Information technology controls (IT controls) are getting increased attention with the implementation of SAS 145, Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatements.
IT Controls Video
In the following video, I provide an overview of what you need to do regarding IT controls including general and information processing controls.
Consider general controls and transaction processing controls as you plan your financial statement audits.
General Controls
Examples of general controls include:
Passwords
Intrusion detection
Backup and recovery
Logical access to software
Change control
Physical protection of IT systems
Transaction Processing Controls
An example of a transaction processing control is a software requirement that information in purchase orders, invoices, and shipping documents agree (known as a three-way match) before processing the payment.
Design and Implementation
Review the design and implementation of these IT controls, and do so in the planning phase of your audit. Weak IT controls may require you to perform additional audit procedures to lower detection risk. Why? Because weak general controls or transaction processing controls might allow material misstatements to occur without detection.
Are you looking for payment fraud tests? Ways to detect fraudulent payments and create unpredictable tests. Here’s your article.
You are leading the audit team discussion concerning disbursements, and a staff member asks, “Why don’t we ever perform fraud tests? It seems like we never introduce elements of unpredictability.”
You respond by saying, “Yes, I know the audit standards require unpredictable tests, but I’m not sure what else to do. Any fresh ideas?”
The staff member sheepishly responds, “I’m not sure.”
And you are thinking, “What can we do?”
Five Payment Fraud Tests
Here are five payment fraud tests that you can perform in most any audit.
1. Test for duplicate payments
Why test for duplicate payments?
Theft may occur as the accounts payable clerk generates the same check twice, stealing and converting the second check to cash. The second check may be created in a separate check batch, a week or two later. This threat increases if (1) checks are signed electronically or (2) the check-signer does not normally examine supporting documentation and the payee name.
How can you test for duplicate payments?
Obtain a download of the full check register in Excel. Sort by dollar amount and vendor name. Then investigate same-dollar payments with same-vendor names above a certain threshold (e.g., $25,000).
2. Review the accounts payable vendor file for similar names
Why test for similar vendor names?
Fictitious vendor names may mimic real vendor names (e.g., ABC Company is the real vendor name while the fictitious name is ABC Co.). Additionally, the home address of the accounts payable clerk is assigned to the fake vendor (alternatively, P.O. boxes might be used).
The check-signer will probably not recognize the payee name as fictitious.
How can you test for similar vendor names?
Obtain a download of all vendor names in Excel. Sort by name and visually compare any vendors with similar names. Investigate any near-matches.
3. Check for fictitious vendors
Why test for fictitious vendors?
The accounts payable clerk may add a fictitious vendor. What address will be entered for the fictitious vendor? You guessed it: the payable clerk’s home address (or P.O. Box).
Pay particular attention to new vendors that provide services (e.g., consulting) rather than physical products (e.g., inventory). Physical products leave audit trails; services, less so.
How can you test for fictitious vendors?
Obtain a download in Excel of new vendors and their addresses for a period of time (e.g., month or quarter). Google the business addresses to check for validity. If necessary, call the vendor. Or ask someone familiar with vendors to review the list (preferably someone without vendor set-up capabilities).
4. Compare vendor and payroll addresses
Why compare vendor and payroll addresses?
Those with vendor-setup ability can create fictitious vendors associated with their own home address. If you compare all addresses in the vendor file with addresses in the payroll file, you may find a match. (Careful – sometimes the match is legitimate, such as travel checks being processed through accounts payable.) Investigate any suspicious matches.
How can you test for the same vendor and payroll addresses?
Obtain a download in Excel of (1) vendor names and addresses and (2) payroll names and addresses. Merge the two files; sort the addresses and visually inspect for matches.
5. Scan all checks for proper signatures and payees
Why test checks for proper signatures and payees?
Fraudsters will forge signatures or complete checks with improper payees such as themselves.
How can you test for proper signatures and payees?
Pick a period of time (e.g., two months), obtain the related bank statements, and scan the checks for appropriate signatures and payees. Also, consider scanning endorsements (if available).
Your Payment Fraud Tests
Those are a few of my payment fraud tests. Please share yours.
Need additional ideas regarding how fraud might occur. Check out my post: 25 Ways Fraud Happens.
My fraud book provides more insights into why fraud occurs, how to detect it, and–most importantly–how to prevent it. See The Little Book of Local Government Fraud Prevention. The book focuses on local government fraud, but most of the information is equally applicable to small businesses.
What is a chart of accounts? If you are new to accounting, you may not know. But you need to understand this part of bookkeeping and accounting whether you use a manual system or an online one such as QuickBooks. A chart of accounts is helpful whether you are using FASB, GASB, or special purpose frameworks.
Below, I explain what a chart of accounts is and how you will use it in bookkeeping and accounting. I also provide thirteen steps to developing a chart of accounts.
What is a Chart of Accounts?
A chart of accounts (COA) is a structured list of an organization’s financial accounts used to categorize and record financial transactions. It serves as the backbone of an accounting system, providing a framework for organizing financial data in a logical manner. The COA is tailored to an organization’s needs and can vary widely in complexity.
The COA is usually hierarchical, with accounts organized in categories and subcategories. These categories include assets, liabilities, equity, revenue, and expenses. Each account within the COA is typically assigned a unique identifier, usually a numerical code (see examples below), to facilitate data entry and reporting.
Example Chart of Accounts
Here’s an example of a chart of accounts:
Assets
– 1010: Cash
– 1010.1 Operating Checking
– 1010.2 Payroll Checking
– 1010.3 Special Projects Checking
– 1020: Accounts Receivable
– 1030: Inventory
– 1040: Fixed Assets
– 1040.1: Buildings
– 1040.2: Machinery
Liabilities
– 2010: Accounts Payable
– 2020: Loan Payable
– 2030: Accrued Expenses
Equity
– 3010: Owner’s Capital
– 3020: Retained Earnings
Revenue
– 4010: Sales Revenue
– 4020: Interest Income
Expenses
– 5010: Cost of Goods Sold
– 5020: Rent Expense
– 5030: Utilities Expense
– 5040: Salaries and Wages
Next, I’ll show you how to create account codes.
Account Coding
The numbers used to identify an account (e.g., 1010 for Cash) vary from entity to entity. Account coding involves several elements, including the following:
Length of the code (the number of digits or characters in the account number)
Use of spaces, dots, or spaces
Hierarchical structure (using general categories and subcategories)
Numerical and alphanumeric (numbers and letters; e.g., 1010AA-15)
Here are examples of operating cash accounts for different companies:
Account number for operating cash
Entity
100.01
Joe’s Machine Shop
1000-01
Wonderful Coffee, Inc.
10-100-01
Jet Products Partnership
10-10-1000-01-A
Bose Industrial
C-10-10-1000-01
Johnson Farms, Inc.
As you can see, the account code for each operating cash account can vary significantly from entity to entity. So, why the differences?
Factors Affecting Account Coding
Several factors drive the account coding, including the following:
Laws or regulations (e.g., state law can dictate account coding for governments)
Industry guidelines
Business needs for certain information
Software requirements (some software packages require the use of specific account coding, such as the number of characters)
Additionally, some entities use prefixes to identify the type of asset, liability, equity, revenue, or expense. Here are examples:
Prefix
Type
10
Asset
20
Liability
30
Equity
40
Revenue
50
Expense
Using the prefixes, the cash and receivable accounts might appear as follows:
Account Number
Account
10-1000
Operating account
10-1005
Payroll account
10-1010
Capital construction account
10-1020
Accounts receivable
10-1025
Due from employees
More complex entities may have longer account codes to accommodate the reporting needs of the entity. For example, a company might use prefix numbers for specific accounts, such as cash. Here’s an example with the first 10 representing assets and the second 10 representing cash.
Account Number
Account
10-10-1000
Operating account
10-10-1005
Payroll account
10-10-1010
Capital construction account
10-20-2000
Accounts receivable
So, why would you add these additional layers in the chart of account number? Additional account coding can make it easier to create financial statements. For example, in the preceding table, total cash can be determined by adding all accounts preceded with 10-10.
So, a company can use account coding to generate certain information, such as total cash.
Next, I’ll show you how the chart of accounts is a part of the financial statement building process.
The Building Blocks of Financial Statements
Key building blocks in the creation of financial statements include:
Chart of accounts
Journal entries
General ledger
Trial balance
Financial statement
First, let’s look at how the chart of accounts and journal entries work together.
The relationship between journal entries and the chart of accounts is akin to the relationship between a script and its cast of characters. The COA serves as the cast—a structured list of all accounts where financial transactions can be recorded. Journal entries, on the other hand, are the script— the actual recording of financial transactions as they occur.
Each line in a journal entry uses an account from the COA. The account’s unique identifier (e.g., 1010.1) is used to specify where the debit or credit is to be recorded.
Account
Description
Debit
Credit
1010.1
Operating Checking
1,000
4010
Sales Revenue
1,000
Second, let’s see how the journal entries feed into the general ledger which feeds into the trial balance.
The COA helps categorize transactions appropriately. For example, if a company makes a sale, it debits an asset account (like Accounts Receivable or Cash) and credits a revenue account (Sales Revenue), as defined in the COA. The company records each transaction (journal entry or accounting entry) in the general ledger account, and the general ledger totals create the trial balances.
For example, if there are ten checking account transactions in May, those are added or subtracted from the May 1 opening balance in the general ledger to arrive at the May 31 balance (e.g., $125,453 in the table below).
Third, here’s how the trial balance feeds into the financial statements.
Now, the trial balance (the summary of all account balances) checking account balance reflects $125,453 at the end of May which is included in the financial statements.
Accounting Sequence
So, let me summarize and say once more what the accounting sequence is.
Accounting entries are made to the general ledger
The general ledger feeds into the trial balance
The trial balance feeds into the financial statement.
Summarizing Accounts for Financial Statements
Here is an example of a company’s cash accounts being combined for presentation in the financial statements.
Account Number
Account Name
Balance
1010.1
Operating Checking
125,453
1010.2
Payroll Checking
55,871
1010.3
Special Projects Checking
144,120
Total Cash
$325,444
From here, we use the total cash balance in the balance sheet.
Financial Statements
Here are a few lines in the balance sheet:
ABC Company
Balance Sheet
12/31/20X4
Cash
$325,444
Account Receivable
548,465
Inventory
2,587,132
Current Assets
$3,461,041
In addition to assisting with financial statement creation, there are other advantages to using a chart of accounts.
Four Advantages to a Chart of Accounts
Consistency and Standardization: The COA provides a standardized framework for recording transactions. This ensures that everyone in the organization uses the same numbering system when making accounting entries, which is crucial for consistency and accuracy.
Budgeting and Analysis: The COA allows for easier budgeting and financial analysis. Management can assess performance against budgets or historical data by reviewing entries in specific accounts (e.g., sales).
Compliance and Regulation: A well-defined COA ensures that journal entries comply with regulatory requirements for financial reporting, especially in sectors like governments and nonprofits.
Error Detection: A well-organized COA can help you quickly identify accounting entry errors. If an entry doesn’t align with the account type (e.g., crediting an asset account when it should be debited), it’s easier to spot.
In light of the above, you may be wondering, “What steps should I follow to get this done?”
Thirteen Steps to Set Up Your COA
Here are steps you can use to set up your COA:
Understand the Business Structure: Before you start, understand the nature of the business or organization. Is it a manufacturing company, a service provider, a nonprofit, or a government entity? The type of organization will influence the accounts you need.
Identify Reporting Needs: Determine the financial statements and reports the organization will need. For example, review sample city financial statements to see what is required if your entity is a city government. This will help you structure the COA to align with the financial statements.
Determine the Basis of Accounting: Cash basis accounting, for example, differs from generally accepted accounting principles (GAAP). GAAP requires accrual accounts such as Accounts Receivable, and the cash basis of accounting does not.
Consult Regulatory Guidelines: For certain types of organizations, especially governments and nonprofits, regulatory guidelines might dictate the structure of the COA.
Choose a Numbering System: Decide your account numbering system. A common approach is to use a series of numbers, often in increments of 10 or 100, to allow for future additions.
Create Main Categories: List the main categories of accounts, such as Assets, Liabilities, Equity, Revenue, and Expenses.
Add Subcategories: Within each main category, add subcategories. For example, Assets contain Current Assets and Noncurrent Assets.
Assign Account Numbers: Assign a unique number to each account based on your numbering system.
Provide Descriptions: Briefly describe each account to clarify its purpose (e.g., operating cash). This is especially useful for anyone not involved in setting up the COA.
Implement in Accounting Software: Most accounting software allows you to customize your COA. Input the accounts, numbers, and descriptions into the software. Before creating your COA, ensure your accounting software allows your desired numbering system. For example, the software might limit the account number to ten digits.
Test and Revise: Test the COA by recording sample transactions after initial setup. Make any necessary adjustments.
Train the Team: Ensure that everyone using the COA understands how to use it correctly.
Review Periodically: Business needs change, and your COA should accommodate those changes. Review the COA periodically and make updates as necessary.
Additional Chart of Account Considerations
Here are some things you need to consider as you develop your chart of accounts:
Balance the number of accounts with your reporting needs. Create additional accounts only when necessary. For example, create salary sub-accounts for each department (e.g., operations salaries, logistics salaries, oversight salaries, management salaries) in a large organization, but one salary account might be sufficient in a small entity.
Some industries, such as healthcare, provide sample COAs. (You’ll find healthcare COA examples on the Internet. The same is true of other industries.) Moreover, some sectors have required COAs. For instance, local governments in Georgia must follow a state-mandated COA.
There are competing issues in developing account codes: Desire for short account numbers versus Desire for additional information. Short account numbers take less time to enter, but they may limit the entity’s informational abilities. The result: the company may need to export account numbers and balances to Excel and manually compute the required information. Many entities lengthen their account numbers to automatically generate information without additional steps (such as exporting to Excel). The 10-10 prefix for all cash accounts (see above) is an example.
As you develop the chart of accounts, share it with all stakeholders, those that this will affect (e.g., department heads in your organization). It’s best to get negative feedback as you develop the chart of accounts, not after it is live in your accounting system.
If you are creating a new account coding system, consider all the information you need (now and in the future) and design the codes accordingly. A common problem for all entities is they outgrow their account codes; when they do, the business may need to revamp the entire account coding—not a pleasant process.
Give Some Love to COA
As I close, let me encourage you to give your chart of account decisions plenty of thought. You’ll be glad you did. If you don’t give your chart of accounts the early love it deserves, you may regret it. Creating a new accounting systems six years out, for example, would be a major headache.
I wish you well as you create your chart of accounts.
Are you looking for online CPA resources? You’ve come to the right place.
There are plenty of online resources, including audit standards, compilation and review standards, illustrative reports, and fraud prevention information. The AICPA’s audit quality centers also offer resources. Some of them are free, while others require a fee.
Online CPA Resources
Here’s a list of online CPA resources that I commonly use (some AICPA documents require an AICPA membership):
Online access to the most current Yellow Book (free)
AICPA Quality Center Resources
While the following are not free, consider joining audit quality centers if you have a concentration in areas such as governments and benefit plans. Once you join a center, you’ll have online access to their information (e.g., newsletters and alerts). In today’s environment, these memberships are vital. I don’t know how anyone can keep up with all the changes in accounting and auditing standards without resources like these.
I have found the AICPA Governmental Audit Quality Center (GAQC) particularly helpful. They provide timely information alerts to keep you abreast of evolving changes such as those related to Yellow Book and Single Audits.
The Employee Benefit Audit Quality Center is also useful. These audit quality centers provide practice aids and CPE classes relevant to governments and benefit plans.
Another great resource (though not free) is the Center for Plain English Accounting (CPEA). The CPEA provides written responses to your technical questions; the AICPA Technical Hotline listed above is free but they don’t provide written responses, only verbal. The CPEA also provides timely articles about accounting and auditing changes, some of the best I have seen. Their quarterly accounting and auditing CPE update is also quite useful.
Your Online Resources
What online resources do you use as a CPA? Leave a comment.
Seven deadly audit sins can destroy you. These audit mistakes kill your profits and effectiveness.
You just completed an audit project, and you have another significant write-down. Last year’s audit hours came in well over budget, and—at the time—you thought, This will not happen again. But here it is, and it’s driving you insane.
Insanity: doing the same thing year after year but expecting different results.
Are you ready for better results?
Audit Mistakes
Here are seven deadly (audit) sins that cause our engagements to fail.
1. We don’t plan
Rolling over the prior year file does not qualify as planning. Using canned audit programs is not planning.
What do I mean? We don’t know what has changed. Why? Because we have not performed real risk assessment such as current year walkthroughs. We have not (really) thought about current year risks of material misstatement.
Each year, audits have new wrinkles.
Are there any fraud rumors? Has the CFO left without explanation? Have cash balances decreased while profits increased? Does the client have a new accounting program or new staff? Can you still obtain the reports you need? Are there any new audit or accounting standards?
Anticipate issues and be ready for them with a real audit plan.
2. SALY lives
Elvis may not be in the house, but SALY is.
Performing the same audit steps is wasteful. Just because we needed the procedure ten years ago does not mean we need it today. Kill SALY. (No, I don’t mean your staff member; SALY stands for Same As Last Year).
I find that audit files are like closets. We allow old thoughts (clothes) to accumulate without purging. It’s high time for a Goodwill visit. After all, this audit mistake has been with you too long. So ask yourself Are all of the prior audit procedures relevant to this year’s engagement?
Will better planning require us to think more in the early phases of the engagement? Yes. Is this hard work? Yes. Will it result in less overall effort? Yes.
Sometimes the Saly issue occurs because of weak staff.
3. We use weak staff
Staffing your engagement is the primary key to project success. Excellent staff makes a challenging engagement pan out well. Poor staff causes your engagement time to balloon–lots of motion, but few results. Maybe you have smart people, but they need training. Consider AuditSense.
Another audit mistake is weak partner involvement.
4. We don’t monitor
Partners must keep an eye on the project. And I don’t mean just asking, “How’s it going?” Look in the audit file. See what is going on. In-charges will usually tell you what you want to hear. They hope to save the job on the final play, but a Hail Mary often results in a lost game.
As Ronald Reagan once said: Trust but verify.
Engagement partners need to lead and monitor. They also need to provide the right technology tools.
5. We use outdated technology
Are you paperless? Using portable scanners and monitors? Are your auditors well versed in Adobe Acrobat? Are you electronically linking your trial balances to Excel documents? Do you use project management software (e.g., Basecamp)? How about conferencing software (e.g., Zoom)? Do you have secure remote access to audit files? Do you store files securely in the cloud (e.g., Box)? Are you using data mining software such as Idea? Do you send electronic confirmations?
Do your staff members fear you so much that they don’t give you the bad news?
6. Staff (intentionally) hide problems
Remind your staff that bad news communicated early is always welcome.
Early communication of bad news should be encouraged and rewarded (yes, rewarded, assuming the employee did not cause the problem).
Sometimes leaders unwittingly cause their staff to hide problems. In the past, we may have gone ballistic on them–now they fear the same.
And here’s one last audit mistake: no post-engagement review.
7. No post-engagement review
Once our audit is complete, we should honestly assess the project. Then make a list of inefficiencies or failures for future reference.
If you are a partner, consider a fifteen-minute meeting with staff to go over the list.