Accounting is a core function in every business. Organizations need accounting teams to track revenue and expenses, evaluate financial performance, create budgets and financial projections, and maintain compliance. Skilled accountants provide up-to-date financial information to support decision-making.
Unfortunately, the word “accounting” is often followed by the word “scandal,” especially given examples such as Enron, WorldCom, Tyco, Hertz, Lehman Brothers, and Bernie Madoff. Most of these scandals involved accounting fraud where the perpetrators did one (or more) of the following:
- Created fraudulent financial documents
- Inflated earnings
- Hid bad debt or expenses
- Manipulated payroll
- Misreported liabilities
- Filed false insurance claims or banking applications
The perpetrators were able to commit fraud because the victim organization lacked strong internal accounting controls. Without robust internal controls in place, the wrongdoers can manipulate documents and data, misrepresent the company’s performance, and commit outright fraud.
Why Are Internal Controls Important?
Internal controls assure that you remain within federal and state compliance with regulatory requirements for handling sensitive data. Strong internal controls also improve your internal audits over time, helping to maintain IT security protocols, information systems, and other processes. Other benefits of internal controls include:
- Achieving business goals
- Mitigating risks and improving performance
- Reducing payments to external audit companies
- Exercising greater control of your organization’s finances
What Are Accounting Controls?
Internal accounting controls are the various methods, mechanisms, and procedures that firms use to assure the validity and accuracy of their financial statements. These internal controls are implemented, maintained, and monitored by the company’s senior management and the board.
Companies can have different internal accounting controls depending on their unique operations, but all internal controls can be grouped into three fundamental categories: detective, preventive, and corrective.
Detective Internal Accounting Controls
Detective controls are meant to identify mistakes or anomalies that have already happened within the accounting process, so that corporate accounting teams can then fix those mistakes. Common detective controls include:
- Inventory counts and checks
- Internal and external audits
- Surprise cash counts
Preventive Internal Accounting Controls
As the name implies, preventive accounting controls seek to prevent accounting errors and irregularities from occurring in the first place. They help to improve clerical accuracy, prevent employee fraud, and prevent accounting issues that may affect the organization’s operations.
Common preventive controls include:
- Segregation of duties
- Controlled access to the accounting and financial reporting system
- Double-entry accounting
- Limiting management involvement in financial statement preparation
- Expense verification
- Limiting physical access to cash, equipment, inventory, and other assets
Thorough documentation and authorization rules (such as invoices) also qualify as preventive controls.
Corrective controls kick in when detective controls find an issue in the accounting process; they are meant to correct errors and prevent them from causing further problems.
Common corrective controls include:
- Physical audits of assets and inventory
- Adjustments or rectification entries in the accounting system
- Ledger verification
- Employee disciplinary action
- Policy or procedure updates
Why Are Internal Controls Important in Accounting?
Internal controls are necessary because without them, nobody can be sure whether the organization’s financial numbers are right.
More formally, a robust internal control structure is critical because such controls help to:
- Provide reasonable assurance about the reliability and accuracy of financial information
- Identify and rectify any discrepancies or errors in financial statements
- Promote greater transparency and accountability in the reporting process
- Prevent fraud
- Facilitate internal and external audits
Internal controls assure the reliability of financial reporting processes and help with the creation of reliable financial reports and disclosures. They help the company operate ethically and in full compliance with various laws and regulations.
A solid internal control system drives consistency, which in turn boosts operational efficiency and allows management to monitor the firm’s performance and confirm that the business is achieving its goals and objectives.
5 Important Internal Accounting Controls
The five most common internal accounting controls are fundamental to drive consistency and integrity.
Segregation of Duties
Segregation of duties (sometimes called “separation of duties”) assures that no single person in the accounting function has enough information or authority to introduce errors into financial transactions or perpetrate fraud.
Several duties can be segregated, such as:
- Authorization to record and approve financial transactions
- Handling cash receipts and deposits
- Performing reconciliations
- Preparing financial statements
- Writing and signing checks
- Approving invoices
- Reconciling various bank accounts
If complete segregation isn’t possible, the organization should periodically rotate duties among various individuals in the accounting department. This practice drives checks and balances to assure that one individual isn’t able to operate autonomously for too long.
An accounts payable risk and control matrix also helps to assess and minimize any risks arising from faulty accounting data. In addition, online payment services can provide increased account control over the payment process.
Restricted Access to Financial Systems
It’s vital to restrict access to accounting systems to reduce the risk of employees or managers manipulating information and perpetrating fraud.
Authorized persons should also regularly review any transaction changes in the system, to uncover any irregular activity that may either point to an inadvertent error or outright fraud committed by others.
Periodically Reconcile Accounts, Transactions, and Business Activities
Periodic reconciliations can confirm that all account balances in the company’s accounting system match with the balances in independent accounts, including:
- Credit customers
- Suppliers and vendors
A trusted and authorized person should review all bank statements, check logs, and payment registers. That person should also review canceled checks (processed and cleared by the bank) to assure that all vendor payments, reimbursements, and expenditures are recognized and legitimate.
All routine banking activities should be carefully reviewed, such as cash deposits, cleared checks, and wired funds. Any differences during reconciliations will highlight errors and fraud.
Use Double-Entry Accounting
A double-entry accounting system is the foundation of modern accounting. It accomplishes important tasks, such as:
- Protects the organization against costly accounting errors
- Helps to track assets, liabilities, and equity accurately
- Creates a more complete, reliable, and accurate picture of funds
Double-entry also assures that the company’s books are always balanced so that any discrepancies, whether accidental or deliberate, can be discovered early.
Document Standardization and Approval Authorizations
Standardizing accounting documents, such as inventory receipts, purchase orders, vendor invoices, travel expense forms, and so forth, can bring greater consistency into the system of accounting records and reporting. It can also reveal any non-standard elements and errors in the documents, which may point to fraudulent actions.
Moreover, audits are more streamlined when document formats are standardized since the auditor can easily review and compare past financial records.
Authorizations are another essential control that can point to errors or possible fraud. Authorized employees should approve specific transactions to increase accountability and traceability in the accounting process. Further, the board of directors should oversee some aspects of the accounting system, particularly:
- Actual-versus-budgeted revenues and expenses
- Check register
- General ledger
- Major expenditures
- Financial and audit procedures and policies
Other Internal Accounting Controls
Organizations can also implement other internal accounting controls, such as:
- Periodic review of payroll, hours to smoke out “ghost employees”
- Third-party audits
- Policies for cash disbursements, expense and travel reimbursements, petty cash access, check voiding, purchasing guidelines, and the like
- Mandatory vacations for accounting and bookkeeping staff members
- Peer reviews and approvals of invoices
- Regular financial data backups to the cloud
Limitations of Internal Controls
Even the best efforts to protect your organization’s data come with limitations. Some limitations of internal controls come with preventable risks and some should simply be planned for. These limitations include:
- Human error. People are still necessary to run accounting systems, and people make mistakes. Strong training and oversight protocols can help reduce the risk of human error impacting your business.
- Breakdowns. Systems will sometimes fail. A well-designed training protocol for employees to handle breakdowns will reduce downtime and help your organization resume daily operations quickly and succinctly.
- Too many controls. Having too many internal controls in place can cause conflict, increasing the likelihood of miscommunications or other system breakdowns. Too many controls can occur because departments are siloed and did not collaborate on system management, or there was a misjudgement from a stakeholder on what controls would be needed.
Protect Your Accounting Systems with ZenGRC
Despite strong anti-fraud legislation, accounting fraud still happens. You can mitigate this risk with the ZenGRC to get better visibility into your risk environment.
ZenGRC is a single source of truth that assures your organization is always compliant and audit-ready. Policies and procedures are revision-controlled and easy to find in the document repository. Workflow management features offer easy tracking, automated reminders, and audit trails. Insightful reporting and dashboards give visibility to gaps and high-risk areas.
ZenGRC offers a preloaded content library, benchmark reports, and built-in integrations to streamline your risk management program. Identify relevant risks, improve risk assessments, and get complete views of control environments.
Schedule a demo to see how RiskOptics can help your organization manage and improve internal controls.