Internal Controls NAPPA FALL DISTRICT MEETING OCTOBER 24, 2014 LEE RAY – HUNTSVILLE UTILITIES Internal Controls Agenda Internal Controls – Definitions and Overview Why Have Internal Controls? Fraud Triangle Payroll Cash and Accounts Receivable Accounts Payable Financial Reporting Protect Your Organization Internal Controls Sources Internal Controls – Wikipedia 2012 U.S. Fraud Examiners Manual - ACFE Fraud Examination – Albrecht, Albrecht, Albrecht, Zimbelman Fraud Auditing & Forensic Accounting - Dr. Tommie Singleton, A Singleton Bologna & Lindquist Internal Controls Internal control is the process designed to ensure reliable financial reporting, effective and efficient operations, and compliance with applicable laws and regulations. Safeguarding assets against theft and unauthorized use, acquisition, or disposal is also part of internal control. Control environment. The management style and the expectations of upper‐level managers, particularly their control policies, determine the control environment. An effective control environment helps ensure that established policies and procedures are followed. The control environment includes independent oversight provided by a board of directors and, in publicly held companies, by an audit committee; management's integrity, ethical values, and philosophy; a defined organizational structure with competent and trustworthy employees; and the assignment of authority and responsibility. Internal Controls Control activities. Control activities are the specific policies and procedures management uses to achieve its objectives. The most important control activities involve segregation of duties, proper authorization of transactions and activities, adequate documents and records, physical control over assets and records, and independent checks on performance. Segregation of duties requires that different individuals be assigned responsibility for different elements of related activities, particularly those involving authorization, custody, or recordkeeping. Having different individuals perform these functions creates a system of checks and balances. Proper authorization of transactions and activities helps ensure that all company activities adhere to established guide lines unless responsible managers authorize another course of action. An example would be having dollar approval levels for purchase orders. Internal Controls Adequate documents and records provide evidence that financial statements are accurate. Controls designed to ensure adequate recordkeeping include the creation of invoices and other documents that are easy to use and sufficiently informative; the use of pre-numbered, consecutive documents; and the timely preparation of documents. Physical control over assets and records helps protect the company's assets. These control activities may include electronic or mechanical controls (such as a safe, employee ID cards, fences, cash registers, fireproof files, and locks) or computer-related controls dealing with access privileges or established backup and recovery procedures. Independent checks on performance, which are carried out by employees who did not do the work being checked, help ensure the reliability of accounting information and the efficiency of operations. In order to identify and establish effective controls, management must continually assess the risk, monitor control implementation, and modify controls as needed. Internal Controls Why do Companies have internal controls? Lack of proper internal controls provides the opportunity for fraud. Fraud cost the organization money Some estimate fraud losses to be 5% of revenue Recover of frauds losses is less than 50% Damage goes beyond dollars and cents Reputation Loss of public confidence Sagging staff morale Distraction from the mission Why do people commit fraud ? The Fraud Triangle – Donald R. Cressey Perceived opportunity Perceived pressure Rationalization Payroll Segregation of duties – No one should have access to the HR employee records and the payroll records. Payroll approval – the payroll register/file should be reviewed by the HR Director and the Controller. Ghost employees Added to payroll, posted time and rate data, payroll check produced, and check delivered. Manipulated time records – Altering pay rate and time Tools Compare the HR employee records to the payroll records. Review records for duplicate or lack of SSAN’s, bank account numbers, addresses, phone numbers. Look for employees without deductions for benefits. Audit rates of pay by comparing payroll records to source documents in HR. Cash & Accounts Receivable Altering bank deposits Check for currency substitutions Lapping customer payments Lapping deposits Forging checks received Granting bogus credits or account adjustments Tools All bank accounts should be reconciled by an independent party. Deposits should counted by two employees and made by an independent party. Employees receiving payments should not post customer accounts. Watch for cash payments. Perform surprise cash counts. Customer credits should be properly apporved Accounts Payable Fictitious vendors Personal bills Unauthorized use of purchasing cards Tools Vet new vendors – Check vendors to yellow pages, online, Google maps, and require a physical address. Limit who can add new vendors, should be segregated from invoice approval and payment processing. Install positive pay with your bank. AP check runs should be approved by a senior accountant or controller. Payment reports should be sent to managers for review. Wire transfers/ACH should require two person control. Compare vendor addresses to employee addresses Review for vendor invoice numbers in sequence or unusual numbers Purchasing Cards P-Cards are dangerous - Unauthorized use of P-Cards Purchase of personal items, taking employees to lunch Unusual travel expenses Red Flags Unusual or unexplained increases in P-Card purchases Purchases of unusual items Pattern of purchases just below review or approval Tools Limit and properly authorize the issue of P-Cards Place dollar limits by transaction, daily, monthly Use approved merchant lists and prohibited merchant lists P-Card expense reports should be reviewed and approved by managers. Required detailed receipts, Financial Reporting All journal entries should be approved and supported. Use a closing checklist for journal entries and required actions that is signed by the senior accountant and controller each month. General ledger accounts should be reconciled to supporting documents each month. Ensure proper cut-off for accounts receivable, accounts payable, fixed assets, and inventory. Red Flags Recording expenses as assets. Unusual or explained increases in assets (inventory, receivables, and fixed assets). Unreasonable increase in gross margin. Unusual growth in revenue. Protect you organization Set the “Tone at the Top” Review internal controls at least annually Accomplish a fraud risk assessment Hire the right people Questions ?