How effective are your internal controls?
I recently completed a business review for a small utility in which I recommended purchasing new billing software, among other internal changes. As I finished presenting my report to the management team, the general manager slid a page across the table and asked “Will implementing your recommendations take care of this?”
What he showed me was the exceptions page from their most recent annual audit in which the auditors had cited the utility for inadequate separation of duties.
Separation of duties
Separation of duties is a form of internal control based on having more than one person involved in a process to prevent errors and fraud.
For example, in a utility business office, the following combinations of tasks should be divided among two or more employees:
- Issuing bills and accepting payments or adjusting accounts
- Accepting payments and adjusting or writing off accounts
- Accepting payments and preparing bank deposits
- Approving and entering adjustments to accounts
- Writing checks and reconciling bank statements
The reality in many small offices with limited staff is that it’s not possible to separate all of these responsibilities.
Such was the case with the utility described above. They have two customer service representatives who also function as cashiers and one billing clerk. The billing clerk fills in for the customer service reps during their lunch hours and this is what the auditors cited in their audit exception.
I explained to the general manager, as I suspect he already knew, that what he faces is a staffing issue, not something new software will remedy. Unless he is willing to hire another person or have only one person in customer service during the busy lunch hour, this will be a perennial issue.
In cases like this, a strong set of checks and balances is vitally important to protect the organization against dishonest or fraudulent acts.
Have a supervisor or manager review all transactions before they are updated. This is especially important for adjustments, which are the easiest way to try to cover up payments that are pocketed.
I recommend periodically reviewing your internal control policies and procedures with an eye out for how they can be improved. And don’t stop at just reviewing your written policies – take time to insure and validate they are being followed as intended.