Vic Towler FCCA
In my years of auditing countless owner managed businesses, there is one word that always springs to mind when thinking about internal controls: trust.
If we all had the ability to see the future and be able to predict our trusted employees' circumstances changing or know that they would never become greedy, internal controls would not be as relevant. However, we can never be 100% sure and that's why we should protect the businesses that we have worked so hard to build up.
There are so many areas of a business where internal controls can be implemented and most of these can be very simplistic. Once these controls are learnt and adhered to by all staff, they become commonplace and nobody gives them a second thought. This creates good practises and a clear structure from the top.
I regularly come across payroll systems where the person processing the payroll is themselves on that payroll and no further checks are carried out prior to wages being paid, which is quite scary.
As part of our audit work on internal controls, we would check for fictitious employees on the payroll, ensure employees who have left have been removed from the payroll, ensure staff are on the correct rates of pay, ensure payroll is authorised by a director or similar and ensure that staff are not clocking in for their mates. Believe me, it happens!
These are just some of the tests that can be performed in one area.
Fraud can of course occur from sources outside of your organisation, such as “suppliers” telephoning to change their bank details and on making the next payment to that supplier, it is picked up that a payment has been made to a fraudster instead.
There are so many ways in which fraud can occur within a business and strong internal controls can make fraudsters less likely to be successful.
Other areas that we regularly look at are: sales, purchases, fixed assets and journal posting, although this list is not exhaustive. We tailor our internal controls testing to the entity being audited and the circumstances each client has.
We can offer a service that includes reviewing current systems and controls, testing if these work, then making recommendations, which does not necessitate a full audit. If you feel that you need a systems and internal controls overhaul, please get in touch.