In this day and age, it is mandatory that organizations have effective internal control policies and procedures. After taking Accounting 201 and being in the work force, I've learned about the Sarbanes-Oxley Act which was passed in 2002. This piece of federal legislation requires that management and auditors adhere to or perform specific tasks in order for organizations to maintain their internal control responsibilities. This legislation was a result of the Enron Corporation and Arthur Anderson accounting firm to close down and go out of business due to weak internal controls. These "scandals" were highly publicized.
The basics of internal controls are to protect the company's assets; ensure reliable accounting; promote efficient operations; and establish adherence to company policies. This is accomplished by an organization establishing principles of internal controls. Essentially, these principles appear to be practical to most individuals, however it is necessary to have policies and procedures in writing so that all employees are aware of these procedures, particularly those who handle cash, checks and credit card payments. When this law went into effect, the first piece of information requested by the independent auditors that year was to provide the documentation of the Internal Controls.
There are several principles for internal controls as stated in Financial Accounting Fundamentals, 2009 Edition by John J. Wild:
1) establish responsibilities and create specific policies and procedures;
2) maintain adequate records;
3) insure assets, bond key employees and separate recordkeeping from custody of assets;
4) divide responsibility for related transactions;
5) apply technological controls;
6) perform regular and independent reviews. A summary of each of the principles is provided below.
1) Establish responsibilities and create specific policies and procedures - It is important to establish clear responsibilities and duties to individual employees, in particular those that work in a finance departments. For example, the person that handles petty cash should not be the one writing the check to replenish the funds. Another example is the person placing an order for material, supplies; office equipment should not be the one approving the purchase order. Proper authorization for the above transactions is necessary. So there is clear separation of duties throughout the various areas in a finance department.
2) Maintain adequate records - It is necessary for organizations to maintain proper documentation. This is to provide evidence that financial statements are accurate. To insure the records are adequate, the use of prenumbered, consecutive documents is adequate.
3) Insure assets, bond key employees and separate recordkeeping from custody of assets - Assets are anything of value a company owns including cash. To insure physical assets, the individual responsible for asset recordkeeping should not be the individual that is responsible for the physical control of that asset. Having different individuals separate these functions creates a system of checks and balances, also known as segregation of duties. The bonding of key employees is accomplished by purchasing insurance on that employee and will cover the organization if a loss were to occur.
4) Divide responsibility for related translations - This is also known as segregation of duties. This item requires that different individuals are assigned responsibility for different parts of related transactions, in particular those involving authorization, custody or recordkeeping. For example the individual approving a purchase order should not be the individual cutting the physical check.
5) Apply technological controls - Technology is a valuable tool for internal controls. Many computer systems are designed for individuals to have specific privileges which are necessary to complete their own job tasks. For example, the employee enter a purchase order into the computer software will not have menu access to prepare a check to the vendor. Another part of technology controls would be mechanical controls, where an employee will need an ID card or will have specific privileges to enter a building or certain parts of a building.
6) Perform regular and independent reviews - This can be accomplished when a manager will evaluate an employee based on performance. It is carried out by the manager who did not do the work being checked. This will help insure the reliability of accounting information and the efficiency of the operations. For example, the supervisor verifies the accuracy of a retail clerk's cash drawer at the end of their shift. This may be reviewed by an internal auditor to be sure the manager is doing his/her job as well.
Finally, there are some limitations on internal controls. Effective internal controls can provide reasonable assurance that the objectives of the organization are met. Reasonable assurance implies that the costs of internal controls must not exceed their benefits.
The basics of internal controls are to protect the company's assets; ensure reliable accounting; promote efficient operations; and establish adherence to company policies. This is accomplished by an organization establishing principles of internal controls. Essentially, these principles appear to be practical to most individuals, however it is necessary to have policies and procedures in writing so that all employees are aware of these procedures, particularly those who handle cash, checks and credit card payments. When this law went into effect, the first piece of information requested by the independent auditors that year was to provide the documentation of the Internal Controls.
There are several principles for internal controls as stated in Financial Accounting Fundamentals, 2009 Edition by John J. Wild:
1) establish responsibilities and create specific policies and procedures;
2) maintain adequate records;
3) insure assets, bond key employees and separate recordkeeping from custody of assets;
4) divide responsibility for related transactions;
5) apply technological controls;
6) perform regular and independent reviews. A summary of each of the principles is provided below.
1) Establish responsibilities and create specific policies and procedures - It is important to establish clear responsibilities and duties to individual employees, in particular those that work in a finance departments. For example, the person that handles petty cash should not be the one writing the check to replenish the funds. Another example is the person placing an order for material, supplies; office equipment should not be the one approving the purchase order. Proper authorization for the above transactions is necessary. So there is clear separation of duties throughout the various areas in a finance department.
2) Maintain adequate records - It is necessary for organizations to maintain proper documentation. This is to provide evidence that financial statements are accurate. To insure the records are adequate, the use of prenumbered, consecutive documents is adequate.
3) Insure assets, bond key employees and separate recordkeeping from custody of assets - Assets are anything of value a company owns including cash. To insure physical assets, the individual responsible for asset recordkeeping should not be the individual that is responsible for the physical control of that asset. Having different individuals separate these functions creates a system of checks and balances, also known as segregation of duties. The bonding of key employees is accomplished by purchasing insurance on that employee and will cover the organization if a loss were to occur.
4) Divide responsibility for related translations - This is also known as segregation of duties. This item requires that different individuals are assigned responsibility for different parts of related transactions, in particular those involving authorization, custody or recordkeeping. For example the individual approving a purchase order should not be the individual cutting the physical check.
5) Apply technological controls - Technology is a valuable tool for internal controls. Many computer systems are designed for individuals to have specific privileges which are necessary to complete their own job tasks. For example, the employee enter a purchase order into the computer software will not have menu access to prepare a check to the vendor. Another part of technology controls would be mechanical controls, where an employee will need an ID card or will have specific privileges to enter a building or certain parts of a building.
6) Perform regular and independent reviews - This can be accomplished when a manager will evaluate an employee based on performance. It is carried out by the manager who did not do the work being checked. This will help insure the reliability of accounting information and the efficiency of the operations. For example, the supervisor verifies the accuracy of a retail clerk's cash drawer at the end of their shift. This may be reviewed by an internal auditor to be sure the manager is doing his/her job as well.
Finally, there are some limitations on internal controls. Effective internal controls can provide reasonable assurance that the objectives of the organization are met. Reasonable assurance implies that the costs of internal controls must not exceed their benefits.
No comments:
Post a Comment