Introduction to Internal Controls

5. Controls over specific transaction cycles

In broad terms, a transaction cycle is a group of processes that relate to the same type of business activity or asset. Here’s a quick example - for the inventory cycle, a business buys, stores, pays for, and sells inventory.  It’s important to understand here that most if not all cycles interact with one or more additional cycles. In our example, selling inventory might involve the cash cycle and the accounts receivable cycle.

You should also be aware that individual companies will define a cycle differently. One very large company might have a cash cycle, an inventory cycle, a receivable cycle, and a payables cycle, while a small business may just have one cycle encompassing all those activities and assets. Cycle organization, however, is not as important as the control activities that are integrated into each cycle.

For most of this section, we’ll discuss several common transaction cycles and basic controls that relate to each cycle, but we’ll first discuss an important general control concept called segregation of duties, which should be established as a part of all major transaction cycles. Keep in mind that the list of cycles and specific controls is by no means all-inclusive, and the internal control environment generally needs to be tailored for each specific business.

5.1. Segregation of duties

Let’s walk through an overly-simplified example that shows why segregation of duties is important. Assume that you are the server at a cash-only mom-and-pop restaurant in a small town. The owners ask you to manage the whole store while they are on a week-long vacation, which means that you will seat customers, wait on the tables, collect the money, and clean up afterwards. At the end of the week, you are to turn in all table tickets and cash receipts you collect. Other than shining integrity, what would stop you from holding back some of the tickets and collected cash from the owners?

Now consider the same situation, except now you’re working with a separate cashier who collects money and copies of table tickets while you keep original tickets. At the end of the week, if the money from the cashier doesn’t match your original tickets, there is a chance that one of you is stealing from the owners. In this second version of events, the employees would have to work together to conceal the theft (recall from earlier that internal controls can’t guarantee that the owners won’t be the victim of fraud for this very reason).

Trusting assets to low-level employees is a standard business risk in today’s economic environment - it’s just not practical for corporate officers and upper level managers to have direct responsibility of every single asset every single day. Trust alone might sound nice in theory (“we don’t need to monitor his activities, he’s been with us for twenty years!”), but a trusted employee-turned-fraudster happens all too often.  Segregation of duties may help to prevent this from happening. Keep in mind, though, that segregation of duties is not utilized solely to combat fraud - the more people involved with a transaction, the less likely an honest mistake will be made.

In general, the same individual should not have two or more of the following responsibilities:

  • Handling physical assets (controlling a cash drawer, working with inventory in a warehouse)
  • Reviewing and approving transactions (signing off on a purchase order or approving the write-off of a loan)
  • Recording transactions in financial records

It is important to note that an individual doesn’t need to handle an asset in order to steal it. Consider this scenario: the same employee can approve purchase orders for services to be delivered to a company and can approve (review) bills from vendors and record such bills for payment.  Instead of assigning a purchase order to a legitimate vendor, though, the employee could set up a fake vendor under her name, approve a purchase order to the vendor, issue a bill to the company from the fake vendor’s address, and when the bill is received, approve and record it for payment.  When the company pays the bill thinking it is a payment to a legitimate vendor, the employee deposits the check into her fake vendor bank account and effectively pockets the money.  Nowhere in this process does the employee have access to the company’s cash, but the employee is still able to steal it because the employee can review and approve transactions as well as record them in financial records without a second set of eyes checking everything in this process.

Not a member?
See why people join our
online accounting course: