Accounting is a core function in every business. Organizations need accountants to track revenue and expenses, evaluate financial performance, create budgets and financial projections, and maintain compliance. Skilled accountants provide up-to-date financial information to support decision-making.
Unfortunately, the word “accounting” is often followed by the word “scandal,” especially given examples such as Enron, WorldCom, Tyco, Hertz, Lehman Brothers, and Bernie Madoff.
Most of these scandals involved accounting fraud where one or more perpetrators:
- Created fraudulent financial documents;
- Inflated earnings;
- Hid bad debt or expenses;
- Manipulated payroll;
- Misreported tax liabilities;
- Filed false insurance claims or banking applications.
The perpetrators were able to commit fraud because the victim organization lacked strong internal accounting controls. Without robust internal controls in place, the wrongdoers can manipulate documents and data, misrepresent the company’s performance, and commit outright fraud.
According to the International Federation of Accountants (IFAC), the COVID-19 pandemic has heightened the risk of fraud and improper financial reporting because of the shift to remote working; when employees are separate from the main office, internal controls can be easier to bypass. And in desperate times such as a pandemic, people may be pressured to manipulate financial statements and disclosures.
No organization is immune to such scandals. That said, the risks for banks, private companies, and public corporations can be mitigated with robust accounting control activities.
What Are Accounting Controls?
Following several multibillion-dollar accounting scandals in the early 2000s, U.S. lawmakers enacted the Sarbanes-Oxley Act (SOX). SOX and its various sections are intended to protect investors by requiring organizations to maintain accurate and reliable corporate financial statements.
Section 404 of the law mandates that publicly traded companies establish several types of internal accounting controls. It also holds executives personally responsible for assuring the effectiveness of these controls.
Internal accounting controls are the various methods, mechanisms, and procedures that firms use to ensure the validity and accuracy of their financial statements. These internal controls are implemented, maintained, and monitored by the company’s senior management and the board.
Companies can have different internal accounting controls depending on their unique operations, but all internal controls can be grouped into three fundamental categories: detective, preventive and corrective.
Detective Internal Accounting Controls
Detective controls highlight problems or errors within the accounting process. They allow organizations to catch mistakes in financial disclosures and reporting, correct the problems, and avoid the legal, regulatory, or reputational harm of those errors. Common detective controls include:
- Inventory counts and checks;
- Internal and external audits;
- Surprise cash counts;
Preventive Internal Accounting Controls
As the name implies, preventive accounting controls seek to prevent accounting errors and irregularities from occurring in the first place. They help to improve clerical accuracy, prevent employee fraud, and prevent accounting issues that may affect the organization’s operations.
Common preventive controls include:
- Segregation of duties;
- Controlled access to the accounting and financial reporting system;
- Double-entry accounting;
- Limiting management involvement in financial statement preparation;
- Expense verification;
- Limiting physical access to cash, equipment, inventory, and other assets.
Thorough documentation and authorization rules (such as invoices) also qualify as preventive controls.
Corrective Internal Accounting Controls
Corrective internal controls kick in when detective controls find an issue in the accounting process. They are meant to correct errors and prevent them from causing further problems.
Common corrective controls include:
- Physical audits of assets and inventory;
- Adjustments or rectification entries in the accounting system;
- Ledger verification.
Why Are Internal Controls Important in Accounting?
As stated by Deloitte, “While relief may be available in reporting timelines, management remains accountable for providing investors, regulators, and other stakeholders with relevant and timely information about operational and financial performance. Consequently, internal controls are critical to instilling confidence in reliable financial reporting and disclosures.”
In other words, internal controls are necessary because otherwise nobody knows whether the numbers are right.
More formally, a robust internal control structure is critical because such controls help to:
- Provide reasonable assurance about the reliability and accuracy of financial information;
- Identify and rectify any discrepancies or errors in financial statements;
- Promote greater transparency and accountability in the reporting process;
- Prevent fraud;
- Facilitate internal and external audits.
Internal controls assure the reliability of financial reporting processes and help with the creation of reliable financial reports and disclosures. They help the company operate ethically and in full compliance with various laws and regulations.
A solid internal control system drives consistency, which consequently boosts operational efficiency and allows management to monitor the firm’s performance systematically and confirm that it achieves its goals and objectives.
5 Important Internal Accounting Controls
The five most common internal accounting controls are fundamental to drive consistency and integrity.
Segregation of Duties
Segregation (or separation) of duties assures that no single person in the accounting function has enough information or authority to introduce errors into financial transactions or perpetrate fraud.
Several duties can be segregated, such as:
- Authorization to record and approve financial transactions;
- Handling cash receipts and deposits;
- Performing reconciliations;
- Preparing financial statements;
- Writing and signing checks;
- Approving invoices;
- Reconciling various bank accounts.
If complete segregation isn’t possible, the organization should periodically rotate duties among various individuals in the accounting department. This practice drives checks and balances to assure that one individual isn’t able to operate autonomously for too long.
An accounts payable risk and control matrix also helps to assess and minimize any risks arising from faulty accounting data. In addition, online payment services can provide increased account control over the payment process.
Restricted Access to Financial Systems
It’s vital to restrict access to accounting systems to reduce the risk of employees or managers manipulating information and perpetrating fraud.
Another authorized person should also regularly review any transaction changes in the system to uncover any irregular activity that may either point to an inadvertent error or outright fraud.
Periodically Reconcile Accounts, Transactions, and Business Activities
Periodic reconciliations are an effective internal control since they can confirm that all account balances in the company’s accounting system match with the balances in independent accounts, including:
- Credit customers;
- Suppliers and vendors;
A trusted and authorized person should review all bank statements, check logs, and payment registers. That person should also review canceled checks (processed and cleared by the bank) to assure that all vendors, endorsements, reimbursements, and expenditures are recognized and legitimate.
All routine banking activities should be carefully reviewed, such as cash deposits, cleared checks, and wired funds. Any differences during reconciliations will highlight errors and fraud.
Use Double-Entry Accounting
A double-entry accounting system:
- Protects the organization against costly accounting errors;
- Helps to track assets, liabilities, and equity accurately;
- Creates a more complete, reliable, and accurate picture of funds.
It also assures that the company’s books are always balanced so that any discrepancies, whether accidental or deliberate, can be discovered early.
Document Standardization and Approval Authorizations
Standardizing accounting documents, such as inventory receipts, purchase orders, vendor invoices, travel expense forms, and so forth can bring greater consistency into the system of accounting records and reporting. It can also reveal any non-standard elements and errors in the documents, which may point to fraudulent actions.
Further, audits are more streamlined when document formats are standardized, since the auditor can easily review and compare past financial records.
Authorizations are another essential control that can point to errors or possible fraud. Authorized employees should approve specific transactions to increase accountability and traceability in the accounting process. Further, the board of directors should oversee some aspects of the accounting system, particularly:
- Actuals versus budgeted revenues and expenses;
- Check register;
- General ledger;
- Major expenditures;
- Financial and audit procedures and policies.
Other Internal Accounting Controls
Organizations can also implement other internal accounting controls, such as:
- Periodic review of payroll, hours, and “ghost employees;”
- Third-party audits;
- Policies for cash disbursements, expense and travel reimbursements, petty cash access, check voiding, purchasing guidelines, and the like;
- Mandatory vacations for accounting and bookkeeping staff members;
- Peer reviews and approvals of invoices;
- Regular financial data backups to the cloud.
Protect Your Accounting Systems with ZenGRC
Despite strong anti-fraud legislation, accounting fraud still happens. You can mitigate this risk with ZenGRC to get better visibility into your risk environment.
ZenGRC is a single source of truth that assures your organization is always compliant and audit-ready. Policies and procedures are revision-controlled and easy to find in the document repository. Workflow management features offer easy tracking, automated reminders, and audit trails. Insightful reporting and dashboards give visibility to gaps and high-risk areas.
ZenGRC offers a preloaded content library, benchmark reports, and built-in integrations to streamline your risk management program. Identify relevant risks, improve risk assessments, and get complete views of control environments.
Schedule a demo to see how ZenGRC can help your organization manage and improve internal controls.