What is Management’s Attitude About Internal Control and Why Does It Matter?

 

By Bob Swetz
Controller Consultant | Tier One Services, LLC
As external auditors, accountants, and bookkeepers who are concerned about our clients, we need to be aware of management’s attitude towards internal controls.
So, what does that even mean, “Management’s Attitude?”
Let’s look at an analogy that many of us can relate to. Suppose a friend suggests that you should be more physically fit. He provides you with a detailed and customized workout routine that you are to perform 5 days a week. It’s a great plan and if followed will help you reach the goal of being fit.
Notice how I said, “the goal” and not “your goal.” You see, the problem is you aren’t too concerned about being physically fit, it’s just not something you care about right now and certainly not a priority for you. Given this set of circumstances, the chances of you doing the workout at all, let alone 5 days a week are slim, therefore the probability of you attaining the goal of physical fitness is also minute.
Why does management’s attitude about internal control matter?
Management’s attitude about internal control matters for a few reasons:
1.      Management’s attitude will most likely trickle down to the staff
2.      If management doesn’t care, the staff probably won’t care either
3.      Even if the staff does care, a poor attitude at the management level will tend to override the good controls that are in place (more on this is a future article)
4.      The best plan will fail if it is not properly implemented and monitored
Management having a poor attitude about internal controls doesn’t necessarily mean that management does not have integrity. It could be that they have too much on their plate to focus on internal control. As trusted business advisors, we may be able to fill a gap that management didn’t even know existed. It’s something to think about as we perform our day to day duties for our clients.
If you have questions or want to dig deeper, feel free to schedule a 15-minute troubleshooting session with me at http://bit.ly/Scheduling_Troubleshooting or connect with me on Facebook at https://www.facebook.com/bobswetzonline.

An Introduction to Assessing Control Risk

By Bob Swetz
Controller Consultant | Tier One Services, LLC
All organizations, no matter the size, should have adequate internal controls. Internal controls are things like having multiple staff count cash so that no one person has sole access at any given time.
One thing that may be overlooked is establishing a process of assessing control risks on a regular basis.
What is Control Risk?
To put is simply, control risk is the risk that the internal controls in place will not meet the organization’s objectives. According to the AICPA AU-C Sec940.05, A Control Objective is “the aim or purpose of specified controls. Control objectives address the risks that the controls are intended to mitigate.” In the example above the control objective over counting cash may be to deter the risk of employee theft.
Risks can arise out of a given set of circumstances, or they can be inherent in the nature of the transaction or function.
How and When to Assess Internal Control Risk
How and when to assess internal control risk depends on the nature of the risk or a situation that may arise and cause an increase in risk that did not previously exist.
Let’s look at cash counting again. Because if it’s nature, cash is inherently risky. Assuming the organization’s cash inflows are consistent this risk could be assessed on an annual basis. The risk assessment would involve addressing the possible ways cash could be stolen and determining if the controls in place sufficiently address that risk.
Other types of risks may arise based on circumstance. For example, one of the church’s weekly cash counters just filed for bankruptcy. That situation would give rise to the need for risk assessment at that time, not merely at the end of the year. In this case, the church’s management should consider whether the situation creates additional risk in the cash counting function. A simple way to do this is to list all the possible ways cash could be stolen and whether the controls currently in place (given the situational change) still reduce the risk of employee theft to a reasonably low level.
These are just a few simple examples but should be enough to get you started in developing a plan for risk assessment that makes sense for your organization.
If you have questions or want to dig deeper, feel free to schedule a 15-minute troubleshooting session with me at http://bit.ly/Scheduling_Troubleshooting or connect with me on Facebook at https://www.facebook.com/bobswetzonline.

Should Your Organization Have an Accounting Policies & Procedures Manual?

 

By Bob Swetz
Controller Consultant | Tier One Services, LLC
Yes, and thank you for reading.
Well, I suppose you know where I stand on this, but let me expand a bit. This topic can be broken into 2 groups, both with the same outcome but perhaps for different reasons.
You have a small organization with a 1-person accounting department
This group might be leaning towards a NO answer, but that couldn’t be farther from the truth. A small organization with a 1-person accounting department should have a manual that documents their policies and procedures for continuity if nothing else. When all of the processing steps are in this one person’s head, what happens if they leave suddenly, get sick or are off for an extended period of time? I’ll tell you what happens if there is no documentation, mass chaos. On the other hand, if the policies and procedures are in a written document, the owner, manager or director can pick up right where the other person left off. There may be a bit of a learning curve, but at least there is a good starting point.
You have a large organization with a multi-person accounting department
This group is probably leaning towards a YES answer, but why? The general perception is that a larger organization is a bit more rigid in terms of their policies and procedures and would most likely have them in a written document. This document is critical for such an organization for several reasons. To name a few…
1.      There is a tendency to move staff from one position to another
2.      There can sometimes be high turnover
3.      With many hands in the cookie jar it is important to know who is doing what
The accounting policies & procedures document will help ensure a smooth transition from one position to another, a smooth intake for new employees and protection for staff when errors or irregularities occur.
Once you get on board with the need for such a document you will also realize the importance of keeping the manual updated on a regular basis, at least once or twice a year.
If you have questions or want to dig deeper, feel free to schedule a 15-minute troubleshooting session with me at http://bit.ly/Scheduling_Troubleshooting or connect with me on Facebook at https://www.facebook.com/bobswetzonline.

What Level of Internal Controls Does Your Organization Need If You Don’t Have an Audit?

By Bob Swetz
Controller Consultant | Tier One Services, LLC

I get the feeling that most organizations think that maintaining proper internal controls and accounting procedures only serve to please the auditors. That attitude couldn’t be further from the truth.
Proper internal controls and accounting procedures are necessary in any organization to protect the organization, its assets, its leaders and employees.

According to the PCAOB AU Section 319…
Internal control is a process—effected by an entity’s board of directors, management, and other personnel—designed to provide reasonable assurance regarding the achievement of objectives in the following categories: (a) reliability of financial reporting, (b) effectiveness and efficiency of operations, and (c) compliance with applicable laws and regulations.

Note that nothing in that definition states that controls are for the benefit of the auditor.

A Quick Example…

Proper internal controls over the cash disbursements function are intended to prevent fraudulent payments. If the controls and procedures are followed properly they will protect the organization from theft and the employee from being accused of theft. It works both ways.

A Final Thought…

Adequate internal controls are important for every organization, not just the ones that have someone looking over their shoulder.

If you have questions or want to dig deeper, feel free to schedule a 15-minute troubleshooting session with me at http://bit.ly/Scheduling_Troubleshooting or connect with me on Facebook at https://www.facebook.com/bobswetzonline.

Should Your Organization Be Using Purchase Orders?

By Bob Swetz
Controller Consultant | Tier One Services, LLC

From my experience as an auditor, I have found that purchase orders and their purpose are misunderstood by many organizations.

There are 2 common reasons organizations might want to use purchase orders

1. To obtain proper authorization for purchases

2. To control and track inventory in the organization’s accounting system

If your organization is using purchase orders for the first reason, for authorization, then I recommend a careful review of the purchasing process to ensure that their use is meeting your organization’s objectives. In short, purchase orders should be prepared by the requesting employee and reviewed and signed by at least 1 member of upper management, generally a department supervisor, before the purchase is made. Once a properly authorized purchase order is obtained it can be delivered to the vendor to initiate the actual purchase.

If purchase orders intended to meet the authorization objective are processed after-the-fact, then the objective has not been met.

If your organization is using purchase orders for the second reason, to control and track inventory only, then perhaps the authorization steps are not necessary. If that is the case you should keep a couple things in mind. First, there must be other authorization procedures in place in relation to the purchasing and cash disbursements function. Second, purchase orders should still be completed prior to making the actual purchase. When goods are physically received the items should be marked received in your accounting system and matched with the invoice.

If purchase orders intended to meet the inventory control objective are processed after-the-fact, then the objective has not been met.

The bottom line is that purchase orders can be an effective part of your organization’s purchasing and cash disbursements function when used properly and when prepared in advance of the actual purchase. Make sure to determine your objectives first and the rest should follow suit.

If you have questions or want to dig deeper, feel free to schedule a 15-minute troubleshooting session with me at http://bit.ly/Scheduling_Troubleshooting or connect with me on Facebook at https://www.facebook.com/bobswetzonline.

How can we make life easier for our accounting team while asking more of them?

It’s about automating and streamlining – and takes people, processes, and technology.

Let’s take a look!

Technology

  • Set up bank feeds
  • Record processes using a tool like Screencast-O-Matic and post the screencasts to a place that the team can access. This helps to get the most value from your top-level finance people instead of having them spend their time on more repetitive financial tasks
  • Record task checklists in a workflow tool like Asana, Monday, or Wrike. Start with recurring tasks and include decision-making trees.
  • Implement tools to automate tasks which don’t require human judgment, and to batch/streamline tasks which do. For example: memorized transactions, recurring transactions, transaction templates, Batch Enter, Find & Recode.
  • Don’t use spreadsheets or other separate stand-alone files if the main technology that you have can do the trick. Learn more about what it’s capable of. Unnecessary separate systems will cause wasted time. If a separate spreadsheet is necessary, design it to be an easily-updatable template.

PROCESSES:

  • Encourage electronic transactions and not use paper checks
  • Have vendors e-mail their invoices to a Bill.com address or Hubdoc address. Hubdoc will employ OCR and handle some of the data entry for you
  • Use a simple, standardized Chart of Accounts. Make sure it’s meaningful to the organization but don’t let it explode with details which don’t contribute to a decision-making process.

PEOPLE:

  • Control the quality of the information stream, so make sure that only well-trained, process-oriented people are sending information to the Accounting team.
  • Authorize new apps and processes such as the ones listed above. If the invoicing process can be streamlined by using TSheets for example, authorize a training and work with service providers to get the team trained on it.
  • Make sure everyone is on board for streamlining and if someone is resistant, decide whether you are going to provide coaching or engage in a different course of action. Someone resistant to process will kill a company.

How Does Receiving Grants Affect Internal Control?

By Bob Swetz

Controller Consultant | Tier One Services, LLC

Using proper internal accounting controls is important for any type of organization. However nonprofit and governmental entities that receive grant funding typically have at least one additional layer of controls to consider. These controls can be mandated at the Grantor, State or Federal level.

Grantor Level Requirements

If your organization does not fall under federal or state guidelines you may still be required to have specific procedures and controls in place that are stipulated by the grantor. It is extremely important to carefully review the grant documents to make sure your procedures are in compliance with the grant.

State Level Requirements

Some grants are funded with state money but do not fall under federal guidelines. In this case, it is important to understand the overall guidelines of the funding state department to ensure that your controls and procedures meet any specific requirements. As discussed above, you should also carefully review your grant documents to ensure compliance.

Federal Level Requirements

Organizations receiving more than $500,000 in federal funds are held to a completely different standard. If your organization falls into this category, you are not only required to have the proper internal accounting controls in place for audit purposes, but you must have controls in place to ensure compliance with federal laws and regulations related to the grant. Auditors will use the OMB Compliance Supplement for the appropriate CFDA# related to your federal grant, so it is important to be current with applicable laws and regulations.

At the end of the day, your organization needs to have good accounting controls in place that work for you. Just don’t forget that when you receive grants, others are watching.

If you have questions or want to dig deeper, feel free to schedule a 15-minute troubleshooting session with me at http://bit.ly/Scheduling_Troubleshooting or connect with me on Facebook at https://www.facebook.com/bobswetzonline.

Establishing Processes in a Service Organization

When you are providing services but certain things in the relationship aren’t working, what may be lacking is alignment.

Consider whether there is misalignment between:
* the client’s perception of the potential value of the work and what potential value you could be delivering
* that value of the work you are delivering and the value of the work that you’d like to deliver
* the client’s expectations and your expectations
* the way that the clients are operating and the way that your ideal client operates
* the way that your services are functioning and the way that they need to function in order to be available at the current cost

And what about communication? When those you serve don’t communicate as frequently as you would like, it’s because they don’t get value from communicating more frequently.

Possible paths forward:

  • Realign your expectations to match the clients’ current perceived needs. Arrange for monthly or quarterly live meetings to create deliverables on the spot. Use tech tools to turn the calls into working sessions, not just reviews or status updates.
  • Realign the clients’ expectations of what’s possible with more frequent communications. Show them what’s possible with more frequent communications and put them in a position to reach their goals by using your services.
  • Please note the potential huge opportunity for operational / process coaching here if you serve business clients. If they only want basic services, it may be an indicator that they wouldn’t pay for a premium service because they can’t get an ROI from it. This may indicate that their team doesn’t have their processes together, because assuming that there’s demand for what they do and assuming that they’re good at doing it, process excellence is pretty much the only thing keeping an organization from scaling. Process excellence arises from people (including company culture), processes, and technology. If you/your team have skills in this, you can help turn either of these companies from a day-to-day grind into a scaling joy. If that’s what the owner wants, that is.

Sometimes the most exciting path forward is mindset coaching. Dig into how the owner perceives business, leadership, processes, relationships, time, and money. What stories are running the owner’s decision-making process? What visions guide his or her life? What are the owner’s core values? Which of those stories are out of alignment with that vision and those values and are really old stories?

If you can cause a transformation in that, it will cause a transformation in all aspects of the leader’s life and business and you & your team will ultimately have a proactive client instead of a fire-drill client.

The processes that you want to focus on are not creating uniform processes for each client. Instead, create uniform processes for how you train and equip your team. Create engagement workflow templates and you be the one to customize them when you bring in a new client. Create a knowledge base for internal purposes. Create forums for your team members to communicate with each other – not about engagements, that’s in your workflow management tool – but about higher-level things, broader-impact things, like software and excellence and gratitude.

I know firsthand that client engagements that aren’t working bear the highest cost of all – not having the time to cultivate new business + having to handle too much yourself because of the craziness.

Nourish your team and get those engagements aligned.

Does Your Organization Need a Disaster Recovery Plan?

By Bob Swetz

Controller Consultant | Tier One Services, LLC

Many of us seem to think that a total disaster is something that happens to others, but not us.

Unfortunately, disasters can happen to any organization at any time, and we need to be prepared.

Disasters can also come in more forms than you might think. Many might think of a fire, flood or some sort of natural disaster, but they can be more subtle and unassuming. I have witnessed several “data loss” disasters over the last six months that could have been prevented with the proper planning.

Here are a few things to consider:

1. Do you back up your data on a regular daily basis?

2. Have you considered the types of data that need to be backed up?

3. Do you store your backups off-site?

4. Do you test your backup restore process?

5. Do you have an agreement with a third-party to restore your data in the case of an emergency?

This is not a comprehensive list by any means.

I do want to point out, however, that 4 and 5 are often overlooked. I have seen organizations that thought they were backing up every night, only to find that it wasn’t working. When disaster struck, they were 6 months behind on backups. I have seen organizations whose entire network was taken down by a virus. One of them was out of business for over a week.

Consider regular tests and off-site recovery as part of your plan so you can substantially reduce your downtime if your facilities or equipment are unusable.

Having the proper backup procedures in place and taking the next step to a full-fledged disaster recovery plan could save your organization someday.

If you have questions or want to dig deeper, feel free to schedule a 15-minute troubleshooting session with me at http://bit.ly/Scheduling_Troubleshooting or connect with me on Facebook at https://www.facebook.com/bobswetzonline.

Should I Seek a Fiscal Sponsor?

A fiscal sponsor is an organization that has already gone to the time, trouble, and expense to legally form a nonprofit, create a board, establish accounting records, establish operations, establish bylaws – all the admin stuff –

And when you do your fundraising, you have people donate to the sponsoring organization with those funds earmarked for your project.

That’s how their donations become eligible for being tax-deductible and also how donors have the experience of donating to a “legit” and accountable organization.

Then the fiscal sponsor passes the funds to you, minus an administrative fee. Amounts for this fee that I have heard are 6% and 10%. There could be other fee levels. It depends in part on what the organization is doing for you. The more they do (such as pay your vendors) the higher the fee.

A fiscal sponsor can either pay your authorized vendors directly or put the donated funds (less the admin fee) into a separate bank account that you have created for the exclusive use of this project. You’re required to report all of your project’s financial activities to your fiscal sponsor and you can get into h-u-g-e trouble if any of those funds are used for a purpose other than what was promised in your initial application for fiscal sponsorship.

A fiscal sponsor is obligated to report to you how much money has come in, and they are required to set aside those donations (less the admin fee) and they can get into h-u-g-e trouble if they use those funds for anything other than your project.

Fiscal sponsorship is an effective financial mechanism for good to be done in the world without red tape.