What is Management’s Attitude About Internal Control and Why Does It Matter?

 

By Bob Swetz
Controller Consultant | Tier One Services, LLC
As external auditors, accountants, and bookkeepers who are concerned about our clients, we need to be aware of management’s attitude towards internal controls.
So, what does that even mean, “Management’s Attitude?”
Let’s look at an analogy that many of us can relate to. Suppose a friend suggests that you should be more physically fit. He provides you with a detailed and customized workout routine that you are to perform 5 days a week. It’s a great plan and if followed will help you reach the goal of being fit.
Notice how I said, “the goal” and not “your goal.” You see, the problem is you aren’t too concerned about being physically fit, it’s just not something you care about right now and certainly not a priority for you. Given this set of circumstances, the chances of you doing the workout at all, let alone 5 days a week are slim, therefore the probability of you attaining the goal of physical fitness is also minute.
Why does management’s attitude about internal control matter?
Management’s attitude about internal control matters for a few reasons:
1.      Management’s attitude will most likely trickle down to the staff
2.      If management doesn’t care, the staff probably won’t care either
3.      Even if the staff does care, a poor attitude at the management level will tend to override the good controls that are in place (more on this is a future article)
4.      The best plan will fail if it is not properly implemented and monitored
Management having a poor attitude about internal controls doesn’t necessarily mean that management does not have integrity. It could be that they have too much on their plate to focus on internal control. As trusted business advisors, we may be able to fill a gap that management didn’t even know existed. It’s something to think about as we perform our day to day duties for our clients.
If you have questions or want to dig deeper, feel free to schedule a 15-minute troubleshooting session with me at http://bit.ly/Scheduling_Troubleshooting or connect with me on Facebook at https://www.facebook.com/bobswetzonline.

An Introduction to Assessing Control Risk

By Bob Swetz
Controller Consultant | Tier One Services, LLC
All organizations, no matter the size, should have adequate internal controls. Internal controls are things like having multiple staff count cash so that no one person has sole access at any given time.
One thing that may be overlooked is establishing a process of assessing control risks on a regular basis.
What is Control Risk?
To put is simply, control risk is the risk that the internal controls in place will not meet the organization’s objectives. According to the AICPA AU-C Sec940.05, A Control Objective is “the aim or purpose of specified controls. Control objectives address the risks that the controls are intended to mitigate.” In the example above the control objective over counting cash may be to deter the risk of employee theft.
Risks can arise out of a given set of circumstances, or they can be inherent in the nature of the transaction or function.
How and When to Assess Internal Control Risk
How and when to assess internal control risk depends on the nature of the risk or a situation that may arise and cause an increase in risk that did not previously exist.
Let’s look at cash counting again. Because if it’s nature, cash is inherently risky. Assuming the organization’s cash inflows are consistent this risk could be assessed on an annual basis. The risk assessment would involve addressing the possible ways cash could be stolen and determining if the controls in place sufficiently address that risk.
Other types of risks may arise based on circumstance. For example, one of the church’s weekly cash counters just filed for bankruptcy. That situation would give rise to the need for risk assessment at that time, not merely at the end of the year. In this case, the church’s management should consider whether the situation creates additional risk in the cash counting function. A simple way to do this is to list all the possible ways cash could be stolen and whether the controls currently in place (given the situational change) still reduce the risk of employee theft to a reasonably low level.
These are just a few simple examples but should be enough to get you started in developing a plan for risk assessment that makes sense for your organization.
If you have questions or want to dig deeper, feel free to schedule a 15-minute troubleshooting session with me at http://bit.ly/Scheduling_Troubleshooting or connect with me on Facebook at https://www.facebook.com/bobswetzonline.

Should Your Organization Have an Accounting Policies & Procedures Manual?

 

By Bob Swetz
Controller Consultant | Tier One Services, LLC
Yes, and thank you for reading.
Well, I suppose you know where I stand on this, but let me expand a bit. This topic can be broken into 2 groups, both with the same outcome but perhaps for different reasons.
You have a small organization with a 1-person accounting department
This group might be leaning towards a NO answer, but that couldn’t be farther from the truth. A small organization with a 1-person accounting department should have a manual that documents their policies and procedures for continuity if nothing else. When all of the processing steps are in this one person’s head, what happens if they leave suddenly, get sick or are off for an extended period of time? I’ll tell you what happens if there is no documentation, mass chaos. On the other hand, if the policies and procedures are in a written document, the owner, manager or director can pick up right where the other person left off. There may be a bit of a learning curve, but at least there is a good starting point.
You have a large organization with a multi-person accounting department
This group is probably leaning towards a YES answer, but why? The general perception is that a larger organization is a bit more rigid in terms of their policies and procedures and would most likely have them in a written document. This document is critical for such an organization for several reasons. To name a few…
1.      There is a tendency to move staff from one position to another
2.      There can sometimes be high turnover
3.      With many hands in the cookie jar it is important to know who is doing what
The accounting policies & procedures document will help ensure a smooth transition from one position to another, a smooth intake for new employees and protection for staff when errors or irregularities occur.
Once you get on board with the need for such a document you will also realize the importance of keeping the manual updated on a regular basis, at least once or twice a year.
If you have questions or want to dig deeper, feel free to schedule a 15-minute troubleshooting session with me at http://bit.ly/Scheduling_Troubleshooting or connect with me on Facebook at https://www.facebook.com/bobswetzonline.

How can we make life easier for our accounting team while asking more of them?

It’s about automating and streamlining – and takes people, processes, and technology.

Let’s take a look!

Technology

  • Set up bank feeds
  • Record processes using a tool like Screencast-O-Matic and post the screencasts to a place that the team can access. This helps to get the most value from your top-level finance people instead of having them spend their time on more repetitive financial tasks
  • Record task checklists in a workflow tool like Asana, Monday, or Wrike. Start with recurring tasks and include decision-making trees.
  • Implement tools to automate tasks which don’t require human judgment, and to batch/streamline tasks which do. For example: memorized transactions, recurring transactions, transaction templates, Batch Enter, Find & Recode.
  • Don’t use spreadsheets or other separate stand-alone files if the main technology that you have can do the trick. Learn more about what it’s capable of. Unnecessary separate systems will cause wasted time. If a separate spreadsheet is necessary, design it to be an easily-updatable template.

PROCESSES:

  • Encourage electronic transactions and not use paper checks
  • Have vendors e-mail their invoices to a Bill.com address or Hubdoc address. Hubdoc will employ OCR and handle some of the data entry for you
  • Use a simple, standardized Chart of Accounts. Make sure it’s meaningful to the organization but don’t let it explode with details which don’t contribute to a decision-making process.

PEOPLE:

  • Control the quality of the information stream, so make sure that only well-trained, process-oriented people are sending information to the Accounting team.
  • Authorize new apps and processes such as the ones listed above. If the invoicing process can be streamlined by using TSheets for example, authorize a training and work with service providers to get the team trained on it.
  • Make sure everyone is on board for streamlining and if someone is resistant, decide whether you are going to provide coaching or engage in a different course of action. Someone resistant to process will kill a company.

How Does Receiving Grants Affect Internal Control?

By Bob Swetz

Controller Consultant | Tier One Services, LLC

Using proper internal accounting controls is important for any type of organization. However nonprofit and governmental entities that receive grant funding typically have at least one additional layer of controls to consider. These controls can be mandated at the Grantor, State or Federal level.

Grantor Level Requirements

If your organization does not fall under federal or state guidelines you may still be required to have specific procedures and controls in place that are stipulated by the grantor. It is extremely important to carefully review the grant documents to make sure your procedures are in compliance with the grant.

State Level Requirements

Some grants are funded with state money but do not fall under federal guidelines. In this case, it is important to understand the overall guidelines of the funding state department to ensure that your controls and procedures meet any specific requirements. As discussed above, you should also carefully review your grant documents to ensure compliance.

Federal Level Requirements

Organizations receiving more than $500,000 in federal funds are held to a completely different standard. If your organization falls into this category, you are not only required to have the proper internal accounting controls in place for audit purposes, but you must have controls in place to ensure compliance with federal laws and regulations related to the grant. Auditors will use the OMB Compliance Supplement for the appropriate CFDA# related to your federal grant, so it is important to be current with applicable laws and regulations.

At the end of the day, your organization needs to have good accounting controls in place that work for you. Just don’t forget that when you receive grants, others are watching.

If you have questions or want to dig deeper, feel free to schedule a 15-minute troubleshooting session with me at http://bit.ly/Scheduling_Troubleshooting or connect with me on Facebook at https://www.facebook.com/bobswetzonline.

Establishing Processes in a Service Organization

When you are providing services but certain things in the relationship aren’t working, what may be lacking is alignment.

Consider whether there is misalignment between:
* the client’s perception of the potential value of the work and what potential value you could be delivering
* that value of the work you are delivering and the value of the work that you’d like to deliver
* the client’s expectations and your expectations
* the way that the clients are operating and the way that your ideal client operates
* the way that your services are functioning and the way that they need to function in order to be available at the current cost

And what about communication? When those you serve don’t communicate as frequently as you would like, it’s because they don’t get value from communicating more frequently.

Possible paths forward:

  • Realign your expectations to match the clients’ current perceived needs. Arrange for monthly or quarterly live meetings to create deliverables on the spot. Use tech tools to turn the calls into working sessions, not just reviews or status updates.
  • Realign the clients’ expectations of what’s possible with more frequent communications. Show them what’s possible with more frequent communications and put them in a position to reach their goals by using your services.
  • Please note the potential huge opportunity for operational / process coaching here if you serve business clients. If they only want basic services, it may be an indicator that they wouldn’t pay for a premium service because they can’t get an ROI from it. This may indicate that their team doesn’t have their processes together, because assuming that there’s demand for what they do and assuming that they’re good at doing it, process excellence is pretty much the only thing keeping an organization from scaling. Process excellence arises from people (including company culture), processes, and technology. If you/your team have skills in this, you can help turn either of these companies from a day-to-day grind into a scaling joy. If that’s what the owner wants, that is.

Sometimes the most exciting path forward is mindset coaching. Dig into how the owner perceives business, leadership, processes, relationships, time, and money. What stories are running the owner’s decision-making process? What visions guide his or her life? What are the owner’s core values? Which of those stories are out of alignment with that vision and those values and are really old stories?

If you can cause a transformation in that, it will cause a transformation in all aspects of the leader’s life and business and you & your team will ultimately have a proactive client instead of a fire-drill client.

The processes that you want to focus on are not creating uniform processes for each client. Instead, create uniform processes for how you train and equip your team. Create engagement workflow templates and you be the one to customize them when you bring in a new client. Create a knowledge base for internal purposes. Create forums for your team members to communicate with each other – not about engagements, that’s in your workflow management tool – but about higher-level things, broader-impact things, like software and excellence and gratitude.

I know firsthand that client engagements that aren’t working bear the highest cost of all – not having the time to cultivate new business + having to handle too much yourself because of the craziness.

Nourish your team and get those engagements aligned.

Does Your Organization Need a Disaster Recovery Plan?

By Bob Swetz

Controller Consultant | Tier One Services, LLC

Many of us seem to think that a total disaster is something that happens to others, but not us.

Unfortunately, disasters can happen to any organization at any time, and we need to be prepared.

Disasters can also come in more forms than you might think. Many might think of a fire, flood or some sort of natural disaster, but they can be more subtle and unassuming. I have witnessed several “data loss” disasters over the last six months that could have been prevented with the proper planning.

Here are a few things to consider:

1. Do you back up your data on a regular daily basis?

2. Have you considered the types of data that need to be backed up?

3. Do you store your backups off-site?

4. Do you test your backup restore process?

5. Do you have an agreement with a third-party to restore your data in the case of an emergency?

This is not a comprehensive list by any means.

I do want to point out, however, that 4 and 5 are often overlooked. I have seen organizations that thought they were backing up every night, only to find that it wasn’t working. When disaster struck, they were 6 months behind on backups. I have seen organizations whose entire network was taken down by a virus. One of them was out of business for over a week.

Consider regular tests and off-site recovery as part of your plan so you can substantially reduce your downtime if your facilities or equipment are unusable.

Having the proper backup procedures in place and taking the next step to a full-fledged disaster recovery plan could save your organization someday.

If you have questions or want to dig deeper, feel free to schedule a 15-minute troubleshooting session with me at http://bit.ly/Scheduling_Troubleshooting or connect with me on Facebook at https://www.facebook.com/bobswetzonline.

Should I Seek a Fiscal Sponsor?

A fiscal sponsor is an organization that has already gone to the time, trouble, and expense to legally form a nonprofit, create a board, establish accounting records, establish operations, establish bylaws – all the admin stuff –

And when you do your fundraising, you have people donate to the sponsoring organization with those funds earmarked for your project.

That’s how their donations become eligible for being tax-deductible and also how donors have the experience of donating to a “legit” and accountable organization.

Then the fiscal sponsor passes the funds to you, minus an administrative fee. Amounts for this fee that I have heard are 6% and 10%. There could be other fee levels. It depends in part on what the organization is doing for you. The more they do (such as pay your vendors) the higher the fee.

A fiscal sponsor can either pay your authorized vendors directly or put the donated funds (less the admin fee) into a separate bank account that you have created for the exclusive use of this project. You’re required to report all of your project’s financial activities to your fiscal sponsor and you can get into h-u-g-e trouble if any of those funds are used for a purpose other than what was promised in your initial application for fiscal sponsorship.

A fiscal sponsor is obligated to report to you how much money has come in, and they are required to set aside those donations (less the admin fee) and they can get into h-u-g-e trouble if they use those funds for anything other than your project.

Fiscal sponsorship is an effective financial mechanism for good to be done in the world without red tape.

Q&A: Secure, Paperless Nonprofit Accounting

[1] When you have paper receipts do you scan them?
Hell no. They snap a picture of them with an app like Entryless or Expensify, where they get automatically classified and synced with the accounting system.

[2] How do you have staff code and authorize expenditures and keep that info with the digital receipt?
Staff don’t need to classify transactions. That’s the job of the Finance team. What the Finance team needs is a description of the expenditure and the grant it was for, if that applies.

Staff don’t authorize expenditures, either. That’s up to the ED, who sets policy and then reviews expenditures in the accounting system or an app. Some apps (like Bill.com) and some accounting systems (like Xero) have an Authorize button for bills.

[3] How do you store all these digital bits?
In the app and/or attached to the transaction itself in the accounting system.

[4] How do you pass on the receipt, coding, and authorization to the person signing checks?
In the app & accounting system. In Xero, for example, there is an in-program authorization button for payables.

[5] If there’s fancy software that does this all, what is it and how much does it cost?
It’s not fancy software. It’s cheap and zillions of people are using it. Times have changed. Thank goodness.
Check out Entryless ($22.49/mo), Xero ($30/mo for unlimited users), Bill.com ($19.95/mo).

[6] How much server space does 7 years of “paperwork” eat up?
Servers have evolved. First of all, in most cases you’re not using your own server but that of your cloud-based app, and (a) you don’t care how much space these documents take up, and (b) they’ve got such economies of scale that the space is dirt cheap. See pricing above.

But secondly, server space is cheaper now than it has ever been. So if you run out of space, you buy more. It’s not a big deal. Certainly cheaper than renting a bigger building to store more paper files, and because no one actually does that since that idea is ridiculous, I’ll mention that it’s still cheaper than renting a storage unit for your older paper files, which plenty of people do. And it’s less risky. Paper file can be so easily damaged. Flooding, fire, mold…stuff happens.

Two final points on questions that you didn’t ask:
[7] The risks are higher when everything is on paper:
[a] The savvy cloud-based providers have redundant servers in geographic locations with different natural disaster profiles (“we here at San Andreas Cloud Services store all of your data securely in a nearby warehouse!”)
[b] Paper is easily stolen, lost, or otherwise messed with. When everything is electronic, all you have to do is revoke access when an employee leaves, for example.
[c] You’re stuck with local auditors, whether or not they’re any good, whether or not they charge competitively, plus you have to pay more for all of the shlepping they have to do for the field work. Plus the audit takes longer. Which the Board really loves. Whee! Last year for a new client we cut the timeline from “year-end” to “board presentation of the financials” from 8 months to 4 months. So having everything available paperlessly gives you more leverage to shop around, and if you live in a major metropolitan area you can get an auditor in a lower COL area and pay less but without sacrificing the level of service.

[8] And lastly – this applies only to some organizations, but in those cases, the costs are outweighed by the revenues generated in the physical space that is now freed up. What does the org get to put there, in the entire office drowning in file cabinets? Another fundraising professional, perhaps?

How to Segregate Duties with Only One Accountant

By Bob Swetz
Controller Consultant | Tier One Services, LLC
“Every business needs to be protected in order to survive and thrive.”
Part 2 of 3

What is segregation of duties and why is it important?
In Part 1 of my series on segregation of duties we explored why it is so important to have adequate segregation of duties in your organization’s accounting department. You can read about that in my article Why is Segregation of Duties Important in Your Accounting Department?
In today’s article, I provide an example of how you can achieve segregation of duties even if your accounting department has only one accountant.

How to make segregation of duties work with only one accountant
If your organization has only one accountant who does everything it may be time for the owner, manager or director to step up and pitch in to split some of the duties with the accountant or bookkeeper.

Let’s look at the bill payment function and assume that there is one accountant and an executive director as the next level of management. To start, don’t let the accountant open the mail. The director should open the mail and give the vendor bills to the accountant to enter. Once the bills are entered, the director can review them and approve which ones to print. It would be ok for the accountant to print the checks, then have the secretary match the checks up with invoices and seal the envelopes.

 

Next, the director can review which bills are ready to go out before returning them to the secretary for mailing. Ideally, borrow and train a staff member from another department to do the bank reconciliations. If your staff is too busy for an arrangement like this, consider outsourcing some of these duties to an outside accountant or bookkeeper. It’s just that important.

In Part 3 of my series on segregation of duties, How to Segregate Duties with Two or More Accountants, I will explore another example of how to make this vital control feature work for your organization.