Architects & Engineers Articles -
Internal Controls -
Why Negligence, Ignorance, and Outdated Policies Could be Affecting Your Bottom Line
What are internal controls?
Internal controls are the policies and procedures that protect your firm’s assets, create reliable financial reporting, promote compliance with laws and regulations and achieve effective and efficient operations. They include firm procedures for handling the funds you receive and disburse in your normal business operations, preparing financial statements for the executive committee and directors, evaluating internal operations, and implementing personnel and conflict-of-interest policies. Your auditor, when looking at your company, needs to verify that the proper controls are in place.
Internal controls are important aids to the effective management of business activities, and, therefore, key factors in an audit. Formal written policies and procedures for internal controls provide the proper framework for employees to carry out their duties while establishing accountability for their actions. By reviewing and testing the company’s internal controls, your auditor might identify some areas that warrant improvement or contain deficiencies you weren’t aware of.
Segregate for safety
The receipt of cash and checks by firm personnel calls for segregation of duties. The person who opens the mail should be different from the individual who prepares the listing of checks and cash received, and neither of them should be the one who applies receipts against open accounts receivable. Also, all checks received should be endorsed with a stamp that includes your firm name, financial institution, account number and the words “For Deposit Only.”
Similarly, safeguards should be in place before funds are disbursed from your firm’s operating account. All check requests should have an approved signature authorizing the disbursement, and supporting receipts and documentation should be attached. Original invoices should be required and, to prevent resubmission, stamped “paid” once the check is cut. Never process or sign blank checks for anyone, and require two signatures for checks over a specified limit — such as $1,000. In many firms, one signature must be that of the director or a financial-matters designate. Also, use prenumbered documents to ensure your financial staff properly records authorized transactions.
Finally, consider diversifying your company’s job duties to the logical extreme. For instance, to viably separate your accounting personnel’s duties, make sure key oversight responsibilities go to nonaccounting personnel. Such duty separation assignments will make your business less vulnerable to asset misappropriation and fraud.
Today’s Technology and Your Firm’s Money
Internal controls are also needed for the ever-changing technology issues that most companies face. In light of the new systems that have become prevalent (such as wireless communications), you may need additional policies and procedures to ensure your firm’s privacy and protect the integrity of your data.
These controls could include activity logs, mandatory periodic password changes, and physical controls over computers and handheld devices.
For cash controls, it’s important to keep up with today’s changing banking technology. The “positive pay” process allows you to approve the checks presented on your account each day or provide the bank with a list of the checks written and the intended payees to prevent unauthorized payments.
With electronic payments becoming increasingly common, consider controls to ensure that only authorized payments are made. For instance, you may want to use separate bank accounts for your electronic transactions, such as having all payroll transactions handled via one account.
Show them the money
Monthly, or at least quarterly, financial statements — including a balance sheet, income statement and summary of cash flows — should be distributed to and reviewed by your executive committee and all directors. The committee should also review the current financial statements against prior year and against the current year budget.
Save your policies; save your firm
One essential (and often overlooked) internal control is the continual review and revision of internal controls. All of your internal policies and procedures — including hiring, vacation and sick leave, health insurance and other benefits, performance evaluations, ordinary and overtime compensation, conflict of interest, code of ethics, and review of associates’ legal work — should be in writing and given to all employees upon hiring, with changes communicated on a regular basis. Lack of clear policies in these areas can represent significant risks to any firm.
Your company’s fraud prevention policies are good only if enforced. Establish proper authorization channels with policies and procedures, and properly document both to provide a good audit trail.
Recognize the importance
Following the Enron situation, and with the advent of the Sarbanes-Oxley Act, auditors are spending more time testing and inquiring about internal controls. Meanwhile, upper management is being handed more responsibility regarding these policies and procedures.
Internal controls used to be left to the accounting staff. But if there’s one clear lesson from the corporate financial scandals, it is that owners and management must actively involve themselves in the implementation and execution of these critical processes.
Business owners often give three basic excuses for not implementing better internal controls: 1) They don’t have enough staff to adequately segregate job duties, 2) They believe establishing an ideal control environment would be too expensive, or 3) They trust their employees enough not to feel threatened by fraud. In reality, each of these arguments represents a pitfall that could cost these companies a fortune in lost money, wasted time and diminished morale.
Fact is, valid counterarguments exist for virtually any contention against internal controls. For instance, you can address the problem of not having enough staff or other resources via outsourcing or simply more carefully guarding business functions. And if internal controls seem too expensive, bear in mind that fraud’s full cost goes far beyond lost funds or equipment: You also need to consider the expense of time spent investigating the matter and of finding, training and hiring a new employee.
Last is the issue of employee trust. Sure, most workers are trustworthy and responsible. But though openly recognizing this fact should play a key role in your employee relations, you must remain objective as well. Sadly, often the most trusted employee commits fraud.
Does this sound like your company? If you have a “wait-and-see” attitude toward internal controls, an auditor is likely to assess the risk of material misstatement as high. Fraud perpetrators may under report income or misappropriate assets in an attempt to defraud management or mislead you regarding your company’s financial situation. Perpetrators of fraud have also been known to inflate income and assets to increase a firm sale price or gain higher compensation.
Keeping these policies and procedures up to date not only can help prevent fraud and assure your firm’s financial integrity, but may also boost your bottom line.
Find out how our expertise in accounting for architects and engineers can add value to your business. Email us or call us at 1 (888) 875-9770.
related links
A&E Newsletters & Articles
Tax News and Business Updates
PODCAST: Overhead Rates, State Agency Updates and Best Practices for Engineers |
