INTERNAL CONTROLS

Posted on the NAVREF Web Site with the Permission of Edward J. McMillan, CPA, CAE www.edmcmillan.com or www.nonprofitgugu.com

An effective internal control system is an absolute must if your organization is serious about protecting itself against employee dishonesty. The adequacy of the internal control system in use by your organization can be gauged quickly by answering the following questions: YES 1 2 3 4 Are the bank statements forwarded directly to the Chief Executive Officer and are they reviewed before accounting receives the statements? Are two signatures required on every check? Are accounting personnel prohibited from being signers on bank accounts? Are checks received in the mail endorsed by whomever opens the mail before other employees come into contact with checks and is a log of checks received maintained? After the checks have been endorsed, do you prohibit employees other than accounting from coming into contact with original checks? Is the check amount on manual checks protected with a check protector machine? Does your CPA firm evaluate your system of internal controls annually and do you take their suggestions for improvement seriously? Are all employees who handle checks and cash bonded? Do you require employees to take vacation? Is the check supply under lock and key? Do you use a high quality check stock that would be difficult to scan? Does your endorsement stamp spell out the full legal name of your organization and does it also include your banks name and your account number? Are two people involved in computing payroll and remitting payroll taxes? Do you have written internal control policies? Do you periodically review the adequacy of your fidelity bond? Does your CPA firm do unannounced checks on bank statement reconciliations? Do you ever check the banks records as to authorized signers on signature cards? If you have cash transactions, are the policies tested? Do you have an effective computer back-up system? Are credit card and loan applications shredded? Do you have an effective audit committee? When key employees terminate, do you have an exit audit? Do you have an insurance committee? Are your controls on credit cards adequate? NO

5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24

Hopefully, the answers to all of these questions are yes. If not, give serious consideration to changing your procedures where the answers are no. Remember: Fact in almost every situation where fraud has been discovered, the guilty part is the person above suspicion. Fact it is becoming increasingly difficult to receive honest references from prior employers. How is fraud detected? During the course of a CPA audit As a result of an internal audit Whistle blowers Sheer accident 2% 18% 30% 50%

IF YOU FIND YOURSELF THE VICTIM!

1. Investigate first! Never accuse until you know the facts.

2. Call your attorney and CPA for advice immediately. 3. Contact the insurance company that handles your fidelity bond. 4. Be careful when confronting the person: a. If there is any possibility of a problem, be sure everyone is protected

b. Consider having your attorney and CPA with you, but always have a witness, particularly if the
situation is male female. c. It is usually better to confront the person after business hours when fewer employees are present to avoid an incident and embarrassment.

5. On the advice of counsel, the individual should either be terminated or put on administrative leave.

6. Change computer passwords immediately.

7. Make sure you get such items as keys, credit cards and so forth and consider changing the door locks. 8. Get advice from counsel on how to relate the circumstances to staff and so forth and how to handle references.

9. And when its all over, work with your CPA to thoroughly evaluate your system of internal controls and
correct whatever deficiencies led to the problem.