Auditors are well aware of the concept of internal control, as are many organizations, both for-profit and nonprofit. However, this idea can occasionally be overlooked or its importance underestimated by organizations, leading to potentially devastating consequences. From an accounting standpoint, internal control refers to the framework of processes in place related to an entity’s finances, meaning not only the financial reporting process but also safeguarding of assets. Auditors consider an entity’s internal control in designing audit procedures, and not surprisingly, lack of internal control makes auditors more skeptical, requiring increased audit procedures.
A look at two of the key internal control components will help you in evaluating whether your company or organization’s internal control is up to speed. Good internal control serves as an effective deterrent against not only fraud but also unintentional errors. While all frauds require intent of a perpetrator to commit, poor internal control often provides the opportunity for frauds to become reality. An effective internal control setup can often prevent frauds or detect them before significant damage has been done.
- Control environment – What is the tone at the top? Do employees truly feel that top management is ethical? Does the organization have a formal code of conduct recognized by all employees? Is the code of conduct enforced by management, meaning if something is done that is not in line with the code, there are consequences?
- Control activities – Does the entity understand the importance of segregation of duties? Is one person responsible for receiving cash, posting to the general ledger, preparing a deposit slip and taking the cash to the bank? Who reconciles the bank account, and who reviews this? Who is able to post journal entries to the accounting system? Who is able to change pay rates and add employees to the payroll? Who approves expense reports? Who has access to blank checks?
Answering these questions may help to locate areas of your company or organization’s internal control that could be improved. Each of these questions relates to opportunities in which numerous frauds have occurred. And yes, the perpetrator can be that most trusted employee you’d never suspect! Additionally, unintentional errors may occur, specifically in the bookkeeping and financial reporting roles, and without a good system of internal controls, these misstatements can go undetected.
It’s not too early to evaluate your company or organization’s internal control. You could save yourself future problems by doing this. And your auditor will appreciate it!
ABOUT THE AUTHOR
Brian W. Rosenberg, CPA
Brian has over 15 years of public accounting experience and specializes in providing accounting and auditing services to companies in a variety of industries. His responsibilities include planning, performing, and supervising audits, reviews, and compilations and presenting results to owners and audit committees.