With internal controls, ignorance dangerous

The English poet Thomas Gray wrote, “Where ignorance is bliss, ’tis folly to be wise.” Over the years, this quote has been abbreviated to the more simplistic “ignorance is bliss.”

Many times in our lives we believe that saying holds merit —the number of calories in that chocolate truffle you just ate or how much you owe on your income taxes, for instance. The one area this should never be true, however, is when you’re dealing with the internal controls of your business that represent security and peace of mind over your financial results and safeguarding of assets.

When you read a newspaper article that reports how a former employee stole significant amounts of money from a business, what’s the first thing that comes to mind? Many times if you look between the lines of the story, you’ll see the employee was able to steal the owner’s money because there was no segregation of duties. Segregation of duties is critical to effective internal control because it reduces the risk of mistakes and theft. Segregation of duties provides preventive and detective controls.

The four basic areas of duties are authorization, recording, custody of assets and monitoring. Authorization is the ability to authorize a purchase of equipment or payment on an invoice. Recording is the task of entering the transaction into the accounting records and performing periodic reconciliations. The custody of assets function is the person who physically can access cash or in most cases has access to the business’s check stock. Monitoring is the task of reviewing the records, reports and reconciliations associated with the business. No one person should have the ability to perform every duty within a transaction. If they can, there’s no segregation of duties. To put it another way, at least two sets of eyes are required for any transaction.

Usually in employee theft, the employee has access to two or more duties. In extreme cases, the employee may have access to all four duties. So what does this mean? Imagine if you took out cash from your bank account every day, placed it on the counter and went home for the night. When you returned in the morning would you be surprised if the cash was missing? Now imagine that you gave an employee access to all four duties of your accounting records. Would you be surprised if down the road that employee committed fraud and stole a significant amount of your money? This is where you want to be knowledgeable on the controls you have in place and any weaknesses that exist.

The great thing about entrepreneurs is they’re passionate about their products and services. They tend to be less passionate, though, about the accounting functions of their businesses. These business owners tend to hire a bookkeeper or accountant to come in and record the mundane transactions so they can focus on their operations. They place sole reliance on the employee for their expertise. Sometimes they give complete control of all duties to these employees with very little monitoring or oversight.

So what can a business owner do? The textbook answer would be to have one person responsible for each of the four duties. That’s not a reasonable or viable approach for a business owner to have an accounting staff that large, however. The cost of implementing a control should not outweigh the benefits.

Some practical suggestions a business owner could implement right away would be to first gain an understanding of the flow of transactions, such as cash receipts and disbursements. A simple understanding could give you insight as to any possible segregation of duties problems.

Next, ask that your bank statements come to you unopened and review the statements as soon as you open them. This will keep you in the know of activity on your accounts and create a monitoring function at the highest level.

The next thing to consider is to destroy any signature stamps. As a financial auditor and forensic accountant, I cringe every time I hear a client is using a signature stamp. Signature stamps require specific controls in and of themselves and the risk of abuse usually far outweighs any efficiencies gained.

Finally, consider investing in hiring an experienced certified public accountant to review your controls. CPAs have extensive training in internal controls and can offer advice to help mitigate any weaknesses.

While these suggestions are not inclusive, they hopefully will spark a discussion about further controls.

Proper segregation of duties, even in a small business, will help you implement preventive and detective internal controls that will help protect not only your business, but also your livelihood. Not knowing what controls you have in place is not a blissful occurrence — in fact, it can be downright dangerous.