Back to top

How to Prevent Bad Accounting; Internal Controls

Writtin by: Paul Bogdanoff, CPA and Tim Dages, CPA

In Jacob Soll’s history of accounting, The Reckoning, he states “. . . bad accounting has a way of coming back to haunt those who practice it.”  Symptoms of bad accounting may include IRS notices, the loss of the entity’s assets or higher accounting fees. Bogdanoff Dages and Co., P.C. have experienced first-hand the perils when internal control systems are lacking.

Internal Control Systems are the policies and procedures management uses to achieve the following goals:

Safeguard assets - Well designed internal controls protect assets from accidental loss or loss from fraud.

Ensure the reliability and integrity of financial information - Internal controls ensure that management has accurate, timely and complete information.

Ensure compliance - Internal controls help to ensure the compliance with the many laws and regulations.

Promote efficient and effective operations - Internal controls promote an environment in which the efficiency and effectiveness of the operations may be maximized.

Accomplishment of goals and objectives - Internal controls provide a mechanism for management to monitor the achievement of the operation.

The internal control framework of an organization’s system includes:

Control environment: A sound control environment is created by management through communication, examples and setting the proper tone to be followed. Management’s should set a tone that focus on integrity, a commitment to investigating difference, thoroughness in designing systems and assigning responsibilities.

Risk Assessment: The entity should identify the areas where the threat or risk of inaccuracies or loss exists. The areas with greatest risks of loss should receive the greatest effort and controls.

Monitoring and Reviewing: The system of internal control should be periodically reviewed from time to time. Periodic assessment assures that internal control activities have not become out of date or no longer useful.  Internal controls should also be upgraded to remain effective for the organization’s current risks.

Information and communication: It is paramount that a clear plan for communicating responsibilities and expectations is essential component of internal controls.  

Control activities: These are the activities that occur within an internal control system. These are fully described in the next section.

Best Practices of internal control activities are the procedures as well as the day to day activities that transpire within the system. A sound internal control system ought to contain the control activities listed below. These activities commonly fit into two types of activities.

  1. Preventive: Preventive controls are activities that aim to reduce the instance of errors or fraud. Preventive activities should include complete documentation and authorization practices. Preventive control activities deter unwanted events from transpiring, thus necessitate risk assessment and a well thought out accounting procedures.
  2. Detective: Detective controls identify, after the fact, undesirable occurrences. Reconciliation of accounts is the most obvious detective control.

Authorization, documentation reconciliation security and separation of duties are the activities that are best practices.

After a solid internal control system is in place the management of the organization should regularly communicate updates to the system and periodically assess the risk and assess how the organization is taking steps to reduce the assessed risks. The organization should document the risk assessment and maintain the documentation.

Bogdanoff Dages and Co., P. C. stands ready to assist with the development of internal control structures or answer question relating to internal control. Give Tim or Paul a call to discuss your internal control concerns.