Accountants and auditors talk a lot about internal controls. We’re BIG fans of internal controls! We want YOU to keep YOUR accounting information and hard-earned assets safe. Internal controls over your accounting are necessary to prevent fraud, deter theft, improve financial reporting accuracy and efficiency, and keep your organization out of the headlines. J. Edgar Hoover – “At a given moment, there is a certain percentage of the population that’s up to no good.” Hey, I don’t like it either, but he was right. Statistics about fraud in the workplace support that.
Most talk about internal controls is about policies and procedures. Who gets to do this and who gets to sign that. And that does seem pretty boring… honestly. I’ve noticed some common internal controls weaknesses over the years. Here are my top three practical solutions to common internal controls weaknesses.
1. Accountant’s work space – Private or public?
When you have an office that has open work space, or cubicle, or just plain crowded, accountants can’t maintain internal controls over private financial information. Let’s say you’re in the middle of making bank deposits and you’re called to a meeting. How do you secure those deposits? Or you’re running payroll and all the payroll information is up on your screen, for people to see as they walk by. Tempting! Accounting should be done in private offices that lock and have desks located that others cannot access their computers.
2. Hello my name is “Admin”.
Oh sure, my Username is admin. And my password is password. For my computer. For my accounting software. Help yourself! Most of us have a long list of usernames and passwords. We can’t even use our smart phone without a password. But I often find clients that access their QuickBooks with Username “admin”. And sometimes more than one person logs in as “admin”. Auditors and IT staff alike are begging you to use a proper secure username and password that you don’t share with others. See here for the list of TOP and passwords. If you see yours on this list, don’t use it!
3. The Payroll Library.
What really? All that payroll information is up on a bookshelf for anyone to read? How lovely! I’ve seen this a LOT. Beautifully labeled payroll binders on a bookcase. I too love a pretty binder, but we can‘t leave that information out for any employee, volunteer, or visitor to access. As an employer, you could be liable for not safe-keeping employee information. Or someone could access the payroll information to commit various types of payroll fraud. Think about the information you’ll find in payroll; employee names, addresses, social security number, pay rates, garnishments, and bank account info for direct deposit. Perfect for Identity Theft! Let’s lock this stuff up, okay? Locking file drawers or cabinet should do the trick. Hopefully, you think I’m making this up. But truth is stranger than fiction. Look at your accounting system to see what practical steps can be taken to improve your internal controls. You might have to think like someone who is “up to no good.”
Carol Stachwick offers accounting, consulting, and productivity services to private and nonprofit organizations. You can learn more about how she can help get your books in order and make your life easier.