Many organizations have heard the term “segregation of duties” when talking about internal controls and ways to prevent fraud. Segregation of duties is the idea that no one person should have access to both physical assets and the related accounting records or to all phases of a transaction. The idea is simple, split up the duties so you have multiple people involved and one person is not solely responsible. However, what happens when an organization only has one or two employees? How do you implement good internal controls to ensure that fraud or errors do not occur? Below are our top five ideas that small organizations can implement to help improve internal controls when segregation of duties appear impossible.
- Have a board member receive or review bank statements monthly. This can be read only electronic access or hard copy statements, but the board member should be receiving original unopened copies. The unopened or electronic copies eliminates the ability to manipulate the statements and ensures the board member is examining a true representation of the bank activity. The board member should also review monthly bank reconciliations, which should be performed by an employee. When reviewing the statements and reconciliations, the board member should look for checks being issued out of order and view check images for unusual activity, including unapproved vendors and checks that are not properly signed.
- Check writing authority should be limited. Dual signatures should be required on all checks over a set amount. Someone other than the individual keeping the accounting records should sign the checks. This may have to be a board member in small organizations. The check signer should also review supporting documentation such as invoices, for all checks prior to signing. The invoices should be marked paid once the check is issued.
- Mail should be received by an administrative employee and not someone working in accounting. All checks received should be logged and stamped for deposit only by the administrative employee prior to going to accounting for recording. All deposits should be made daily and kept in a locked location prior to going to the bank.
- If credit cards are used there should be policies in place to ensure they are used responsibly. Policies should cover limitations on card users, amount, and transactions per month. The Organization should also have each employee using credit cards sign a statement agreeing to the policies of the Organization. In addition, receipts should be provided for all credit card purchases and an employee or board member, other than the individual that used the card, should review, and approve this activity.
- Finally, the board should review financial results monthly, including budget to actual results. The board should have someone with financial acumen that is willing to ask questions about the financial results and look for things that do not make sense. Find someone to join the board that is willing to ask questions and has the knowledge to know if something doesn’t add up.
These are just our top five ideas for small organizations; however, there are many other things that organizations can do to help prevent fraud or errors from occurring. If you would like help in this area, please contact one of our audit team members.