Internal Controls with Limited Staff

1
Internal Controls with Limited Staff

• Presented by
• William Hart, CPA
• Vice President
• Protean Technologies
• Tomorrows Technology Today

2
AGENDA

• What are Internal Controls?
• The Three Internal Control Categories
• The Five Interrelated Components
• Control Activities
• One Component in Detail
• Sales/Accounts Receivables Transaction Profile
  
• Purchasing/Accounts Payable Transaction Profile
• Considerations for Limited Staff
• Safeguards for Small Organizations
• Conclusion Q A

3
What are Internal Controls?

• Internal Controls is broadly defined as a
  process affected by an entitys governing board,
  management, and other personnel, designed to
  provide reasonable assurance regarding the
  achievement of objectives in three categories.

4
Three Internal Control Categories

• Effectiveness and Efficiency of Operations
• An entitys basic organizational objective,
  including performance goals and safeguarding of
  resources.
• Reliability of Financial Information
• Preparation of reliable published financial
  informational statements and selected financial
  data.
• Compliance with Applicable Laws and Regulations
• Complying with laws and regulations to which an
  entity is subject.

5
The Five Interrelated Components

• Control Environment
• Risk Assessment
• Control Activities
• Information and Communication
• Monitoring

6
Control Environment

• The control environment sets the tone of an
  organization. It is the foundation of all other
  components, providing discipline and structure.
  Control Environment factors include
• Integrity
• Ethical Values
• Competence of Staff
• Management Philosophy
• Assignment of Authority and Responsibility
• Direction provide by the Governing Board

7
Risk Assessment

• The identification and analysis of relevant
  risks to achievement of the organizations
  objectives.
• Risks may be internal or external.
• Risks must be re-evaluated as circumstances
  change.

8
Control Activities

• The policies and procedures that help ensure
  management directives are carried out.
• They help ensure that necessary actions are
  taken to address risks to achievement of the
  organizations objectives.
• Occur at all levels and functions throughout the
  organization.
• Activities as diverse as
• Approvals
• Authorizations
• Verifications
• Reconciliations
• Segregation of Duties

9
Information and Communication

• Information must be identified and communicated
  timely to enable staff to carry out their
  responsibilities.
• External events, activities, and conditions as
  well as internal issues must be communicated
• Information must flow up, down, and across the
  organization.
• All personnel must receive a clear message from
  management that control responsibilities must be
  taken seriously.

10
Monitoring

• Internal Control Systems must be monitored.
• Monitoring can be ongoing, a separate
  evaluation, or a combination of the two.
• Ongoing monitoring occurs in the course of
  operations.
• The scope and frequency of the separate
  evaluation depends upon risk assessment and the
  effectiveness of the ongoing monitoring
  procedures.

11
Control Activities (in depth)

• Policies and procedures the help ensure
  management directives are carried out.
• Actions taken to minimize risk.
• May be formal or informal.
• Examples
• Segregation of Duties
• Review Procedures
• Authorization Controls

12
Segregation of Duties

• Authorization to Execute Transaction
• Transaction execution belongs to staff having the
  authority and responsibility to initiate the
  transaction.
• Recording Transactions
• Refers to the accounting and record-keeping
  function whether manual or computerized. If
  computerized, may be part of transaction
  execution.
• Custody of Assets
• Refers to actual physical possession or effective
  physical control of assets including cash,
  inventory, supplies, computer programs and data.
• Verification/Reconciliation
• Needs to be done at least monthly.
• Personnel preparing the reconciliation should not
  be involved in the transaction initiation.

13
Review Procedures

• Validity
• Refers to controls designed to ensure recorded
  transactions are those that should have been
  recorded.
• Completeness
• Refers to controls designed to ensure valid
  transactions are not omitted from the accounting
  records.
• Authorization
• Refers to controls intended to ensure
  transactions are approved before they are
  recorded.
• Classification
• Refers to controls intended to ensure
  transactions are recorded in the right accounts
  and charged/credited to the right
  vendor/customer.
• Proper Period
• Refers to controls over accounting for
  transactions in the period in which they occur.

14
Sales/Accounts Receivable

• A typical sales/accounts receivables transaction
  may involve the following activities
• Credit
• Sales
• Accounts Receivable
• Inventory/Shipping
• Billing
• Cash Receipts
• Bank Deposits
• Bank Reconciliation

15
Purchasing/Accounts Payable

• A typical purchasing/accounts payable
  transaction may involve the following activities
• Ordering
• Purchasing
• Accounts Payable
• Receiving/Inventory
• Cash Disbursements
• Bank Reconciliation

16
Considerations for Limited Staff

• If possible each activity should be performed by
  a different employee.
• Cash custody should be independent of receipts,
  disbursements and the recording function.
• G/L personnel should be independent of custody,
  receipts, disbursements, and as many other
  activities in the transaction process as
  possible.
• Personnel making bank deposits should be
  independent of cash custody, receipts,
  disbursements, and bank reconciliations.
• In small organizations, it is more likely there
  may be insufficient personnel to allow the
  various activities to be performed by the
  recommended number of independent personnel.

17
Considerations for Limited Staff

• As separation of duties becomes less possible
  more emphasis must be placed on
• Review of Supporting Documentation.
• Limiting access to facilities/assets.
• Transaction Authorization.
• Departmental Reconciliation.
• Independent verification by internal/external
  auditors.

18
Safeguards for Small Organizations

• General Safeguards
• Organizational Chart up to date.
• Ethics and policies have been documented and
  adopted.
• Documented Procedures.
• Employees who handle cash, checks, etc. are
  bonded.
• Vacations are required.
• Budgets are used and variances investigated.
• Special entries require management approval.
• Reports issued to departments for monthly
  reconciliation.

19
Safeguards for Small Organizations

• Sales/AR Safeguards
• Restrictive endorsements are placed on checks and
  a list of payments received is prepared.
• Payments received list is verified against daily
  deposit and cash receipts journal.
• Pre-numbered transactional documents are prepared
  for each sale transaction.
• Statements/billings are generated at least
  monthly.
• Personnel independent of the sales cycle
  review/authorize customer discounts, refunds, and
  credit memos.
• Aged accounts receivable are reviewed by
  supervisory personnel at least monthly.

20
Safeguards for Small Organizations

• Purchasing/AP Safeguards
• Pre-Numbered documents (requisitions, purchase
  order, invoices, etc) are utilized.
• All purchases are completed utilizing an
  authorized document.
• Receiving report is prepared for the receipt of
  all goods.
• Invoice processing matches purchase order,
  receiving report, and vendor invoice prior to
  payment processing.
• Personnel independent of the purchasing cycle
  review/authorize vendor discounts, refunds, and
  credit memos.
• Two signatures required on warrants, sight
  drafts, or checks over a stated amount.
• Vendor Invoices sent directly to the A/P or
  Accounting Department

21
System Safeguards

• General Safeguards
• User access tracking.
• Tracking data inserts, modifications, and
  deletes.
• Limiting access to necessary system areas.
• Keeping userids and passwords secure.
• Periodically testing security roles.

22
System Safeguards

• Sales/AR Safeguards
• Cash receipt only with application to a customer
  account.
• Restricted access to customer credit memos and
  adjustments.
• Approval prior to posting to the G/L.
• Customer statements e-mailed directly to
  customer.

23
System Safeguards

• Purchasing/AP Safeguards
• Automated workflows and approvals with
  notification.
• Purchase Order to Receipt to Invoice cycle.
• Budgetary Controls.
• Approval prior to posting to the G/L.

24
Additional Information

• COSO The Committee of Sponsoring Organizations
  of the Treadway Commission (www.coso.org).

• COSO is a voluntary private sector organization
  dedicated to improving the quality of financial
  reporting through business ethics, effective
  internal controls, and organizational governance.

25
Internal Controls with Limited Staff

• William Hart, CPA
• Vice President
• whart_at_proteantech.com
• Protean Technologies
• Tomorrows Technology Today