Are Your Internal Controls Up to Par?
Internal controls are extremely important in reducing the risk of fraud. Fraud is more likely to exist when any of the three components of the fraud triangle are present. These components are: incentive, rationalization, and opportunity. Incentive exists when an employee involved in the financial reporting process has a pressure or motive to commit fraud, such as a personal financial problem. Rationalization occurs when the employee is convinced that their action is acceptable by telling themselves they will pay the money back or that they don’t get paid enough. The last piece, opportunity, comes through weak internal controls in the company that allow the fraud to actually happen without being detected. Internal control procedures help to break the fraud triangle by diminishing the “opportunity” point in this triangle. Without closing the loop by implementing strong internal controls, there will always be the possibility of an honest person potentially executing fraudulent behavior such as “borrowing” from the company.
In addition to prevention of fraud, strong internal controls are essential to effective management since management takes the overall responsibility for the design, implementation and monitoring of the internal controls over financial reporting and compliance. Those charged with governance should ensure that adequate controls exist over all aspects of your business. So, what goes into strong internal controls?
Control activities are policies and procedures that are designed to allay risk in financial reporting and compliance. The following are the different types of control activities:
- Segregation of duties – Appointing responsibility for different parts of a process to different people, so that no one person controls the entire process can help to prevent errors. Possible examples include segregating the functions of acquisition and sales, valuation, hedging, and accounting.
- Preventative and Detective controls – Preventative controls are intended to prevent occurrence of activities that are not consistent with control objectives. For example, separating approval and payment functions or limiting access to IT systems. Detective controls are designed to identify errors or unauthorized activities after they have already occurred so that corrections can be made in a timely manner. For example, reconciliations of cash, as well as, monitoring performance by comparing operating results to budgets.
- Entity-level and Process-level controls – Entity-level controls are designed to provide assurance that objectives related to the company as a whole are met, for example, audit committee oversight of financial reporting or CFO review of budget to actual expenses. Process-level controls (transaction or application level) pertain to a single activity, for example, matching delivery receipts to vendor invoices before payment is authorized.
It is important to not only have strong internal controls, but documentation of control procedures and evidence of how they are taking place in your business. Demand for solid internal controls and transparency by regulators has never been stronger. We have seen agencies such as Fannie Mae and Freddie Mac honing in on implementation and documentation of internal controls in financial reporting and compliance.
Consider the following – review and evaluate your current internal controls and documentation of those controls and assess whether they are up to par. At WithumSmith+Brown, we are experts in assessing existing internal controls and/or recommending and consulting on implementation of best practices. We would be pleased to discuss this with you how other current developments in accounting and financial reporting would affect your business.
NEED MORE INFORMATION?
If you have any questions, please contact your local WithumSmith+Brown advisor or a member of WS+B’s Mortgage Banking Services Team.
Kirk Holderbaum, CPA, Partner
Team Leader, Mortgage Banking Services Team
973.898.9494
[email protected]
Learn More About our Financial Services>>
The information contained herein is not necessarily all inclusive, does not constitute legal or any other advice, and should not be relied upon without first consulting with appropriate qualified professionals for your individual facts and circumstances.
How Can We Help?