Internal Controls

NAPPA FALL DISTRICT MEETINGOCTOBER 24, 2014

LEE RAY – HUNTSVILLE UTILITIES

Internal ControlsAgenda

Internal Controls – Definitions and Overview

Why Have Internal Controls?

Fraud Triangle

Payroll

Cash and Accounts Receivable

Accounts Payable

Financial Reporting

Protect Your Organization

Internal ControlsSources

Internal Controls – Wikipedia

2012 U.S. Fraud Examiners Manual - ACFE

Fraud Examination – Albrecht, Albrecht, Albrecht, Zimbelman

Fraud Auditing & Forensic Accounting - Dr. Tommie Singleton, A Singleton Bologna & Lindquist

Internal Controls

Internal control is the process designed to ensure reliable financial reporting, effective and efficient operations, and compliance with applicable laws and regulations. Safeguarding assets against theft and unauthorized use, acquisition, or disposal is also part of internal control.

Control environment. The management style and the expectations of upper‐level managers, particularly their control policies, determine the control environment. An effective control environment helps ensure that established policies and procedures are followed. The control environment includes independent oversight provided by a board of directors and, in publicly held companies, by an audit committee; management's integrity, ethical values, and philosophy; a defined organizational structure with competent and trustworthy employees; and the assignment of authority and responsibility.

Internal Controls Control activities. Control activities are the specific policies and procedures

management uses to achieve its objectives. The most important control activities involve segregation of duties, proper authorization of transactions and activities, adequate documents and records, physical control over assets and records, and independent checks on performance.

Segregation of duties requires that different individuals be assigned responsibility for different elements of related activities, particularly those involving authorization, custody, or recordkeeping. Having different individuals perform these functions creates a system of checks and balances.

Proper authorization of transactions and activities helps ensure that all company activities adhere to established guide lines unless responsible managers authorize another course of action. An example would be having dollar approval levels for purchase orders.

Internal Controls

Adequate documents and records provide evidence that financial statements are accurate. Controls designed to ensure adequate recordkeeping include the creation of invoices and other documents that are easy to use and sufficiently informative; the use of pre-numbered, consecutive documents; and the timely preparation of documents.

Physical control over assets and records helps protect the company's assets. These control activities may include electronic or mechanical controls (such as a safe, employee ID cards, fences, cash registers, fireproof files, and locks) or computer-related controls dealing with access privileges or established backup and recovery procedures.

Independent checks on performance, which are carried out by employees who did not do the work being checked, help ensure the reliability of accounting information and the efficiency of operations.

In order to identify and establish effective controls, management must continually assess the risk, monitor control implementation, and modify controls as needed.

Internal ControlsWhy do Companies have internal controls?

Lack of proper internal controls provides the opportunity for fraud.

Fraud cost the organization money

Some estimate fraud losses to be 5% of revenue

Recover of frauds losses is less than 50%

Damage goes beyond dollars and cents

Reputation

Loss of public confidence

Sagging staff morale

Distraction from the mission

Why do people commit fraud ?

The Fraud Triangle – Donald R. Cressey

Perceived

pressure

Rationalization

Perceived

opportunity

Payroll Segregation of duties – No one should have access to the HR employee records and the payroll records.

Payroll approval – the payroll register/file should be reviewed by the HR Director and the Controller.

Ghost employees

Added to payroll, posted time and rate data, payroll check produced, and check delivered.

Manipulated time records – Altering pay rate and time

Tools

Compare the HR employee records to the payroll records.

Review records for duplicate or lack of SSAN’s, bank account numbers, addresses, phone numbers.

Look for employees without deductions for benefits.

Audit rates of pay by comparing payroll records to source documents in HR.

Cash & Accounts Receivable Altering bank deposits

Check for currency substitutions

Lapping customer payments

Lapping deposits

Forging checks received

Granting bogus credits or account adjustments

Tools

All bank accounts should be reconciled by an independent party.

Deposits should counted by two employees and made by an independent party.

Employees receiving payments should not post customer accounts.

Watch for cash payments.

Perform surprise cash counts.

Customer credits should be properly apporved

Accounts Payable Fictitious vendors

Personal bills

Unauthorized use of purchasing cards

Tools

Vet new vendors – Check vendors to yellow pages, online, Google maps, and require a physical address.

Limit who can add new vendors, should be segregated from invoice approval and payment processing.

Install positive pay with your bank.

AP check runs should be approved by a senior accountant or controller.

Payment reports should be sent to managers for review.

Wire transfers/ACH should require two person control.

Compare vendor addresses to employee addresses

Review for vendor invoice numbers in sequence or unusual numbers

Purchasing Cards

P-Cards are dangerous - Unauthorized use of P-CardsPurchase of personal items, taking employees to lunchUnusual travel expenses

Red Flags Unusual or unexplained increases in P-Card purchases Purchases of unusual items Pattern of purchases just below review or approval

Tools Limit and properly authorize the issue of P-Cards Place dollar limits by transaction, daily, monthly Use approved merchant lists and prohibited merchant lists P-Card expense reports should be reviewed and approved by

managers. Required detailed receipts,

Financial Reporting All journal entries should be approved and supported.

Use a closing checklist for journal entries and required actions that is signed by the senior accountant and controller each month.

General ledger accounts should be reconciled to supporting documents each month.

Ensure proper cut-off for accounts receivable, accounts payable, fixed assets, and inventory.

Red Flags

Recording expenses as assets.

Unusual or explained increases in assets (inventory, receivables, and fixed assets).

Unreasonable increase in gross margin.

Unusual growth in revenue.

Protect you organization Set the “Tone at the Top”

Review internal controls at least annually

Accomplish a fraud risk assessment

Hire the right people

Questions ?