When a business grows from being very small to being quite large, the span of control changes. The way a small business owner controls their business differs from the way a CEO would control their business. In a large business, there would be division of functions and responsibilities. There would also be hierarchy with levels of authority and responsibility. The work would be carried out delegation and functional responsibilities.
Internal control refers to checks and balances embedded in the business systems (including the accounting system) aimed at controlling resources of the business; preventing fraud and misappropriation and safeguarding overall economic interests of the business.
An effective system of internal control would employ various tools, procedures and policies to implement the above objectives. An effective accounting system with inbuilt checks and balances would be one of the tools (albeit a major one) of achieving those objectives.
How can an accounting system be designed to achieve internal control?
1 – Physical checks: Cash/Petty Cash should be checked at regular intervals including random checking. Inventory should also be checked at regular intervals including random checking. Shortfall and variances should be investigated.
2 – Maintaining assets register: Items of fixed assets should be identified and recorded. Periodical tallying of the entries in the books should be checked with the physical identification and count.
3 – Authorisation levels: There should be layered authorisation levels for releasing bank payments. Payments above a certain limit should be authorised to be carried out by more than one person. Similarly, documents that bind the business into legally enforceable contractual relationship (for example, purchase order) should be signed by authorised personnel only. Here also, authorisation levels could be set based on the value of the order. A recent case of a rogue trader causing loss to the banking giant UBS by exceeding his authority is a classic case here. This would not have been possible if the bank had checks and balances in place. (for further reading: http://www.theguardian.com/uk/2012/nov/20/ubs-trader-kweku-adoboli-jailed-fraud)
4 – Controlled access: Staff should have controlled access to the data and information based on their area of work. In no case, staff should have access to the data and information beyond their sphere of work.
5 – Design of workflow and segregation of duties: Workflow in the accounts and finance department should be designed in such a way that one person’s work is automatically checked by another one. This can be made easy when the second person is dependent on the work carried out by the first one.
6 – Rotation of duties: There should be rotation of duties and responsibilities in such a way that no one person is assigned with a single sphere of work for too long a period.
7 – Encouraging staff to take their holidays and leave entitlements: This will enable a fresh approach to the work carried out by the person on leave.
8 – Reconciliations: Where ever possible, reconciliations should be carried out periodically with the external evidence. For example, bank reconciliation should be carried out with the bank statements. Suppliers’ statements should be reconciled with the payables accounts. Regular statements of accounts should be sent to credit customers. At the year end, statements can be sent to customers requesting them to confirm the transactions and forwarding the same to auditors. Goods lying with outside parties (for example components and parts sent outside for job work by a manufacturing organisation) should be reconciled at least once a year.
9 – Periodical MIS (management information system): MIS system should be set up which may include monthly financial data with costs and budgeting analysis. Variances (from the budgets and costing systems) should be investigated. In high value and sensitive cases, the reporting can be done very frequently – as frequently as every hour. In the example of UBS bank cited above (point 3), if the trader was required to declare his ‘position’ every hour, perhaps the bank would not have lost so much.
The above is not an exhaustive list but just an illustration of how proper designing of systems and procedures in the accounting function can help to achieve prevention of fraud and loss of resources by a business.
Bharat Shah (B.Com; A.C.A.; M.B.A.) has over 15 years of industrial experience at senior level and teaches at Learning Academy. He has taught ACCA / AAT subjects at FE and private colleges. The views expressed herein are the personal views of the author and not necessarily of the organisation.