When your employees' remote working increased, did your internal controls decrease?
It is understandable that when there was a rush to move staff to remote working, the focus wasn’t on maintaining internal controls. It was expected to be a short-term solution to the raging pandemic.
Now remote working is more mainstream than most expected. Your staff is happy working remotely, and it looks like a new normal has been established. But have you spent the time to dust off your internal control procedures and see what needs to be modified? Now's the time.
(Download Video Transcript)
Internal Control Weaknesses: Just the Facts
Here are some facts from the Association of Certified Fraud Examiners Report to the Nations – 2020 Global Study on Occupational Fraud and Abuse:
Segregation of Duties Matters
Start by looking at your segregation of duties. If you have one person doing all your financial transactions from beginning to end, you don’t have enough internal controls. Three areas define responsibilities as it relates to financial reporting:
- Authorization or approval process
- Recording the transactions
- Reconciling the activity
Cloud financial reporting applications and remote working have increased the opportunities to enhance your controls and approval processes.
Here are Five Ways to Implement Adequate Controls and Segregation of Duties:
- Establish electronic payments where possible. Processing electronically reduces the cost of postage and reduces paper documents that need to be securely handled. ACH (Automated Clearing House) processing provides an easy tracking trail to follow and verify.
- Move to electronic approvals. When everyone was in the office, it was common to route documents for acceptance. By establishing electronic permissions, there are fewer delays, making processes faster and easier to track.
- Use electronic signatures. E-signatures have become mainstream and provide short turnaround times and enhanced security. There are no longer paper documents to safeguard, and everything can be stored electronically, reducing the risk of tampering.
- Protect your data and access control. Data can be compromised by cybercriminals or human error. Use encryption and authentication combined with restricted access to safeguard your data. Review your authorized employees to ensure they require access to specific data. Establish authentication processes and create audit logs that can be reviewed in case of suspicious transactions.
- Establish control processes for accounts payables. Here are a few easy ways to implement controls for payments:
- Establish an amount for invoices that a manager must approve (over $50, for example)
- Lock up blank checks – don’t leave them sitting out in open view
- Create 3-point-match requirements to match invoices, purchase orders, and the receiving documents
- Require dual verification when new customers are set up
Is Outsourced Accounting the Answer?
If you have a small office staff, you are probably thinking, how am I going to establish controls when I only have one or two employees in my back office?
Outsourcing some or all of your accounting functions will bring a specific set of internal controls. The accounting service provider will have the processes to ensure you and your employees are protected.
Even if you think fraud will never be an issue with your employees, you are responsible for protecting them. That starts by ensuring they have checks and balances along the way.
(Download Video Transcript)
Whether the decision is now or in the future, consider how outsourcing might be a missed opportunity for your company.
© 2022 SVA Certified Public Accountants