unintentional, cannot be made without being discovered by another person.

By definition, segregation of duties means there should be at least two sets of eyes on every transaction. No one individual should initiate a transaction, approve and record a transaction and/or handle the related asset.

For example, you would not assign one individual to print checks, reconcile the bank statement, open mail and make deposits.

When it comes to payroll, different individuals would be responsible to add employees to the system, change pay rates and process the payroll. This will prevent an employee from carrying out malicious acts such as adding a fictitious person to the payroll or increasing their own pay rate. Also, be sure there is management supervision when it comes to changing banking information related to payroll.

Thwart phishing attempts.

Phishing attacks are on the rise. Be sure to define who in your organization is authorized to change banking information, transfer money or initiate wire transfers.

Also, make it standard practice that, in the event someone receives an email requesting a change of banking information, he or she calls the vendor or employee to verify it. Never accept such requests solely via email.

Harness technology to curb fraud.

There are many software platforms available that help prevent fraudulent behavior.

For example, Positive Pay, a cash management service used by many banks, matches the dollar amount of each check presented for payment, the check number and the account number against checks that have been previously authorized and issued by the organization. If these three components don’t correspond, the bank will not pay the check.

Bill.com is a business payment platform that automates accounts payable and accounts receivable processes. It enables users to define multiple approvals on bills so the same person who codes the bills doesn’t pay them. Authorized individuals can approve bills through the mobile app and easily see who paid which bills and submitted which payments.

Monitor and test your internal controls.

If left unmonitored, internal controls may deteriorate over time. And there is no sense putting policies and procedures in place if you’re not periodically checking to be sure they are operating as intended. That’s why it’s important to conduct spot checks on how well employees are following procedures.

As a best practice, supervisors should periodically walk through transaction recording processes to verify that employees are adhering to all required steps and should review financial reconciliations as a normal part of processing. As an added measure, depending on the size of the organization, a periodic internal audit may be beneficial.

__________

Small and mid-sized businesses may be more vulnerable to fraud than larger organizations because there tend to be fewer employees conducting transactions and fewer internal controls in place.

However, when you outsource your accounting function to ARI, you can take comfort in knowing that all tasks are handled by an impartial, external team of accountants that reviews all transactions and will alert you if they detect questionable activity.

But that’s just one of the benefits of outsourcing your accounting. Here are nine more.

If you’d like to explore whether ARI is the right solution for your accounting needs, contact us today.