Internal Control Requirements for Publicly Traded Companies
In a meeting last week, the president of LJB expressed interest of going public in the near future and asked us about the internal control requirements for such action. To become publicly listed, LJB must follow the Sarbanes-Oxley Act of 2002 (SOX), which requires all US publicly traded companies to maintain an adequate system of internal control. Under SOX Section 404, a company must report on internal controls over financial reporting in its annual report.
Four key elements must be included in this report (Smith, Ledyard;): 1. Statement of responsibility by the company management (CEO and CFO) for establishing and maintaining an adequate internal control structure and procedure for financial reporting. 2. Statement identifying the framework used by management to evaluate the effectiveness of the company’s internal control over financial reporting. 3. Management’s assessment of the effectiveness of internal controls over financial reporting. 4. Attestation by the company’s external auditor on management’s assessment of the effectiveness of the company’s internal controls and procedures for financial reporting. As the president of LJB, he and other executives and board of directors must ensure that the internal controls are reliable and effective. In addition, he must hire independent outside auditors to attest to the adequacy of the internal control system. LJB’s Proper Internal Controls To become publicly listed, LJB must ensure and maintain an adequate and effective internal control system.
After evaluating LJB’s current internal controls, I have found several positive acts. First, the accountant of LJB has recently started to use prenumbered invoices, which I believe to be a right decision because all companies, including LJB, should establish proper documentation procedures. LJB should document transactions and events when they occur. The use of prenumbered invoices can help to prevent a transaction from being recorded more than once, or conversely, from not being recorded at all (Kimmel, Weygandt, & Kieso, 2011, p. 341).
In addition, an effective internal control system should require that all source documents be promptly forwarded to the accounting department for accounting entries; this helps to ensure timely recording of the transactions and contributes directly to the accuracy and reliability of the accounting records (Kimmel, Weygandt, & Kieso, 2011, p. 341). So when the accountant has asked for buying an indelible ink machine to print checks, I believe it will be a wise and necessary purchase. Second, the accountant does a good job of moving all checks into a safe in his office during weekends.
This is in compliance with physical controls, which relate to the safeguarding of assets and enhance the accuracy and reliability of the accounting records (Kimmel, Weygandt, & Kieso, 2011, p. 342). By moving the checks into the safe, they are secured during nonbusiness hours and not accessible to no one, this prevents potential fraud and theft. LJB’s Improper Internal Controls On the other hand, there are several other controls which LJB is not doing properly. First, the accountant is now serving two roles as both treasurer and controller.
This is a violation of segregation of duties. Different individuals should be responsible for related activities, however, the accountant is responsible for both supply purchases and payments for these purchases, and this increases the potential for errors and irregularities (Kimmel, Weygandt, & Kieso, 2011, p. 339). Since the accountant can make orders of supplies without supervisory approval, he may be tempted to receive kickbacks from suppliers (not saying he will); he may authorize payments for fictitious invoices since he also has payment authorization.
Moreover, the accountant should not be responsible for both receiving checks and completing monthly bank reconciliations, because since he is the person who handles record keeping for LJB, he should be neither responsible for physical custody of the received checks (which are basically cash) nor have access to them (Kimmel, Weygandt, & Kieso, 2011, p. 340). Both vacancies of segregation of related activities and segregation of record-keeping from physical custody controls leave a great potential of fraud for LJB, not mentioning there is a lack of independent internal verification (Kimmel, Weygandt, & Kieso, 2011, p. 343).
Second, LJB is missing control over its petty cash. If all employees have access to petty cash, it is a violation of establishment of responsibility (Kimmel, Weygandt, & Kieso, 2011, pp. 338-339). In addition, not only no one is responsible for the petty cash, employees who use the money are only asked to leave a note, this violates the documentation procedures controls. Third, the firing incident indicates LJB is doing poorly on three controls: human resource controls (Kimmel, Weygandt, & Kieso, 2011, p. 344), physical controls, and establishment of responsibility. LJB did not conduct a thorough background check on the convicted employee.
If a thorough background check was performed LJB should had found out that this person was convicted guilty and served time for molesting children. Also, since LJB does not assign individual passwords to employees, it was no surprise that it had difficulty getting the convicted employee’s confession of viewing pornography on company computer. Last, the accountant should not be engaged in interviewing and approving new hires, since he is already responsible for other tasks. Instead, the human resources department should be involved in the hiring process, along with the president.
Recommendations for Improvement These poor internal controls indicate LJB’s vulnerability to frauds, which not only serve as threats to LJB but also hinder the company’s capability of going public. Nevertheless, actions can be taken to fix such flaws. First of all, LJB should assign different individuals to handle supply purchase and payment tasks. If the accountant is responsible for making orders of supplies, he should receive approvals for these purchases, and should not be granted payment authorization. If he authorizes payments, he should not be made responsible for purchasing supplies.
Also, since he prepares bank reconciliations, he should not have custody of the received checks; a different individual should be assigned for such task. In addition, for enhanced security, LJB can assign another employee who is independent of the personnel responsible for the activities to conduct independent internal verification. He/she can compare the payment checks to invoices; he/she can also compare total receipts to bank deposits on a monthly basis to see if there is reconciliation between the cash balance per books and the cash balance per bank.
If there is any discrepancy, he/she can report to the management immediately for corrective action (Kimmel, Weygandt, & Kieso, 2011, pp. 343-344). Secondary, LJB needs to set up a petty cash fund (not sure one is existed currently) and appoint a custodian who is responsible for such fund. Size of the petty cash fund should be determined, expenditures from the fund should be limited and certain types of transactions should not be permitted from the fund. The custodian of the und should have authority to make payments from petty cash that conform to these prescribed policies (Kimmel, Weygandt, & Kieso, 2011, p. 367). Also, for documentation purpose, instead of a note from users of the petty cash, each payment from the fund must be documented on a prenumbered petty cash receipt, signatures of both the custodian and the individual who receiving payment must be on the receipt. If other supporting documents such as an invoice are available, they should be attached to the receipt (Kimmel, Weygandt, & Kieso, 2011, p. 367).
Furthermore, internal control over petty cash fund can be strengthened by (1) having a supervisor make surprise counts of the fund to ascertain whether the paid petty cash receipts and fund cash equal the designated amount, and (2) canceling or mutilating the paid petty cash receipts so they cannot be resubmitted for reimbursement (Kimmel, Weygandt, & Kieso, 2011, p. 369). Lastly, from now on, LJB must conduct thorough background checks on all new hires. Two things can be verified to support the checks: (1) Check to see whether job applicants actually graduated from the schools they list. 2) Never use the telephone numbers for previous employers given on the reference sheet; always look them up (Kimmel, Weygandt, & Kieso, 2011, p. 344). The human resources department should be held responsible for all background checks. In addition, all employees should be assigned individual passwords for signing into company computers, and these passwords should only be known to the individuals whom they are assigned to. LJB may also consider installing an advanced firewall program on computers which prohibits users from logging in external indecent websites.