Internal controls...
1. General Safeguards
a. The enterprise maintains an organizational chart of personnel and a chart of accounts.
b. The enterprise has adopted and documented its ethics and policies, and the responsibilities and authority of each significant participant or group of participants in the accounting and internal control system.
c. Procedures have been adopted and documented safeguarding access to and storage of the accounting records, including computerized records.
d. The enterprise has adopted procedures for testing and investigating the integrity and reliability of its accounting and internal control systems (including the use of individuals outside the enterprise, such as attorneys, when necessary for independence or confidentiality purposes with respect to discovery by outside third-party persons, entities, or agencies, or people inside the enterprise).
e. The enterprise requires preventative pretransactional due diligence in all appropriate situations to help avoid later disputes or unexpectancies.
f. Transactions between the enterprise and related parties (e.g., management, owners, the immediate families of management and owners, and other persons or entities that can significantly influence the management or policies of the enterprise) receive appropriate authorization and are conducted at arm's length similar to transactions between the enterprise and unrelated parties.
g. Employees who handle cash, checks, securities, and other valuables are bonded.
h. Employee functions and duties are regularly rotated; vacations are enforced.
i. Budgets are used and at least significant deviations from those budgets are investigated.
j. Special accounting journal entries require approval or at least are routinely reviewed by independent personnel.
k. To the extent possible, management has knowledge of the employees who participate in the various accounting functions and their relationships to other employees in those functions.
l. When a corporation owns or controls 20 percent or more of another corporation, including a foreign corporation, and also perhaps in some circumstances when the corporation owns or controls less than 20 percent of another corporation, the owning or controlling corporation investigates the internal control of the owned or controlled corporation to ensure that the internal control satisfies the provisions of the Foreign Corrupt Practices Act.
m. The enterprise employs an in-house public relations person who is the only designate responsible for public disclosures, except in special or limited circumstances. Further, each time the enterprise makes a statement of opinion interpreting or estimating its existing or expected future financial situation, that statement first must be evaluated and approved by designated, competent, and knowledgeable personnel or professional advisors.
n. Accounting estimates, contingencies, reserves, allowances, expense deferrals and revenue accruals in unusual situations (e.g., revenue accruals when there is a right of return or it is not clear the earnings process is complete) are evaluated and approved by designated, competent, and knowledgeable personnel.
2. Cash Receipts And Disbursements Safeguards
a. Personnel who open the mail place restrictive endorsements on checks and make a list of cash, checks, and other payments received.
b. The list referred to in Item 2a is verified against daily deposit slips and the cash receipts journal.
c. Prenumbered receipts or other transactional documentation records are prepared for cash sales, and cash sales are reconciled daily with cash collections and receipts records.
d. Personnel independent of the sales, accounts receivable, and cash functions review customer discounts and allowances.
e. Expense and other payments (other than payments from petty cash) are made by prenumbered check.
f. Checks are signed by an appropriately authorized person who is independent of the employee(s) who prepares the checks.
g. Payments are made only if a check or a request for payment from petty cash is accompanied by supporting documentation and the documentation then is marked as paid.
h. Petty cash and check disbursements above specified amounts require approval.
i. Payments from petty cash, as all other payments, are, in some manner, recorded on prenumbered slips.
j. Petty cash fund balances are small, requiring frequent reimbursement.
k. Access to and authority over company credit card use is strictly controlled. Credit card bills are routinely reconciled with supporting vouchers and bills.
3. Receivables: Notes And Accounts Safeguards
a. Notes require proper authorization.
b. The notes custodian is independent of the cashier and other accounts receivable personnel.
c. An aging of accounts is maintained and reviewed by an employee who is independent of credit and accounts receivable personnel.
d. Write-offs and prenumbered credit memoranda require approval by a designated employee who is independent of the credit manager and accounts receivable personnel.
e. Employee advances require authorization.
4. Inventory Safeguards
a. Inventory access is limited to authorized personnel and, when necessary, is controlled by a documented log.
b. Inventory receiving, issuance, and shipping reports are maintained.
c. Inventory records are maintained by personnel who do not have access to the inventory.
d. Physical inventories with the use of prenumbered tags are taken by personnel who are independent of inventory personnel.
5. Securities/Investments Safeguards
a. Securities are stored in a vault that requires at least two authorized persons for access.
b. A log is maintained of all persons visiting the vault.
c. A log of securities placed in and taken out of the vault is maintained by personnel who are independent of personnel who have access to the vault.
d. Prenumbered vault deposit and withdrawal vouchers are required.
e. Physical securities inventories are taken periodically by personnel who do not have access to the vault or the vault records.
f. The securities custodian is independent of the securities records, general ledger, and cash receipts and disbursements functions.
6. Property, Plant, And Equipment Safeguards
a. Purchases, retirements, and dispositions of property or equipment require authorization, and a work order or voucher system is maintained for such.
b. A record is kept of assets assigned for use by employees, and that record is periodically verified by physical confirmation.
c. Property and equipment inventories are taken periodically by employees who do not have access to inventory records.
7. Payables: Notes And Accounts Safeguards
a. Significant borrowing is approved by management and requires at least two signatures.
b. An employee who does not have authority to sign checks or notes keeps the payables register.
c. Paid notes, interest coupons, bonds, and other documents indicating a liability are marked as canceled or paid.
d. Account payable adjustments or corrections require approval.
8. Capital Securities Safeguards
a. A registrar and a transfer agent, both of whom are independent of the enterprise, are employed to control capital stock custody, transfers, and dividend payments, or those duties are assigned to a designated officer.
b. Surrendered or retired certificates are canceled.
c. Corporate stamps and seals are controlled by a designated officer.
9. Sales, Shipping, And Receiving Safeguards
a. Sales orders, sales invoices, and shipping memoranda are prenumbered.
b. All sales orders, or those above a specified amount, are approved by designated personnel.
c. The receiving department prepares prenumbered receiving reports.
d. Prenumbered credit memoranda are prepared for returns and require appropriate approval.
e. Sales to employees are handled in the same manner as sales to customers (e.g., they receive no special treatment, unless appropriately authorized).
10. Purchases Safeguards
a. Purchase orders and invoices are prenumbered.
b. Purchase orders and invoices, or those above a specified amount, require approval.
11. Payroll Safeguards
a. Payroll is periodically verified with personnel records by employees who are independent of payroll.
b. Payroll is signed by the payroll employee preparing it and authorized or approved by a designated officer, or it is prepared by the payroll department and signed by a designated officer.
c. Employees are paid by check.
FOREIGN CORRUPT PRACTICES ACT
The title of the Foreign Corrupt Practices Act (FCPA) is misleading. This federal act not only contains provisions prohibiting foreign bribery but also generally requires publicly held domestic corporations to maintain appropriate accounting records and internal control safeguards. Penalties for violation of the FCPA can be extremely onerous.
The bribery provision of the FCPA generally make it unlawful for any person, business, or other entity to pay (including by money, gift, transfer of an item of value, or otherwise) a foreign official for the purpose of obtaining business if the person making or associated with making the payment is aware or substantially certain that it is an unlawful payment; for example, a bribe or what ultimately will become an unlawful payment at a later time (i.e., if the payment initially is legal but subsequently will be used for an unlawful purpose). A payment is not considered a bribe if it is lawfully made under the laws of the foreign country or if it is made to secure the performance of a routine governmental action such as the processing of documents, also referred to as "grease" payments.
It is outside the scope of this guide to discuss in detail the intricacies of the FCPA bribery provisions. However, the bribery provisions, decisions thereunder, and related "red flag" areas must be considered and understood to design and implement systems that comply with the accounting and internal control provisions of the FCPA. Some red flag areas that may be considered are the manner (e.g., cash, check, or property and named payee), place (e.g., to the country in question or to an unrelated country), and amount (e.g., within the normal range for similar transactions) of payment; past experiences with and reputations of the country and agent in question; and the type of product involved. Accounting records and internal control systems, including the use of protective contractual terms and pretransactional due diligence, should be designed to prevent illegal payments, or at least to establish management's reasonable lack of substantial knowledge of illegal payments, primarily by the implementation of prepayment safeguards but also by postpayment detection methods.
The accounting records and internal control provisions of the FCPA generally require that a business:
1. Keep books, records, and accounts that, in reasonable detail, accurately and fairly reflect the business's transactions.
2. Devise and maintain a system of internal controls sufficient to provide reasonable assurances that:
a. Transactions are authorized by management.
b. Transactions are recorded to permit preparation of financial statements in conformity with Generally Accepted Accounting Principles and other applicable standards, and to maintain accountability over assets.
c. Access to assets is permitted only with management authorization.
d. Recorded accountability for assets periodically is reconciled with existing assets.
Similarly, the FCPA also requires a corporation holding voting power over another corporation, including a foreign corporation, to comply with the provisions of the FCPA with respect to that other corporation. The Securities and Exchange Commission has indicated that when a corporation controls more than 50 percent of the voting securities of a subsidiary, compliance with the FCPA is expected with respect to the subsidiary. Similar compliance is expected when a corporation controls 20 to 50 percent of a subsidiary, subject to contrary proof by the corporation that its ownership does not amount to control. When a corporation owns less than 20 percent of a subsidiary, the burden is on the SEC to demonstrate the corporation's control, if any, over the subsidiary.
The accounting provisions of the FCPA primarily are intended to address three areas of concern: (1) situations where transactions are not recorded, (2) situations where transactions are falsely recorded (e.g., when an amount is recorded in an incorrect account), and (3) situations where transactions are recorded correctly but are also misrepresented in substance (e.g., when a payment is correctly recorded as being made to the appropriate person but with substantial certainty that person then will transfer the payment to another person for an unlawful purpose). The FCPA does not mandate a specific internal control system, standard, or form. The act requires reasonable detail and assurances. However, with respect to the accounting and internal control provisions, "materiality" is not a minimum threshold safe harbor, nor are lack of knowledge or substantial certainty. The SEC has stated that, although the act does not require the board of directors or most senior management to become involved in the "minutia" of recording and accounting, management and the board play important roles in monitoring and evaluating the adequacy of the business's records and controls. Management cannot make nominal gestures of compliance while delegating or abandoning its responsibilities to others.
Violation of the FCPA accounting provisions is generally punishable by civil liability and injunctive relief, but it may also be punishable by criminal liability if a person knowingly circumvents or fails to implement a system of internal accounting controls or knowingly falsifies any book, record, or account. The SEC has stated that upon the occurrence of a violation of the act, the SEC will evaluate the adequacy of the internal control system, the involvement of top management in the violation, and corrective actions taken once the violation is discovered.
Many FCPA cases involve internal control violations that are so egregious they are not worthy of discussion; however, the two case summaries that follow are useful illustrations because they involve fact situations that are not particularly unusual.
In one case, the chief executive officer was authorized by his employment contract to use for his personal benefit certain secretarial, other staff, and office facilities. The CEO controlled the granting and receipt of the benefits, and there was no independent review by the directors, the audit committee, or disinterested management. The corporate books and records also did not with reasonable detail reflect the nature, business purpose, or valuation of the transactions and benefits accruing to the CEO. The company stipulated to an order by the SEC that its books and internal controls were inadequate to identify benefits granted by and related-party transactions involving the CEO.
In another case, a corporate investment adviser and manager of an investment fund discovered, but not until preparation of the fund's monthly general ledger trial balance, that a clerk in the fund's shareholder accounting department had embezzled $1.55 million. The corporation failed to maintain adequate internal accounting controls in that wire transfer instructions were not routinely reviewed by supervisory personnel; blank wire transfer instruction sheets were not safeguarded after they were prepared and made available for delivery; and assigned duties were not properly segregated between employees in the fund's shareholder accounting department. The corporation consented to sanctions. |
