Stop Testing Controls?
The thought may not be as far-fetched as you think. Having a system in place to check your internal controls is an excellent tool; however, it is equally, if not more important, to test circumvention of your controls. You have taken the time to assure internal controls are in place, documented and tested. You know they are designed and operating effectively, right?
Now it is time to take the next step by taking a “what can go wrong” approach.
- If you have a set threshold which requires approval, have you tested transactions slightly below the approval threshold to be sure several transactions do not add to more than the threshold? A $10,000 threshold is only effective if three $9,500 (a 5% variance) transactions to the same vendor or for the same project have been tested to assure internal controls were followed.
- Do you have a system in place to verify transactions are not altered after the fact? Do you check journal entries or other methods of “correction” on a regular basis? Have any transactions been “corrected” in an effort to circumvent internal controls.
- Use your software to assist in the process: Run a report for all activities 5% under a threshold. Sort reports by vendor or amount to look for duplication. Run activity by account number to search for coding changes. Look for transactions after hours or on week-ends and holidays.
By focusing on how controls can be avoided, you can strengthen the monitoring process of your internal controls.
To ensure compliance with requirements imposed by the IRS, we inform you that any U.S. federal tax advice contained in this communication (including any attachments) is not intended or written to be used, and cannot be used, for the purpose of (i) avoiding penalties under the Internal Revenue Code or (ii) promoting, marketing or recommending to another party any transaction or tax related matter.