Accounting internal controls: avoid an unfortunate lesson

The city of Philadelphia, Penn., took a pasting in an internal audit of city finances, resulting in a public mess that should serve as a lesson about the importance of internal financial controls for every government, business, or non-profit organization.

Internal accounting controls are what separate organizations from embarrassment, financial ruin, or legal consequences; they protect employees; investors; contributors; and everyone with a financial interest in the organization.

Philadelphia’s problems resulted in $924 million in bookkeeping errors and “material weaknesses” that led to an inability to account for $33 million, according to the Philly Voice in a June 12 article headlined, "Philly has worst accounting practices of 10 largest U.S. cities." The accounting disaster is attributed in part to not enough accountants and inadequate technology. In short, an internal controls failure. 

Effective internal controls deter or find mismanagement, fraud, theft and other abuses and correct problems discovered either during normal business or through audits. They are essential in ensuring compliance with laws and regulations governing organizational finances.

The American Institute of Certified Public Accountants (AICPA) describes internal controls’ priorities as:

  • Policies and procedures that provide for appropriate segregation of duties to reduce the likelihood that deliberate fraud can occur
  • Personnel qualified to perform their assigned responsibilities
  • Sound practices to be followed by personnel in performing their duties and functions
  • A system that ensures proper authorization and recordation procedures for financial transactions

Describing internal controls is easier than putting them into effect. 

The Financial Accounting Standards Board’s GAAP (Generally Accepted Accounting Principles) is the accounting practices guide for U.S. companies. If internal controls aren’t consistent with GAAP requirements, the controls range from inadequate to useless to dangerous. For example, segregation of duties, mentioned above, is a principal internal controls component. Points that must be considered under duties segregation are asset possession, authorization for action regarding the asset, and record keeping concerning the asset.

For example, an employee who receives payment from a customer should never be responsible for preparing bank statements or making bank deposits. Neither should the same employee keep the records of such transactions. A minimum of two people should have these responsibilities divided between them because to commit fraud or theft they’re forced to collude, making criminal behavior more complicated and risky.

When internal controls are doing their job they they’re not only able to prevent or find errors or wrongdoing, but to correct the problem as well. To make sure everyone in the chain is sharp, it’s a good idea for management to randomly and periodically test their organizations internal controls systems and reconciliations. For small businesses particularly, developing strong internal controls can be a challenge given a potentially limited number of employees or restrictions on resources. There isn’t a one-size-fits-all method, but best practices exist which owners can implement to mitigate damage and meet each organization's needs, goals, and operations. 

Establishing strong internal controls isn’t quick or easy: it’s complicated. Governments, businesses and non-profits should seek out trained, experienced, and proven accounting professionals to develop a system or consult with the organization’s internal accounting staff. 

Take a lesson from Philadelphia: it’s better to be right on the front end than be pasted on the other end.

 I'd like more information on this topic.

This article originally appeared in the Knoxville News Sentinel.


Tagged Fraud, Internal Controls, Jimmy Rodefer, #JimmyTalk