CHAPTER 1: INTERNAL CONTROLS
2. Processing Controls can mean that certain documents with specific information are required, and only when these are provided is the action authorized. Example: the Customer Master file specialist cannot add a customer to the file without verification of OFAC status or a Credit Manager Authorization form. 3. Signature Authority provides only those who need to complete certain tasks with the authority to do so. Many organizations establish formal signature-of-authority documents that outline exactly who can do what, up to what dollar amount, and for what departments or areas of the organization. Other organizations may be less formal in assigning authority and instead make use of understood rules and norms. Examples include the extension of credit, adding/changing the customer file, and signing contracts on behalf of the company. If an action exceeds your level of authority, it will require a second (or more) signature(s). DETECTIVE CONTROLS Detective controls attempt to uncover mistakes and irregularities—whether intentional or not. Detective controls often reveal gaps in the preventive controls or record when controls have been overridden. These controls will find an error or irregularity after the fact, but preferably before the financial data is reported to internal or external stakeholders.
Examples of detective controls are:
Analysis control: budget review, audit review Reconciliation control: comparing data Physical asset control: inventory counts Quality control: inspection
CORRECTIVE CONTROLS The errors and irregularities that are uncovered using detective controls should, of course, be fixed. However, how the error occurred in the first place should then be analyzed to see how it could have been prevented. A new process should then be designed, documented, and implemented to ensure compliance. COMPENSATING OR COMPENSATORY CONTROLS In some circumstances, organizations are not able to implement specific controls (such as segregation of duties) due to financial, administrative, operational, or other constraints—or even due to a temporary condition. In these cases, other measures must be put in place that, although not as efficient or as effective as the intended control, can still reduce risk. These substitutes are referred to as compensating or compensatory controls. Compensating controls should document the situation, including identifying the potential risk, determine what measures have been put in place, and—if possible—put in writing an estimate or goal for when a true control will be implemented. The P&Ps should keep a record of these situations because this will be beneficial during an audit; it documents that you are aware of the situation and what process has been implemented to reduce the potential risk.
19
THE ACCOUNTS RECEIVABLE SPECIALIST CERTIFICATION PROGRAM E-TEXTBOOK
Made with FlippingBook - Online catalogs