Read Prentice Hall's one-day MBA in finance & accounting Online
Authors: Michael Muckian,Prentice-Hall,inc
Tags: #Finance, #Reference, #General, #Careers, #Accounting, #Corporate Finance, #Education, #Business & Economics
In summary, internal controls have two primary purposes: (1) to ensure the accuracy, completeness, and timeliness of information collected, processed, and reported by the accounting system, and (2) to deter and detect dishonest, illegal, and other behaviors counter to the policies of the business by its employees, managers, customers, and others.
This is a tall order, but any business manager you ask about this will attest to the need for effective internal accounting controls.
The ideal internal accounting control is one that ensures the integrity of the information being recorded and processed, one that deters or at least quickly detects any fraud and dishonesty, and one that is cost-effective. Some controls are simply too costly or are too intrusive on personal privacy. Body searches of employees leaving work might qualify, though dia-mond and gold mines take these precautions, I understand, and a recent article in the
New York Times
indicated that some of General Electric’s employees must go through a search on exiting from work.
248
M A N A G E M E N T C O N T R O L
INDEPENDENT AUDITS AND INTERNAL AUDITING
The national organization of CPAs, the American Institute of Certified Public Accountants (AICPA), is a good source for useful publications that deal with internal accounting controls.*
These are superb summaries and reflect the long experience of CPAs in auditing a wide range of businesses. The AICPA’s guidelines are an excellent checklist for the types of internal accounting controls that a business should establish and enforce with due diligence.
Speaking of CPAs, financial statement audits by independent public accountants can be viewed as one type of internal control. Based on its annual audit, the CPA firm expresses an opinion on the external financial statements issued by a business. Business managers should understand the limits of audits by CPAs regarding the discovery of errors and fraud. Auditors are responsible for discovering material errors and fraud that would cause the financial statements to be misleading. However, it is not cost-effective to have the outside auditor firm do a thoroughgoing examination that would catch all errors and fraud. It would take too long and cost too much. The first line of defense is the business’s internal accounting controls. Having an audit by an independent CPA firm provides an independent appraisal and check on its internal controls, but the business itself has the primary responsibility to design and establish effective internal accounting controls.
Many larger business organizations establish an internal auditing function in the organization structure of the business.
Although the internal auditors are employees of the organization, they are given autonomy to act independently. Internal auditors report to the highest levels of management, often directly to the board of directors of the corporation. Internal auditors monitor and test the organization’s internal accounting
*A good place to start is
Statement on Auditing Standards No. 55,
“Consideration of the Internal Control Structure in a Financial Statement Audit”
(American Institute of Certified Public Accountants, Inc., New York, originally issued in 1988 and later amended). Also, the AICPA has put out an
Audit Guide
on this topic, and the Committee of Sponsoring Organizations of the Treadway Commission issued a series of influential publications dealing with internal control in 1992.
249
E N D T O P I C S
controls regularly. They also carry out special investigations, either on their own or at the request of top management and the board of directors. Different departments and areas of operation are audited on a surprise basis or on a regular rotation basis.
FRAUD
DANGER!
Business fraud is like adultery. It shouldn’t happen, but those who do it make every attempt to hide it, although it often comes out eventually. The same holds true for business fraud. Businesses handle a lot of money, have many valuable assets, and give managers and other employees a great deal of authority. So it’s not surprising that a business is vulnerable to fraud and other dishonest schemes. Fraud, in contrast to theft, involves an element of deception. The guilty person is in a position of trust and authority. The perpetrator of fraud owes a duty to his or her employer, but deliberately violates this duty and covers up the scheme.
Many books have been written on business fraud. Many seminars and training programs are offered that deal with fraud in the business world. Indeed, developments are under way to make the control and detection of business fraud a professional specialty. Keep in mind that audits and internal accounting controls are not foolproof. A disturbing amount of fraud still slips through these preventive measures. High-level management fraud is particularly difficult to prevent and detect. By their very nature, high-level managers have a great deal of authority and discretion. Their positions of trust and power give high-level managers an unparalleled opportunity to commit fraud and the means to conceal it.
A few years ago several investment banks and other financial institutions revealed huge losses caused by employees making unauthorized trades in financial derivatives. In virtually all of these cases there was a breakdown in important internal controls. Many of these cases violated one of the most important of all internal controls—requiring two or more persons to authorize significant expenditures and major risk exposures.
Many of these cases also revealed another key internal control that was violated:
separation of duties.
The authority for making a decision and carrying it out should always be separated
250
M A N A G E M E N T C O N T R O L
from its accounting and record keeping functions. One person should never do both.
One prime example of a high-risk fraud area in business comes to mind. The purchasing agents of a business are vulnerable to accepting bribes, kickbacks, under-the-table payments, and other favors from vendors. A purchasing agent I know very well made me aware of how serious a problem this is. He didn’t say that all purchasing agents are corrupt, but he certainly suggested that the temptation is there and that many succumb.
Keeping a close watch on cash flows is a good way to catch signs of possible fraud, which is evidently overlooked by most managers. Most fraud schemes and scams go after the money.
As Willie Sutton said when asked why he robbed banks,
“Because that’s where the money is.” To get the money and conceal the fraud as long as possible, a perpetrator must manipulate and misstate an asset or a liability—most often accounts receivable, inventories, or sometimes accounts payable. (Other assets and liabilities may also be involved.) In particular, managers should keep alert to increases in accounts receivable and inventories. Not only do these increases cause negative cash flow effects, such increases could signal a suspicious change that is not consistent with changes in sales activity and other facts and information known to the manager.
It may be argued that businesses should aggressively prose-cute offenders. The record shows, however, that most businesses are reluctant to do this, fearing the adverse publicity surrounding legal proceedings. Many businesses adopt the pol-icy that fraud is just one of the many costs of doing business.
They don’t encourage it, of course, and they do everything practical to prevent it. But in the final analysis, a majority of businesses appear to tolerate some amount of normal loss from fraud.
As an example, suppose an employee or midlevel manager steals inventory and sells the products for cash, which goes into his or her pocket. A good management control reporting system keeps a very close watch on inventory levels and cost-of-goods-sold expense ratios. If a material amount of inventory is stolen, the inventory shrinkage and/or profit margin figures should sound alarms. The sophisticated thief realizes
251
E N D T O P I C S
this and will cover up the missing inventory. Indeed, this is exactly what is done in many fraud cases.
In one example, a company’s internal controls were not effective in preventing the coverup; the accounting system reported inventory that in fact was not there. Thus, inventory showed a larger increase (or a smaller decrease) than it should have. You might think that managers would be alert to any inventory increase. But in the majority of fraud cases, managers have not pursued the reasons for the inventory increase. If they had, they might have discovered the inventory theft.
In similar fashion, fraud may involve taking money out of collections on accounts receivable, which is covered up by overstating the accounts receivable account. Other fraud schemes may use accounts payable to conceal the fraud.
Managers should keep in mind that the reported profit performance of the business will be overstated as the result of undiscovered fraud. This is terribly embarrassing when it is discovered and prior financial statements have to be revised and restated. But fraud can be disastrous. Furthermore, it may lead to firing the executive who failed to discover the theft or fraud; one responsibility of managers is to prevent fraud by subordinates and to devise ways and means of ensuring that no fraud is going on.
MANAGEMENT CONTROL REPORTING GUIDELINES
The design of effective and efficient management control reports is a real challenge. This section presents guidelines and suggestions for management control reporting. Unfortunately, there is no one best format and system for control reporting. There is no one-size-fits-all approach for communicating the vital control information needed by managers, no more than there are simple answers in most areas of business decision making. One job of managers is to know what they need to know, and this includes the information they should get in their control reports.
Control Reports and Making Decisions
The first rule for designing management control reports is that they should be based on the decision-making analysis
252
M A N A G E M E N T C O N T R O L
methods and models used by managers. This may sound straightforward, but it’s not nearly as easy as it sounds. This first rule for control reports is implicit in the concept of feedback information discussed at the beginning of the chapter.
One problem is that control reports include a great deal of detail, whereas the profit and cash flow models that are best for decision-making analysis are condensed and concise.
Nevertheless, control reports should resonate as much as possible with the logic and format of the models used by managers in their decision-making analysis. For example, the reports each period on the actual results of a capital investment decision should be structured the same as the manager’s capital investment analysis. If the manager uses the layout shown in Figures 14.2 and 14.3, for instance, then the control report should be in the same format and include comparison of actual returns with the forecast returns from the investment.
Need for Comparative Reports
More than anything else, management control is directed toward achieving profit goals and meeting the other financial objectives of the business. Goals and objectives are not established in a vacuum. Prior-period performance is one reference for comparison, of course. Ideally, however, the business should adopt goals and objectives for the period that are put into a framework of clear-cut benchmarks and standards against which actual performance is compared. Budgeting, discussed later in the chapter, is one way of doing this.
In practice, many companies simply compare actual performance for the current period against the previous period.
This is certainly better than no comparison at all, and it does focus attention on trends, especially if several past periods are used for comparison and not just the most recent period.
However, this approach may sidetrack one of management’s main responsibilities, which is to look ahead and forecast changes in the economic environment that will affect the business.
Changes from previous period may have been predictable and should have been built into the plan for the current period. The changes between the current period and the previous period don’t really present any new information relative
253
E N D T O P I C S
to what should have been predicted. The manager should get into a forward-planning mode. Based on forecasts of broad average changes for the coming period, profit and cash flows budgets are developed, which serve as the foundation for planning the capital needs of the business during the coming period. One danger of using the previous period for compari-
son is that the manager gets into a rear-view style of manage-
ment—looking behind but not ahead.
Management by Exception
One key concept of management control reporting is referred to as
management by exception.
Managers have limited time to spend on control reports and therefore they focus mainly on deviations and variances from the plan (or budget). Departures and detours from the plan are called
exceptions.
The premise is that most things should be going according to plan but some things will not. Managers need to pay the most attention to the things going wrong and the things that are off course.
Frequency of Control Reports
A tough question to answer is how frequently to prepare con-
trol reports for managers. They cannot wait until the end of TEAMFLY
the year for control reports, of course, although a broad-based and overall year-end review is a good idea to serve as the platform for developing next year’s plan. Daily or weekly con-
trol reports are not practical for most businesses, although some companies, such as airlines and banks, monitor sales volume and other vital operating statistics on a day-to-day basis.
Monthly or quarterly management control reports are the most common. Each business develops its own practical solu-
tion to the frequency question; there’s no single general answer that fits all companies. The main thing is to strike a balance between preparing control reports too frequently ver-