Bill Fitzwater Cooperative Chair
Oklahoma State University
Broadly defined, internal controls is a process employed by the board, manager and other personnel to prevent fraud, ensure reliable financial reporting and stay in compliance with laws and regulations. Everyone in the cooperative is responsible for the internal controls impacting their area. The CEO has the ultimate responsibility for implementing internal controls while the board has the responsibility to ensure that a system of internal controls is implemented and is effective.
Like many systems within a cooperative, the process of designing and implementing internal controls begins with an assessment of risks. In essence this is asking the questions “How could someone commit fraud or theft? How could someone misstate our financial performance? What could go wrong in our compliance with regulations? A system of internal controls is then designed to address those risks. Some of the common components or activities involving internal controls are: reconciliations, segregation of duties, authorizations for dispersing funds, approvals and authorizations for activities and regular board reviews of financial performance.
Internal controls are more difficult to implement in smaller entities. The smaller number of staff members makes segregation of duties more difficult. For example the same financial officer may be writing checks and reconciling the bank statements or the elevator superintendent may be authorizing bin entry and entering the bin. In these cases more oversight by the CEO and board may be warranted. For example, a board member could receive a duplicate copy of the bank statements or the CEO could periodically review bin entry and other compliance procedures. As cooperatives move to electronic transactions it is important that the checks and balances in the authorization process are not inadvertently eliminated.
Some “best management practices” for internal controls include:
- Board and management personally comply with all procedures and controls and thus set the tone at the top
- Established system of password controls, password management and other application controls in the information systems
- Periodic review of accounting system reports, inspection of bank statements and other reconciliations
- Frequent random spot measurement of inventories
- The Board of Directors reviews some aspect of internal controls at every board meeting.
Internal controls cannot prevent all instances of fraud, theft, or regulatory compliance failure. However, it is always better to work on the barn door before the horse escapes! If you would like a copy of my new publication on internal controls for cooperatives, drop me an email.