Financial statements cannot be useful if they are based on unreliable and inaccurate recordings of transactions. There is no greater example of the garbage in, garbage out principle than financial statement preparation. The problem is that financial statement users cannot usually assess the presence of garbage simply by reading the statements. The statements may look fine, but in reality be riddled with inaccuracies.
The two main sources of financial statement inaccuracy are deliberate dishonesty and incompetence. There are two principle ways to combat these problems. The first method is to regularly hire an outside accounting firm to audit the financial statements. In an audit, the outside accountant tests reported account balances for accuracy. As importantly, the auditor tests to see that the accounting principles used in recording transactions are in conformity with GAAP and applied on a consistent basis. Despite some notorious recent audit failures involving large corporations, the auditing process, in most cases, provides a reasonable safeguard against fraudulent and inaccurate financial reporting.
The second method used to prevent fraudulent and inaccurate financial reporting is the adoption of adequate internal controls. Internal controls are the policies and procedures that a business can take to safeguard its assets, insure accuracy of financial reporting, and prevent fraud. These methods are not mutually exclusive. In the best of all worlds, firms would have both good internal controls and regular audits.
Unfortunately, hiring outside auditors and having the very best internal controls can be expensive, especially for small firms. The question of how much money should be spent on auditing and internal controls is a matter of perspective and circumstances. For example, a small business owner who uses the financial statements for internal management purposes only, has little incentive to hire an outside auditor. On the other hand, small business lenders and outside investors have a much greater need for audited financial statements.
For many, if not most, small businesses, regular audits are an unnecessary expense. The same cannot be said about adequate internal controls. Even the smallest business can benefit from well-designed controls designed to prevent fraud, theft, and accounting errors. In fact, small business owners are more likely to be the victims, rather than the perpetrators, of financial statement fraud. All too frequently a lower level bookkeeper or accountant will “cook the books” in order to cover theft and embezzlement. For this reason, it is important to have some understanding of internal controls.
As indicated above, internal controls are the policies and procedures that a firm uses to safeguard its assets, insure the accuracy of financial reporting, and prevent fraud. Insuring the accuracy of accounting information can involve something as simple as designing transaction registers and journals that minimize the mis-recording of transactions. Other common sense policies involve purchasing reliable accounting software and hiring well-qualified bookkeeping personnel to handle basic accounting tasks.
There are several widely used internal control procedures to prevent employee theft. Three of the most important controls are employee bonding, segregation and rotation of duties, and budgeting. Bonding is a form of commercial insurance that indemnifies a firm against employee theft. Usually, a background check is required to obtain bonding for any particular employee. Many umbrella commercial insurance policies include blanket employee theft coverage that does not require specific background checks.
Segregation of duties ensures that employees who handle cash or other assets do not also have access to accounting records. This prevents employees with access to both assets and accounting records from covering up their thefts.
Example. Miss Feasance is the bookkeeper for a small law firm. Her job responsibilities include writing checks and recording the disbursements in the check register and computerized check journal. She is also responsible for performing the monthly bank reconciliation. She notes that the owner never looks at the cancelled checks, so every month she writes a couple of $100 checks to herself, but records the disbursements as payments to a process server the firm uses to serve subpoenas. Neither the owner nor the outside accountant ever look at the cancelled checks. All they see are the entries in the general ledger. Because the firm normally spends between $1,500 and $2,000 per month in legitimate process service costs, the extra $100 or $200 payments go unnoticed.
The above fraud could have been prevented by not letting Miss Feasance have check signing authority. If she had check signing authority, someone else should have entered the disbursements in the general ledger and performed the bank reconciliations.
Another control involves shifting personnel into different job functions on a periodic basis or forcing employees to take vacations and having someone else perform their job functions for a certain period of time. The logic of this internal control is that certain frauds, such as lapping schemes, require the fraudster to maintain continuous control over a certain accounting function. Here is an example involving a lapping scheme.
Example. Miss Feasance’s bother Mal is the billing clerk for a psychotherapy clinic. He has devised a lapping scheme that works like this: at the beginning of every month he takes two or three payments made to the clinic and deposits the funds in his bank account. To cover this fraud, he does not steal subsequent payments from other customers but instead of crediting the payments to the correct patient accounts, he credits the payment to the patients whose payments he previously stole. In this way the stolen payments are not detected as long as the patients see their accounts credited for the amount they paid. The scheme works as long as there is a steady stream of payments made to the clinic and the lag between payment and crediting is not too great.
Mal Feasance’s scheme works as long as he can keep covering previous thefts with subsequent payments. The scheme would be detected if he took a long vacation or had his job responsibilities occasionally performed by someone else.
Budgeting is the process of predicting the operating revenues and expenses for the next accounting period. This process serves as an internal control when owners regularly compare current actual revenue and expense with budgeted amounts. Failure of actual results to fall within a reasonable range of budgeted amounts should cause the owners to investigate the reason for the variance.
Example. If the owner of Miss Feasance’s law practice would establish budgets for expenses and revenue, the extra $200 per month she was pocketing and recording as process serving fees, might cause a variance that could be investigated.
Most frauds occur in small firms because their financial statements are rarely audited and they often lack the resources to implement proper internal controls. For example, many small firms cannot afford the cost of hiring enough staff to implement proper segregation of duties. Another more subtle reason why internal controls are not effectively implemented stems from human psychology.
The premise of internal controls is that people are susceptible to dishonesty and that special efforts must be implemented to protect a firm from its own employees. This is an easy premise to accept when thinking about human beings in the abstract. However, it is more difficult to think of your employees as potentially dishonest. When you work closely with another person over any period of time, it is natural for trust to develop. The conscientious implementation of internal controls in a small business may send a subtle message that there is a lack of this natural trust.
On the other hand, it is precisely the tendency to trust that gets many small business owners into trouble. They do not make the psychic effort to implement the needed controls, because the burden of mistrusting their own employees is too great. In fact, the shock and anguish of employers who have been betrayed by trusted employees who have acted dishonestly, is often more painful than the monetary loss (which is often insured).