Tightening Internal Controls can
Protect your Company
By Reggie Novak, Senior Manager, CPA, CFE, Ciuni & Panichi, Inc.
In today’s fast-moving marketplace, businesses face numerous challenges, including management of security risks and fraud. From a breach in online security to misuse or theft of company funds, organizations are susceptible to both internal and external acts of fraud. Small businesses can be the most prone to risk because they often do not have adequate protections in place to guard their assets. The best method to aid in the detection and prevention of fraud, as well as protect your company’s assets, employees, and customers, is to establish an effective system of internal controls. The following internal controls can help all organizations fight the good fight against the risk of fraud:
1. Segregate duties. The duties of authorization (signing a check or releasing a wire transfer), custody (having access to the blank check stock or the ability to establish a wire transfer), and recordkeeping (ability to record the transaction in the accounting system) should be separated so that one individual cannot complete a transaction from start to finish. For many businesses, proper segregation of duties can be difficult to achieve. In these instances, company owners may want to consider having the bank statements delivered to them directly and unopened. The owners should then review the bank statements and the check images for any transactions that appear unusual, and follow up on these transactions to obtain an understanding of them.
2. Review authorized signors. Carefully consider who your authorized signors are (authorization of the transaction). Those individuals should not have access to the blank check stock (custody of the asset) nor have the ability to enter the transaction into the accounting system (recording of the transaction). The use of a signature stamp, although efficient, may be problematic in that you must have separate controls to ensure that the stamp is not readily available for inappropriate use.
3. Consider requiring dual signatures. Your company may also want to consider the use of dual signatures. A dual signature policy includes the establishment of a dollar threshold over which checks require two signatures. The utilization of dual signatures establishes an element of segregation of duties for disbursements over a specified dollar threshold in that these disbursements require more than one individual to authorize the transaction.
4. Controls over wire transfers. The use of wire transfers has increased significantly over the years, and segregation of duties around wire transfers is paramount. The responsibilities for establishing a wire transfer should be segregated from the responsibility of releasing the wire transfer. If this segregation is not possible, consideration should be given to using a call-back procedure in which the financial institution will call a specified individual when a wire transfer is initiated. Most important, the call back cannot go to any individual who is able to initiate a wire transfer.
5. Reconcile bank accounts in a timely manner. The bank reconciliation process should be completed in a timely manner by someone who is independent of the cash disbursement process. The bank reconciliation process should also include a review of the bank statement and the check images that are returned with the bank statement for unusual transactions. Any unusual items should be investigated and evaluated when necessary.
6. Utilize controls offered by your banks or financial institutions. Many banks offer services, such as positive pay, that can provide your business with the added assurance that bank transactions are properly authorized. With positive pay for ACH transactions, a bank matches the details of ACH payments with those on a list of legitimate and expected payments provided by the account holder. Only authorized ACH’s are allowed to be withdrawn from the account and exceptions are reported to the customer for review.
7. Controls over your vendor list and payments. Implementing controls such as requiring vendors to sign a code of conduct annually, ensuring the vendor set-up process incorporates segregation of duties, and implementing check validation of select vendor payments can help deter and detect fraudulent activities.
For more information contact Reggie Novak at 216-831-7171 or rnovak@cp-advisors.com.
Reggie is a Senior Manager in the Audit and Accounting Services Group. As a Certified Fraud Examiner, Mr. Novak can assist you with prevention services, including recommending internal controls and other measures to be implemented to prevent theft or misappropriation. If fraud is suspected, he can investigate and present his findings and recommendations.