Below I provide useful governmental internal controls that you need to know.
Why am I providing this list of useful controls? Most small governments struggle with establishing sound internal controls. So, the list provides a foundation for preventing theft in your government. While not a comprehensive list, I thought I would share it.
Many of the internal controls listed below are also pertinent to nonprofits and small businesses as well. You will find this same checklist in The Little Book of Local Government Fraud Prevention (available on Amazon) which provides many more fraud prevention ideas.
I am providing general fraud prevention controls and then transaction-level controls for:
What additional controls do you recommend? Share your thoughts below.
Get my free accounting and auditing digest with the latest content.
Do you desire to increase your knowledge of fraud prevention and detection? This book will get you there quickly. Click the "buy now" button to see the book on Amazon.
Charles Hall is a practicing CPA and Certified Fraud Examiner. For the last thirty years, he has primarily audited governments, nonprofits, and small businesses. He is the author of The Little Book of Local Government Fraud Prevention and Preparation of Financial Statements & Compilation Engagements. He frequently speaks at continuing education events. Charles is the quality control partner for McNair, McLemore, Middlebrooks & Co. where he provides daily audit and accounting assistance to over 65 CPAs. In addition, he consults with other CPA firms, assisting them with auditing and accounting issues.
Session expired
Please log in again. The login page will open in a new tab. After logging in you can close it and return to this page.
Yes, Dr. Hurt. I agree with your suggestion on educating employees about controls and fraud risk (as well as governmental accounting). I know some whistleblower companies train employees with regard to fraud, though I don’t know how well they do this. But, to your point, if employees don’t know what a red flag looks like, they miss it (and therefore not report it). Thanks for your comment.
A good list! I’d add educating employees about internal control and fraud risk, with particular emphasis on spotting red flags. Also, I think most government employees would benefit from a rudimentary understanding of government accounting.
A comprehensive list. In the Purchasing Controls, under no. 7, I would like to include “specify the procedure for evaluating and awarding contracts”
I like your idea Armando. I have amended the list. Thanks.
Arogundale, I think every government should evaluate its internal control structure, realizing that smaller governments will have less complex control designs. The smaller governments that may not be able to segregate of their accounting duties should, at a minimum, use compensating controls such as surprise audits and second person reviews of reports.
It’s worth mentioning specifically that the individual(s) in charge of updating payroll information and processing payroll should not have “update” access to the personnel listing. In like manner, the individual(s) in charge of processing accounts payable should not be able to approve invoices or update the vendor listing.
These two functions are important because “payroll” and “payables” are the gates through which the money exits the establishment, and the easiest way to misappropriate is to create false payments or recipients.
More good thoughts Roman. A lack of segregation in these areas could be quite costly. Yes indeed. Thanks for sharing.
Thanks Frank for your comment. Glad you liked the list.
Sedgwick, feel free to post the internal control list on your website. Please make sure that your readers understand it is not intended to be a comprehensive list; it is simply a list of some controls that I thought of as I created the summary. I agree with your additional salary verification ideas – good points.
Awesome list! I shall provide some of this info to my clients as well. Thanks!
Dan, glad you found it of interest. Thanks for the comment. Hope you will visit again soon.
Clients encrypting sensitive data