Internal controls are a system of policies and procedures organizations put in place to protect assets and improve operating efficiency. Effective internal controls are critical to accurate financial reporting. A solid system of controls can help prevent, detect and correct financial misstatements due to errors and fraud.
Internal and external risk factors evolve over time. So, upon completion of the year-end financial statements, managers and internal auditors should reassess whether internal controls are up to snuff and brainstorm ways to solidify controls. Start your annual assessment with the following three basic controls:
- Physical restrictions. Employees only should have access to those assets necessary to perform their jobs. Locks and alarms are examples of ways to protect valuable tangible assets, including petty cash, inventory and equipment. But intangible assets — such as customer lists, lease agreements, patents and financial data — also require protection with controls including passwords, access logs and appropriate legal paperwork.
- Account reconciliation. Management should confirm and analyze account balances on a regular basis. To illustrate, strong organizations reconcile bank statements and count inventory on a regular basis. Waiting until year-end to complete these basic procedures is a potential red flag of weak oversight. Interim financial reports, such as weekly operating scorecards and quarterly financial statements, also keep management informed. But reports are only useful if management finds time to analyze them and investigate anomalies. Supervisory review takes on many forms, including observation, test counts, inquiry and task replication.
- Job descriptions. Another basic control is maintaining detailed, up-to-date job descriptions. This exercise can help you better understand how financial job duties interact with one another. It can also highlight possible conflicts of interest that could lead to improper recordkeeping.
Your policies should call for job segregation, job duplication and mandatory vacations. For example, the person who receives customer payments should not also approve write-offs (job segregation). And two signatures should be required for checks above a prescribed dollar amount (job duplication).
It’s important to confirm during the annual review whether employees are aware of internal control policies and procedures — and whether they’re being strictly followed. At some organizations, certain internal controls procedures have been suspended while employees are working remotely during the COVID-19 pandemic.
No time like the present
For many businesses and not-for-profits, the pandemic has slowed operations. Unfortunately, times of financial distress may also entice some employees to exaggerate financial results or even commit fraud. Our auditors have seen the best (or worst) in internal control practices. We can help you identify potential weaknesses and — regardless of whether your organization is large or small — find cost-effective ways to reinforce your controls.