Do you need a list of local government internal controls?
Here’s a list of fraud prevention controls that I recommend to local governments – many of which are pertinent to nonprofits and small businesses as well. While not a comprehensive list, I thought I would share it. You will find this same checklist in my Amazon fraud prevention book which provides much more Fraud Prevention ideas.
Fraud Prevention for Governments
General Internal Controls
- Have bank statements mailed directly to someone outside of accounting; recipient should peruse bank statement activity before providing it to accounting
- Perform surprise audits (use outside CPA if possible)
- Elected officials and management should review monthly budget to actual reports (and other pertinent financial reports)
- Map internal control processes by transaction cycle (preferably done by a seasoned CPA); once complete, provide map to all employees involved in the cycle; when control weaknesses exist, institute additional controls (see 11. below)
- Use a whistleblower program (preferably use an outside whistleblower company)
- Reconcile bank statements monthly (have a second person review and initial the reconciliation)
- Purchase fidelity bond coverage (based on risk exposure)
- Periodically request from the government’s bank a list of all bank accounts in the name of the government or with the government’s federal tax I.D. number; compare list to bank accounts set up in the general ledger
- Secure computer access physically (e.g., locked doors) and electronically (e.g., passwords)
- Do not allow the electronic transmission (e.g., email) of sensitive data (e.g., social security numbers) without the use of protected transmission technology (e.g. Sharefile); create policy and train staff
- Where possible, segregate who (1) authorizes transactions, (2) records transactions, (3) reconciles records, and (4) has custody of assets; when segregation of duties is not possible, require documented second-person review and/or surprise audits
Transaction Level Controls
Cash Receipts and Billing Controls
- Use a centralized receipting location (when possible)
- Assign each cash drawer to a separate person; require daily reconciliation to receipts; require second person review
- Deposit cash timely (preferably daily); require composition of cash and checks to be listed on each deposit ticket (to help prevent check-for-cash substitution)
- Immediately issue a receipt for each payment received; a duplicate of the receipt or electronic record of the receipt is to be retained by the government
- Supervisor should review receipting-personnel adjustments made to accounts receivable
- Do not allow the cashing of personal checks (e.g., from cash drawers)
Cash Payments and Purchasing Controls
- Guard all check stock (as though it were cash)
- Do not allow hand-drawn checks; only issue checks through the computerized system; if hand-drawn checks are issued, have a second person create and post the related journal entry
- Do not allow the signing of blank checks
- Limit check signing authorization to as few people as possible
- Require two employees to effectuate each wire transfer
- Persons who authorize wire transfers should not make related accounting entries
- Require a documented bidding process for larger purchases (and sealed bids for significant purchases or contracts); specify procedures for evaluating and awarding contracts.
- Limit the number of credit cards and the amount that can be charged on each card
- Allow only one person to use an individual credit card; require receipts for all purchases
- Require a street address and social security or tax I.D. numbers for each vendor added to accounts payable vendor list (P.O. box numbers without a street address should not be accepted)
- Signed vendor checks should not be returned to those who authorized the payment; mail checks directly to vendors
- Compare payroll addresses with vendor addresses for potential fictitious vendors (usually done with electronic audit tools such as IDEA or ACL)
- Provide a departmental overtime budget/expense report to governing body or relevant committee
- Use direct deposit for payroll checks
- Payroll rates keyed into the payroll system must be supported by proper authorization in the employee personnel file
- Immediately remove terminated employees from the payroll system
- Use biometric time clocks to eliminate buddy-punching
- Check for duplicate direct-deposit bank account numbers
- Overtime should be authorized in writing by department head or designee (before payment is made)
What additional controls do you recommend? Please share in a comment.Photo is courtesy of iStockphoto.com.
Learn from the CPA Scribo newsletter!
Get my free weekly accounting and auditing digest with the latest content.