Hi All - I'm a controller of a privately held business with about 400 employees. I was recently hired - the previous controller was promoted to CFO when the old CFO retired. Both of them have been here for 25+ years. We have no internal controls to speak of and I want to get the ball rolling on assessing our weaknesses and start to get some real controls in place. The first is the accounting system. Does anyone in this community have a standard list of questions I should ask of our IT staff. I'm thinking about things like who has access to what, what documentation do we have, etc. Thanks in advance!
Checklist for systems controls?
Answers
Apart from the Accounting- and Control issues involved, you must discuss your plans in detail with your CFO and the owner of the business if he is involved in running the business and have their approval and full support in your project. Otherwise, you will run against too many man made roadblocks. Changes in an environment that is used to do business as usual are always perceived as "threats" and often, the fear about "job security" becomes an insurmountable obstacle.
Whenever I took over the accounting and controlling responsibility of a company, I started with a "Balance Sheet audit". Start with the Bank Account. Check whether the accounts are reconciled by comparing general ledgers balances, with those shown in the Financial Statements, vs those on the Bank Statements. Next questions:
- who has bank signatures (single, joint, max. amounts)
- who approves invoices and other expenses that are paid out of these accounts. Nobody who has the right to approve a payment should also sign the appropriate payment. (conflict of interest)
-where are the blank check forms kept. (in reality, blank checks are as vulnerable as cash when not under lock and key)
Next item will be Accounts Receivables. Same approach. Add up all balances of the individual ledgers. Compare to the Financial Statements in the Accounting. Create an Accounts receivable ageing list. Establish a "risk analysis system" on existing bad debt exposure based on the ageing list. Accounts that are long time overdue often are the result of reconciliation problems.
Once you have verify the correctness of the accounting side, review the processes that precede the accounting entries.
Analyse the billing process. Give special attention to the "billing tariffs, and the discounts offered". Who fixes the prices at which customers are invoiced. Who can authorize "special prices" Does everybody work from the same "price list" have they all been updated? What control do you have in place to make sure that all products that are leaving the warehouse are billing billed.
I have often learned the hard way, that up to 40% of the time spent in the Credit and Collection Department were caused by billing errors and disputes.
I hope you understand this general approach. Continue account by account and follow the trail down to the source where these transactions are triggered. Needless to say, this requires your personal involvement in talking to individuals that are doing the actual job. And that interface will give you the opportunity to offer these individuals the opportunity to share with you how much easier their jobs would be if "just this little thing" would be changed in the prior processes. But, they will usual conclude with - I have been here since too many years, it always has been done that way - and who would ever listen to me.
Good luck in our exiting endeavor. But never forget, you are targeting more than getting some order into an Accounting Department. You are about to waking up a sleeping tiger if you are not careful and tactful and do understand the reason of their resentment.
Filed Under:
Accounting