Let’s be honest, mapping out and setting up internal controls within your organization is not the most exciting, or easy task to tackle on your forever growing to do list.
If you are fortunate enough to have a sizable accounting department, it is easier to establish a chain of command, separate duties, and limit access among specific employees. However for smaller businesses that work with fewer staff, it can be very difficult to establish controls if only one or two people are managing all of the company’s finances.
Why You need Internal Controls
Internal controls can help reduce the risk of fraud, make it easier to train and manage staff, and help your company run efficiently by having solid processes and control activities in place.
Control activities are the policies and procedures that ensure management directives are carried out. They usually involve two elements:
- A policy that prescribes what should be done
- The procedure to implement the policy
If you are currently using QuickBooks® as your bookkeeping and financial processing system, and you do have the in-house means and the wherewithal to establish internal controls, then you should take full advantage of its many built in tools.
If you want to establish strong financial controls, implement these control activities and apply tools from within the QuickBooks system.
Revise Policies and Procedures
You shouldn't build a business on “tribal knowledge.” A well run company will handle transactions consistently both across employees and over time. You need your company’s policies and procedures in writing because, without documentation, it’s difficult to train new employees on how transactions should be initiated, approved and recorded.
Subpar employee training results in high error rates, incorrect financial statements, and a need for increased supervision. Procedure manuals are a great value-added service both for new hire training and future employee reference.
Keep track of who does what in your accounting system
The most critical concept in electronic data security is to restrict access to your company’s sensitive data through the effective use of usernames and passwords.
In order to keep track of who does what in your accounting system, be sure to:
- Assign each user a unique, private username and password known only to him or her.
- Set up separate accounts for “owner”, “office manager” and CPA.
- Don’t let employees log in and enter transctions as “administrator.”
Apply Quickbooks Tools to prevent Fraud
The most fundamental way to reduce the risk of fraud is to set up internal controls. One key best practice, however, is never build a system of internal controls based on trust. Don't let relationships with your staff affect best practice
implementation. This has nothing to do with trust, it's common sense. Here are a few common types of fraud and how you can implement controls in QuickBooks to prevent them.
Check tampering is an easy way to make fraudulent transactions, especially if only a handful of employees are in charge of the books. Typically, when an employee tampers with a check, he or she cuts a check that is payable to himself/herself, signs the check and cashes it, but then changes the payee field in the books. This process can be simplified even further if using electronic checks as the employee can easily change the payee field on the electronic check versus having to manually adjust the payee on a copy of a physical check.
QuickBooks Control: There are two very strong options to prevent check tampering in QuickBooks. The first is to utilize SmartVault™, an app that can be installed in QuickBooks, which allows you to scan and attach documents such as invoices, checks, or money orders to each QuickBooks transaction. This way you can accurately validate payment. The second option is to run an Audit Trail Report which works by scanning for a changed payee entry. You can filter the report by transaction type to see who made modifications to a payee and when.
Skimming can occur when an employee takes funds that were received as a payment from a customer and puts the money in their own pocket. The employee then masks the theft by creating a bad debit or credit memo and adjusts the customer’s account receivable balance. This is especially easy to do for retail establishments or businesses that accept cash payments.
QuickBooks Control: Some editions, such as QuickBooks Enterprise Solutions allow you to lock down QuickBooks at the screen level. This allows you to limit users by screen or by bank account. You can select what screens a specific user is allowed to view as well as what privileges they have, including viewing transactions or printing, editing, deleting, or modifying. This tool is especially handy when separating duties among employees by restricting employees who work on billing from those with the authority to delete invoices or create credit memos – which is an easy way for an employee who is running billing to hide a theft.
While internal controls do require some human interaction, including reviewing reports and manual reconciliation, these controls are an additional step of security you can take to help prevent business fraud from affecting your organization.
Making Changes to Prior Periods
Companies that offer products in addition to (or instead of) services often deal with employee theft of inventory. The easiest way for an employee to get away with stealing your inventory is to adjust the QuickBooks inventory to match the physical one.
While this can easily be caught on a financial statement, the fraudulent but savvy employee simply writes off the adjustment on a prior financial period. They do this knowing that the previous period most likely will not be reviewed because a tax return for the prior period was already completed.
QuickBooks Control: QuickBooks allows you to “close a prior period” which restricts users from changing past periods. Available under Preferences, you can create a separate “closing” password that only one or two individuals have knowledge of, such as the business owner and their CPA.
By enabling “close a prior period” in QuickBooks, it restricts users from editing a transaction from a past financial period unless they have the special closing password.
Payroll fraud is one of the costliest forms of business fraud, and even worse, it can take a very long time to realize it is happening.
On average, it took businesses 24 months to realize they were a victim of payroll fraud, according to the most recent ACFE Report to the Nations on Occupational Fraud and Abuse. That’s an average of two years in which an employee siphoned money away from a company!
The way an employee commits payroll fraud is by editing the withholdings amount to an amount that is higher than what was actually withheld. The company pays the difference via a payroll tax, and the employee is able to claim a higher tax refund. Simplified – if an employee is paid bi-weekly and he or she adds $500 to withholding taxes per period, it could amount to an additional $10,000 in that employee’s pocket.
The longer it takes for the fraud to be discovered, the more financial periods have passed, which means more potential money in the employee’s hands.
QuickBooks Control: Once again, user rights can be restricted in some versions of QuickBooks, including QuickBooks Enterprise Solutions, which allows only certain employees to edit payroll transactions. Conversely, utilizing an outsourced payroll provider eliminates this risk as the payroll provider has to confirm with upper management for any changes made to the payroll.
Implementing internal controls takes some time, but if you are using QuickBooks, you can simplify the process by taking advantage of its many tools and permission restrictions. Leveraging the built-in controls within QuickBooks provides you with additional protection against business fraud, without requiring you to build them from scratch.
Outsourcing your bookkeeping and reconciliation processes is a great way to implement strong controls within the business without growing your payroll. Learn When and Why You Should Outsource Your Accounting and Bookkeeping.