I want to first start off by saying thank you for the opportunity to handle such an important and sensitive matter such as the internal control for the LJB Company. First and foremost I want you to be aware of the requirements of your company if you do decide to go public. The Sarbanes-Oxley Act of 2002 (SOX) which was passed by congress requires all publicly traded U.S corporations to maintain an adequate system of internal control. Corporate executives and boards of directors like yourself must ensure that these controls are reliable and effective. In addition, independent outside auditors must attest to the adequacy of the internal control system.
Companies that fail to comply are subject to fines, and company officers can be imprisoned. LJB Company is currently doing some things well that I suggest they continue. The use of pre-numbered invoices allows for missing or undocumented invoices to be caught quickly. This practice is considered a documentation procedure under internal controls. Having two managers approve new hires helps ensure a good fit. It’s good that the accountant completes bank reconciliation. While using a bank is a form of control for cash, the reconciliation enables LJB to make sure there are no errors between what the bank and what they have on the books.
There are a number of practices by LJB that don’t deter fraud and would need to be changed before considering going public. Segregation of duties: The duties for handling assets need to be separated amongst multiple employees. Employees that handle cash should not be involved in the bank reconciliation or invoices. Employees responsible for purchasing should not have any payment or reconciliation duties. By segregating duties, there is more than one person involved in the sales and purchasing cycle so that one person cannot be behind a fake transaction or remove cash or purchased assets without it being noticed by another. Access to assets: All employees should not have access to petty cash. The cash should be locked and those with a key should ensure proper documentation for cash distributed to be sure it is authorized.
The person responsible for reconciling the petty cash should do so randomly to deter its abuse. As far the indelible ink machine I see no problem printing your own checks as long as you use pre-numbered check stock paper to write the checks. Otherwise you will not know that you have accounted for every check written. Also, this is an area of responsibility that should be segregated. The person responsible for printing the checks should not have the authority to sign them. This will help insure they are not writing checks to themselves. LJB should consider purchasing the indelible ink printer once they have the manpower to have the duties segregated. By using indelible ink, the checks printed will be harder to change once printed, which is a good physical control of cash.
Paycheck Lock-Up: Although the accountant is locking the employee’s paychecks over the weekend, he should actually be locking them at all times. Anytime the accountant steps away from their desk and these checks are not locked, sensitive employee information is vulnerable. Background checks: I recommend that LJB implement the Human Resource control of conducting background checks of all employees before officially hiring.
This way they will discover if the potential employee has a past that could negatively impact the company (fraud, theft, other criminal activity) Passwords: Passwords are a key control preventing employees from accessing data outside of their duties and changing transaction data from initial amounts to cover up errors, fraud or theft. Everyone should have an individual password and not reveal it to another. Changing passwords periodically is a best practice. I hope that LJB finds this report helpful and that it prepares them for potentially going public.