Every organization has three or more critical business cycles in which money or other assets change hands (in whatever form of value it takes). Typical business cycles are as follows:
- Revenue Cycle - Sales/accounts receivable/cash receipts
- Purchasing Cycle - Purchases/accounts payable/cash disbursements
- Payroll Cycle – Hire to pay
- Inventory Cycle – Purchase to shipping
- Capital Expenditure Cycle – Investments in capital assets
Every business cycle requires segregation of duties between those that initiate, approve, record and report the transactions. Internal controls must be in place to increase the chances of preventing and/or detecting fraud, errors or other irregularities in the transaction process.
Internal Control Isn't Just For the Accounting Department
Internal controls span many aspects of an entity's operations and involve many individuals outside the accounting department, for example:
- The entity's hiring, training and promotion policies are an important element of the control environment, helping to ensure that qualified personnel perform key procedures. Operations personnel may observe non-financial inaccuracies in the information they use to run the business. The reporting of these inaccuracies is critical if management is to effectively monitor the performance of internal controls.
- Sales personnel may negotiate special terms with certain customers, and these terms must be communicated to others within the organization so that the sale can be authorized and properly accounted for.
Components of a Good Internal Control System
Any organization that seeks to produce reliable financial reports, maximize profits and minimize risk from either errors or irregularities requires a reliable system of internal controls. The following are critical components of an internal control system:
First, identify your organization’s major transaction cycles and then ask “what can go wrong”?
Good internal control begins with management's assessment of the risk facing the entity. With regard to preparing reliable financial reporting, management should have a working knowledge of risks in the capture, processing and reporting of all financial information.
Implement controls to manage risk
Internal control activities are designed to address the specific risks that management has identified. For example, if the business owner is concerned about fraudulent cash disbursements, then control procedures should be designed and implemented to specifically address this risk.
Monitor internal control performance
Management should supervise the performance of the control activities it puts in place and take both timely and appropriate corrective action if control weaknesses are identified.
Information must be effectively shared throughout the organization. Policies, procedures, feedback and a clear understanding of each person's responsibilities must be clearly communicated.
Jerry Murray, CPA – Assurance Practice Principal for Goldin Peiser & Peiser, L.L.P.
If you have any questions, need additional information or require assistance in establishing and documenting your system of internal control, please do not hesitate to contact us.
Note: This content is accurate as of the date published above and is subject to change. Please seek professional advice before acting on any matter contained in this article.