Have you thought about ways to make your entity more efficient and secure? By understanding the elements of internal controls and the implementation of these controls, you will be able to do just that.
Properly designed internal controls have the ability to mitigate risk and help an entity carry out managements directives. When designing internal controls, the control environment and control activities should be considered.
The control environment sets the tone of an organization, influencing the conscience of its employees. It is the base for all other components of internal control, providing discipline and structure. Control environment factors include the following:
Commitment to competence
Effective controls require dedication and adherence to the implemented controls by employees and management.
Human resource policies and practices
An entity can mitigate control difficulties relating to new employees by implementing sound hiring and training policies for employees.
A company that operates internationally or has several business lines has different internal control challenges than one operating entirely within a single business unit or location. Consider the structure of your organization, and determine risks related to the roles and responsibilities of employees and management in a small business environment vs. a large business environment.
Philosophy of management
Management’s belief in the importance of a strong control environment will affect the attitude of the employees responsible for carrying out the controls. Tone at the top, or the ethical values held by management, sets the precedent for attitude and responsibility for all employees.
Controls should be assigned to separate employees with the proper level of authority. It is important to ensure that the responsibilities align with the employee’s position and any one employee does not have too much power.
Control activities are the policies and procedures implemented to help ensure that management directives are carried out. Examples of control activities are as follows:
Review of financial performance
Reviewing company performance is the way management can view, at a high level, financial trends, financial anomalies, profits, losses, spending patterns, performance ratios, successes and failures. Reviewing financial performance can also alert company management to fraud; such as misappropriation of assets and fraudulent financial reporting. Examples of financial performance reviews can include: budget vs. actual results, prior year to current year comparisons, and financial to non-financial results.
How the company’s financial information is processed within its accounting software is the foundation for financial accounting and reporting. The activities associated with data entry must have effective and efficient controls and these controls must be closely monitored.
Access to assets should be designated to certain employees and restricted to limit opportunities for theft and fraud.
Segregation of duties
Segregating duties between employees reduces the opportunity for any one person to be in a position to both perpetrate and conceal errors or fraud in the normal course of their duties. Segregating the following responsibilities is a great first step to fraud mitigation:
- Authorization of transactions
- Recording or posting of transactions
- Custody of assets
- Reconciliations or comparisons of bank statements
For additional support or general questions about strengthening your internal controls, feel free to contact Kristi Yanover, Audit Partner, at 858-558-9200 or any member of our Accounting & Assurance Team; we would be happy to assist you. Also, stay tuned for next month’s article on implementation and monitoring internal controls.