Estimates show that over 5% of all revenue is lost to fraud and theft each year. The numbers are staggering - odds are if you have not experienced it, you will.
One of the best ways to prevent fraud and theft is to implement a system of internal controls (though no system of internal control can prevent all fraud and theft). We have developed a comprehensive checklist of internal controls you should be using, but here are our top 5:
- Reconciliation of Balances and Records – Reconciliation is the process of ensuring that two or more sets of records agree. This is commonly performed in association with bank statements, credit card statements and petty cash balances to ensure money leaving the accounts is captured correctly in the accounting record and matches the actual, valid use of the funds. Reconciliations are not limited to cash accounts only, but may also be applied to any two or more sets of records. It is important to independently maintain the integrity of each record and investigate differences.
- Separation of Duties – The separation of duties concept prevents the designation of responsibility to only one person for the acquisition of assets, their custody, and the related record keeping. For example, one person can place an order to buy an asset, but a different person must record the transaction in the accounting records. The best internal control practices disperse the critical functions of a particular business process to more than one person or department. It is also a good idea to periodically rotate the roles so the same person is not always performing the same functions. A new set of eyes can help identify irregularities.
- Review and Approval - When a process is performed, there should always be another level of review and approval performed by a knowledgeable individual independent of the process. The reviewer should be able to identify errors and omissions, and the approval should be documented to verify that a review has been completed. Review and approval help to reduce uncorrected errors, irregularities and inaccurate or incomplete information in accounts and records. Approved transactions should also be reviewed after the fact to ensure they were executed as intended.
- Access To and Physical Control Of Assets (Safeguarding) – It’s common sense to lock down certain physical assets, such as inventory or petty cash, but financial assets such as computers, printed bank statements and blank check stock should also be secured. Accounting systems are also financial assets of an organization. Access to your systems should be restricted to authorized personnel and all avenues of access should be password protected. The accounting system should be properly backed up on a regular, scheduled basis to prevent loss.
- Set the Control Environment – Often referred to as the “tone at the top”. It is critical to the success of any internal control environment to let employees know from the top down that there are policies and procedures in place and adherence to them will be enforced. A system of internal control can be well designed, but if the employees do not actually follow those procedures, there is no benefit to the organization.
Benjamin Franklin famously said: “An ounce of prevention is worth a pound of cure.” Nowhere is this truer than the implementation and adherence to internal controls. If you have questions about implementing internal controls, or believe you may already be the victim of fraud or theft, let’s talk. Our audit professionals have experience with small to large size businesses, corporations and non-profits. We’re here to help – contact us today.