Useful Governmental Internal Controls that You Need Know

By Charles Hall | Fraud

Apr 02

Below I provide useful governmental internal controls that you need to know.

Why am I providing this list of useful controls? Most small governments struggle with establishing sound internal controls. So, the list provides a foundation for preventing theft in your government. While not a comprehensive list, I thought I would share it.

Many of the internal controls listed below are also pertinent to nonprofits and small businesses as well. You will find this same checklist in The Little Book of Local Government Fraud Prevention (available on Amazon) which provides many more fraud prevention ideas.

I am providing general fraud prevention controls and then transaction-level controls for:

  • Cash receipts and billing
  • Cash payments and purchasing
  • Payroll

governmental internal controls

Useful Governmental Internal Controls

General Internal Controls

  1. Have bank statements mailed directly to someone outside of accounting; recipient should peruse bank statement activity before providing it to accounting
  2. Perform surprise audits (use outside CPA if possible)
  3. Elected officials and management should review the monthly budget to actual reports (and other pertinent financial reports)
  4. Map internal control processes by transaction cycle (preferably done by a seasoned CPA); once complete, provide the map to all employees involved in the cycle; when control weaknesses exist, institute additional controls (see 11. below)
  5. Use a whistleblower program (preferably use an outside whistleblower company)
  6. Reconcile bank statements monthly (have a second person review and initial the reconciliation)
  7. Purchase fidelity bond coverage (based on risk exposure)
  8. Periodically request from the government’s bank a list of all bank accounts in the name of the government or with the government’s federal tax I.D. number; compare the list to bank accounts set up in the general ledger
  9. Secure computer access physically (e.g., locked doors) and electronically (e.g., passwords)
  10. Do not allow the electronic transmission (e.g., email) of sensitive data (e.g., social security numbers) without the use of protected transmission technology (e.g. Sharefile); create policy and train staff
  11. Where possible, segregate who (1) authorizes transactions, (2) records transactions, (3) reconciles records, and (4) has custody of assets; when segregation of duties is not possible, require documented second-person review and/or surprise audits

Transaction Level Controls

Cash Receipts and Billing Controls

  1. Use a centralized receipting location (when possible)
  2. Assign each cash drawer to a separate person; require daily reconciliation to receipts; require second person review
  3. Deposit cash timely (preferably daily); require the composition of cash and checks to be listed on each deposit ticket (to help prevent check-for-cash substitution)
  4. Immediately issue a receipt for each payment received; a duplicate of the receipt or electronic record of the receipt is to be retained by the government
  5. A supervisor should review receipting-personnel adjustments made to accounts receivable
  6. Do not allow the cashing of personal checks (e.g., from cash drawers)

Cash Payments and Purchasing Controls

  1. Guard all check stock (as though it were cash)
  2. Do not allow hand-drawn checks; only issue checks through the computerized system; if hand-drawn checks are issued, have a second person create and post the related journal entry
  3. Do not allow the signing of blank checks
  4. Limit check signing authorization to as few people as possible
  5. Require two employees to effectuate each wire transfer
  6. Persons who authorize wire transfers should not make related accounting entries
  7. Require a documented bidding process for larger purchases (and sealed bids for significant purchases or contracts); specify procedures for evaluating and awarding contracts.
  8. Limit the number of credit cards and the chargeable maximum amount on each card
  9. Allow only one person to use an individual credit card; require receipts for all purchases
  10. Require a street address and social security or tax I.D. numbers for each vendor added to accounts payable vendor list (P.O. box numbers without a street address should not be accepted)
  11. Signed vendor checks should not be returned to those who authorized the payment; mail checks directly to vendors
  12. Compare payroll addresses with vendor addresses for potential fictitious vendors (usually done with electronic audit tools such as IDEA or ACL)

Payroll Controls

  1. Provide a departmental overtime budget/expense report to governing body or relevant committee
  2. Use direct deposit for payroll checks
  3. Payroll rates keyed into the payroll system must be supported by proper authorization in the employee personnel file
  4. Immediately remove terminated employees from the payroll system
  5. Use biometric time clocks to eliminate buddy-punching
  6. Check for duplicate direct-deposit bank account numbers
  7. A department head should provide written authorization for overtime prior to payment

Your Recommendations

What additional controls do you recommend? Share your thoughts below.

Learn from my CPA Hall Talk newsletter!

Get my free weekly accounting and auditing digest with the latest content.

Powered by ConvertKit
Follow

About the Author

Charles Hall is a practicing CPA and Certified Fraud Examiner. For the last thirty years, he has primarily audited governments, nonprofits, and small businesses.He is the author of The Little Book of Local Government Fraud Prevention and Preparation of Financial Statements & Compilation Engagements. He frequently speaks at continuing education events.Charles is the quality control partner for McNair, McLemore, Middlebrooks & Co. where he provides daily audit and accounting assistance to over 65 CPAs. In addition, he consults with other CPA firms, assisting them with auditing and accounting issues.

  • Yes, Dr. Hurt. I agree with your suggestion on educating employees about controls and fraud risk (as well as governmental accounting). I know some whistleblower companies train employees with regard to fraud, though I don’t know how well they do this. But, to your point, if employees don’t know what a red flag looks like, they miss it (and therefore not report it). Thanks for your comment.

  • Dr. Bob Hurt, CFE says:

    A good list! I’d add educating employees about internal control and fraud risk, with particular emphasis on spotting red flags. Also, I think most government employees would benefit from a rudimentary understanding of government accounting.

  • armando balbin says:

    A comprehensive list. In the Purchasing Controls, under no. 7, I would like to include “specify the procedure for evaluating and awarding contracts”

  • I like your idea Armando. I have amended the list. Thanks.

  • Arogundale, I think every government should evaluate its internal control structure, realizing that smaller governments will have less complex control designs. The smaller governments that may not be able to segregate of their accounting duties should, at a minimum, use compensating controls such as surprise audits and second person reviews of reports.

  • Roman Gray says:

    It’s worth mentioning specifically that the individual(s) in charge of updating payroll information and processing payroll should not have “update” access to the personnel listing. In like manner, the individual(s) in charge of processing accounts payable should not be able to approve invoices or update the vendor listing.

    These two functions are important because “payroll” and “payables” are the gates through which the money exits the establishment, and the easiest way to misappropriate is to create false payments or recipients.

  • More good thoughts Roman. A lack of segregation in these areas could be quite costly. Yes indeed. Thanks for sharing.

  • Thanks Frank for your comment. Glad you liked the list.

  • Sedgwick, feel free to post the internal control list on your website. Please make sure that your readers understand it is not intended to be a comprehensive list; it is simply a list of some controls that I thought of as I created the summary. I agree with your additional salary verification ideas – good points.

  • Dan says:

    Awesome list! I shall provide some of this info to my clients as well. Thanks!

  • Dan, glad you found it of interest. Thanks for the comment. Hope you will visit again soon.

  • armando balbin says:

    Clients encrypting sensitive data

  • >