Key Questions to Ask About Your Audit Controls
You passed your last financial audit with high marks. Your internal accounting controls more than satisfy the auditors’ requirements and you have nothing to worry about, right? Maybe!
With businesses “doing more with less”, the accounting staff is required to take on more responsibilities. This reduction in staff does not accommodate the traditional separation of duties recommended for audit controls.
When we talk with prospects and customers, we find:
- AP Clerks are entering and posting transactions, and printing checks. How do you know some of those checks are not going to friends and family?
- General ledger trial balances are downloaded to Excel to create financial statements instead of direct printing from the accounting system. What balances are changed for external reporting that do not match up to the general ledger?
- Bank reconciliations are completed offline. Are you sure that every bank transaction has been recorded in the accounting system?
When we recommend to our clients a greater separation of duties, the response is that they don’t have the staff and the auditors approved the internal controls. After all, SAS300 states that “There is always some control risk because of the inherent limitations of any accounting and internal control systems.”
So how do you protect against fraud and accounting irregularities without hiring more staff and incurring large consulting expenditures? Here are examples of some things you can do to protect your company or organization.
· Review user security in your accounting system. Are the users allowed to remove history? Do members of the accounting department know the system administrator password that gives them access to every function in the system? Change the system password and restrict their rights only to their specific duties.
· Use an auditing tool that tracks changes to records. Most quality Enterprise Resource Planning (ERP) systems sell an inexpensive module that will track “before” and “after” changes. When a vendor address changes, the information can be tracked and reviewed at any time. Track changes to vendor EFT bank account information.
· Insist that all accounting functions operate in the accounting system. Use the bank reconciliation tool to reconcile to the bank, use the financial statement generator to print financial statements directly from the general ledger, track fixed assets within the ERP system and not in Excel.
· Assign bank reconciliation duties to someone who is not handling cash or printing checks. In a small accounting department, one of the best ways to prevent against fraud is to review the bank statement.
· Assign posting (update of the accounting records) to a different staff person. Reviewing the results of a computer check run or cash receipts batch can be completed in a matter of minutes by a separate staff person. And correcting the general ledger accounts prior to posting saves time when completing the month end reconciliation.
These are just a few examples of ways to maintain the integrity of your financial systems. And as auditors become more accounting system savvy, you continue to meet and, hopefully, exceed expectations.
For more information on how you can implement further accounting controls, please call us at 207.761.2133 or email firstname.lastname@example.org.