Upload
tranquynh
View
224
Download
0
Embed Size (px)
Citation preview
Produced by:
Copyright © Diversified Communications
Learn more about IOFM’s AP & P2P Network membership at APP2P.com/Become-a-member
www.app2p.com
Internal Control ChecklistInstructions: The Internal Control Checklist may be used to document a review of the existing procedures and activities that make up your internal control system, or serve as a guide in developing additional controls.
The Internal Control Checklist provides examples of procedures or tasks to consider as part of your accounts payable internal control system. The checklist is merely a guideline of some control activities. This checklist should be used in accordance with your company’s finance and accounting policies.
The types and implementation of internal controls in your company will depend upon the size of your organization, industry, and internal resources. The checklist is organized based on functional areas within a generic AP department.
Tailor the controls on this list to suit the particulars of your company. Each area also has blank input fields that allow you to add other controls unique to your organization.
Definitions
• Procedure/Activity Enter the procedure or task description.
• Responsibility Enter the name of the person or department responsible for the procedure or task.
• Review Date Enter the date the procedure or task was last reviewed.
• Other Comments Enter any other comments about the procedure or task; this could also include action items and any notes for the next review.
Produced by:
Copyright © Diversified Communications
Internal Control Checklist
Learn more about IOFM’s AP & P2P Network membership at APP2P.com/Become-a-member
Control Objectives: (1) Separation of Duties (2) Control date of receipt for payment processing benchmarking.
Control Procedure/Activity Person(s) Responsible Yes No NA Review Date Comments/ Required Actions
Incoming mail is date-stamped
upon opening, documenting the
date received.
Vendor statements are routed
to the AP manager and another
designated manager who is not
involved in the daily AP operations
to review past due amounts.
INCOMING MAIL
Produced by:
Copyright © Diversified Communications
Internal Control Checklist
Learn more about IOFM’s AP & P2P Network membership at APP2P.com/Become-a-member
Control Objectives: (1) Separation of duties (2) Accuracy of data (3) Prevent irregularities by restricting access authorized personnel (4) Compliance with federal and state regulations
Control Procedure/Activity Person(s) Responsible Yes No NA Review Date Comments/ Required Actions
New vendors are set up from the New
Vendor Set-Up form and are pre-
approved by authorized personnel
documented on the form.
Vendor master file access is restricted to
authorized employees documented in the
company policy.
All new vendors are required to provide
signed certified Form W-9 or equivalent
document prior to set-up in the system.
All vendors are assigned a taxpayer
ID and flagged as to whether they are
subject to 1099 reporting.
All recurring payments have a signed
contract on file with a copy of the
payment schedule.
Certified taxpayer IDs are matched to the
IRS TIN Matching program.
Vendor payment limits are flagged in the
system for a maximum per-payment value.
Vendor address, phone number and
other contact information is periodically
checked by someone outside of the AP
function to verify vendor data accuracy
and validity.
All repeat payment vendors (e.g.
landlords, equipment lessors, etc.) are set
up in the vendor master file with a start
and end date, amount, payment interval
and account distribution.
NEW VENDOR SET-UP/MAINTENANCE
Produced by:
Copyright © Diversified Communications
Internal Control Checklist
Learn more about IOFM’s AP & P2P Network membership at APP2P.com/Become-a-member
Control Objectives: (1) Separation of duties (2) Accuracy of data (3) Prevent errors or irregularities (4) Detect unauthorized transactions (5) timely processing
Control Procedure/Activity Person(s) Responsible Yes No NA Review Date Comments/ Required Actions
Cost centers are documented on invoices
to distribute charges to the appropriate
control account.
All invoices are approved before being
entered into the system.
The numerical accuracy of the invoice
is checked.
Invoices for the purchase of inventory
materials are matched to a purchase
order and receiving report.
Invoices for the purchase of services are
matched to a purchase order in accord
with the limits set by company policy.
Recurring vendor invoice payments (e.g.
rents, utilities, etc.) are reviewed and
approved prior to processing.
Invoice quantities, prices and terms are
compared to those on the purchase order.
Invoice quantities are compared to those
on the receiving report.
All invoices have a purchase order
reference number or other reference to
identify the employee who initiated the
transaction.
All invoices are received in a central
location before distributed to processors.
INVOICE PROCESSING
Produced by:
Copyright © Diversified Communications
Internal Control Checklist
Learn more about IOFM’s AP & P2P Network membership at APP2P.com/Become-a-member
INVOICE PROCESSING - Continued
Control Procedure/Activity Person(s) Responsible Yes No NA Review Date Comments/ Required Actions
Copies of the purchase orders and
receiving reports are received in a
central location and accounted for
numerically.
Progress payments with contractors are
approved and compared to the payment
schedule in the contract prior to entry
into the system.
The number of invoices and total
processed in a batch are compared to a
system edit report.
Unmatched purchase orders and
receiving reports are researched in a
timely fashion.
Accuracy of account distribution for transactions entered into the system include:
* Regular reviews of expense distribution
* Reconciliation of expense distribution per
the sub-ledger system versus the general
ledger account
A list of personnel authorized to approve
expenditures and their limits is provided
by the offices of the CEO & CFO.
Maintenance of the list of personnel
authorized to approve expenditures
is performed by the manager of the
accounting department.
All reimbursements for employee
travel and other business expenses are
within the dollar limit in accordance
with company policy and have requisite
approval.
Produced by:
Copyright © Diversified Communications
Internal Control Checklist
Learn more about IOFM’s AP & P2P Network membership at APP2P.com/Become-a-member
INVOICE PROCESSING - Continued
Control Procedure/Activity Person(s) Responsible Yes No NA Review Date Comments/ Required Actions
A supervisor or manager reviews
vouchered invoices for approval,
completeness and accuracy.
For a system check of quality control,
selected invoice data is re-entered by a
quality-control employee who is not the
accounts payable data entry employee.
Invoices lacking approval are routed
back to the appropriate department and
correspondence is sent to the vendor.
Invoices are entered into the system
from original documents.
Vendor invoices subject to sales and use
tax are properly charged to the sales tax
control account.
The appropriate personnel are promptly
notified of differences between the
invoice and the purchase order.
Team members are assigned responsibility
to monitor and take all appropriate vendor
discounts.
Preparation of the payment disbursement
file is performed by separate personnel
from those who perform data entry and
vendor file maintenance/set-up.
Vendor credits listed on monthly
statements are reconciled to the vendor
account in the system.
The accounts payable invoice processors
have a complete and accurate listing of
repeat payment requests.
Produced by:
Copyright © Diversified Communications
Internal Control Checklist
Learn more about IOFM’s AP & P2P Network membership at APP2P.com/Become-a-member
INVOICE PROCESSING - Continued
Control Procedure/Activity Person(s) Responsible Yes No NA Review Date Comments/ Required Actions
Internal signature card is on file for all
employees who are authorized to approve
vendor invoices.
Spot check signature authorizations
on vendor invoices and compare to the
signature card on file.
Produced by:
Copyright © Diversified Communications
Internal Control Checklist
Learn more about IOFM’s AP & P2P Network membership at APP2P.com/Become-a-member
DISBURSEMENT PROCESSING
Control Procedure/Activity Person(s) Responsible Yes No NA Review Date Comments/ Required Actions
All disbursements processed are
attached to the original invoice support
for review.
All disbursements are reviewed by
a manager independent of accounts
payable. (e.g., controller, VP finance,
accounting manager, etc.)
For checks signed via a check-signing
machine, a numerical check log is
maintained, reviewed and initialed by an
independent manager.
The check log compares the number of
checks processed against the number
of signature impressions per the signing
machine.
The check-signing machine is restricted
to authorized personnel.
The check-signing machine requires
two independent persons to activate the
machine with password codes.
There is a stated dollar limit on checks that
requires a second signature if exceeded.
Check signature cards at the bank are
updated as necessary when personnel
leave the company or are no longer
authorized to sign.
Signature plates are kept in the custody
of designated personnel and restricted so
that use of the plates requires check-out
and in.
All ACH electronic payment files are
reviewed and approved by designated
personnel prior to release.
Control Objectives: (1) Separation of duties (2) Accuracy of data (3) Prevent and detect unauthorized use of assets (4) Safeguard company assets (cash via check stock..)
Produced by:
Copyright © Diversified Communications
Internal Control Checklist
Learn more about IOFM’s AP & P2P Network membership at APP2P.com/Become-a-member
Control Procedure/Activity Person(s) Responsible Yes No NA Review Date Comments/ Required Actions
All manual checks are accompanied by
invoices and supporting documentation
prior to signing.
All manual checks are documented
in the check log.
All invoices paid are documented as
cancelled and paid.
Check remittance advice stubs are
attached to paid invoices.
Checks prepared as payable to "cash" or
"bearer" are prohibited.
The control total of the value disbursed is
compared to the check register amount.
All voided checks are defaced with VOID
on the check and the signature portion
also defaced or removed.
All voided checks accounted for
numerically and also provided to the
check signer at the time of review and
approval.
Check Stock Security features:
* All checks have a stale date on the
face of the check near the amount.
DISBURSEMENT PROCESSING - Continued
Produced by:
Copyright © Diversified Communications
Internal Control Checklist
Learn more about IOFM’s AP & P2P Network membership at APP2P.com/Become-a-member
Control Procedure/Activity Person(s) Responsible Yes No NA Review Date Comments/ Required Actions
* All checks have micro printing in either
the border of the check or the signature
line.
* All checks have a VOID pantograph that
appears when a check is copied.
* All checks have a paper stock to allow
for "laser lock" printing.
* The check stock is printed with a
prismatic color scheme that changes
color hues across the face of the check.
* If checks are pre-numbered, there is a
log identifying the check sequence on
hand versus issued for printing.
* If the check number and bank MICR
information (i.e., check number, routing
number, account number) is printed
from a laser printer, the laser cartridge
is secured with restricted access.
* Blank check stock is secured in a
restricted area and only accessible by
authorized personnel.
All signed and reviewed checks are
routed to the mail room personnel
who are independent of the persons
requesting, preparing and recording the
transaction.
DISBURSEMENT PROCESSING - Continued
Produced by:
Copyright © Diversified Communications
Internal Control Checklist
Learn more about IOFM’s AP & P2P Network membership at APP2P.com/Become-a-member
OUTGOING MAIL
Control Procedure/Activity Person(s) Responsible Yes No NA Review Date Comments/ Required Actions
All processed checks are inserted into
envelopes by personnel other than the
persons who requested, processed and
prepared the transaction.
All checks ready to be mailed are secured
in envelopes and distributed to a central
location in the mail room.
Checks not placed in the mail on the
same day they are received from
accounts payable are returned to a
secured location until mailed.
Vendor checks are never distributed
to requestors; all vendor checks are
distributed via the mail.
Control Objectives: (1) Separation of duties (2) Prevent unauthorized use of payments (3) Safeguard company assets.
Produced by:
Copyright © Diversified Communications
Internal Control Checklist
Learn more about IOFM’s AP & P2P Network membership at APP2P.com/Become-a-member
VENDOR DEBIT BALANCE & CUSTOMER REFUNDS
Control Procedure/Activity Person(s) Responsible Yes No NA Review Date Comments/ Required Actions
All check requests for customer refunds
have supporting documentation approved
by the manager.
Each customer refund request has a
reason for the payment.
The account distribution is documented
for each customer refund request.
Authorized personnel who review
customer refund requests have restricted
inquiry access to the customer's account
to verify accuracy and validity.
All vendor debit balances are reconciled
to vendor account statements.
Vendor correspondence is kept on file for
validity, status and collection of vendor
debit amount.
Write-offs of debit balances are approved
and performed independently from the
person requesting, processing or paying
the vendor.
All vendor debit balances have
documentation supporting the reason for
the amount.
Control Objectives: (1) Prevent and detect errors and irregularities in vendor accounts (2) Accuracy (3) Detect unauthorized transactions
Produced by:
Copyright © Diversified Communications
Internal Control Checklist
Learn more about IOFM’s AP & P2P Network membership at APP2P.com/Become-a-member
Control Procedure/Activity Person(s) Responsible Yes No NA Review Date Comments/ Required Actions
Access to the AP system is password
restricted for all personnel.
Passwords are required to be changed
every 90 days.
Passwords require a combination of alpha
and numeric characters.
Access to the AP system is restricted to
authorized terminals.
Access within the AP system modules is
restricted by user ID.
A list of users of the AP system is
provided to managers of each group and
updated based on personnel turnover.
An organizational chart is maintained and
updated for personnel turnover.
System controls are used to restrict
changes to master data files that require
approval.
System user controls reject unauthorized
transactions.
A user control report is generated
periodically to review rejected
transactions.
SYSTEM SECURITYControl Objectives: (1) Separation of duties (2) Prevent unauthorized use of payments (3) Safeguard company assets.
Produced by:
Copyright © Diversified Communications
Internal Control Checklist
Learn more about IOFM’s AP & P2P Network membership at APP2P.com/Become-a-member
Control Procedure/Activity Person(s) Responsible Yes No NA Review Date Comments/ Required Actions
Rejected transactions are held in a
suspense file for review.
Edit-control reports are regularly
generated and reconciled for
processed transactions, to review the
reasonableness of outputs and balances.
The IT department receives audit alerts
for unauthorized access.
There are system controls on data entry, including:
* A check for duplicate
invoice reference numbers
* A check for invalid vendor IDs
* Field edit checks for improper
entry of characters
* Edits for improper account distribution
* Warning edits for amounts
exceeding limits
* Warning alerts and reports for
security override
* Two independent persons with a pass
code combination are required to allow
system overrides
SYSTEM SECURITY - Continued
Produced by:
Copyright © Diversified Communications
Internal Control Checklist
Learn more about IOFM’s AP & P2P Network membership at APP2P.com/Become-a-member
Control Procedure/Activity Person(s) Responsible Yes No NA Review Date Comments/ Required Actions
Each terminal has "time out" security so
that computers left idle for a period of
time sign off the user.
User access is prohibited to the system
source code.
There is a regular back-up of all AP
system data for record retention.
Archived system data is stored off-site in
a secured location with restricted access
to authorized personnel.
Insurance coverage includes equipment,
software and data.
The insurance coverage is active.
There is a written disaster recovery plan
document that outlines the retrieval of
system data and records.
The disaster recovery plan is tested on an
annual basis at least.
The system archives real-time
transactions to protect against loss of
important files and programs.
All security password codes are unique
and not shared among employees.
SYSTEM SECURITY - Continued
Produced by:
Copyright © Diversified Communications
Internal Control Checklist
Learn more about IOFM’s AP & P2P Network membership at APP2P.com/Become-a-member
Control Procedure/Activity Person(s) Responsible Yes No NA Review Date Comments/ Required Actions
Security codes to the AP system are
deactivated for all personnel who have
terminated employment.
Access codes and keys are changed
when personnel terminate employment,
as applicable.
SYSTEM SECURITY - Continued
Produced by:
Copyright © Diversified Communications
Internal Control Checklist
Learn more about IOFM’s AP & P2P Network membership at APP2P.com/Become-a-member
Control Procedure/Activity Person(s) Responsible Yes No NA Review Date Comments/ Required Actions
Responsibilities for the requisition,
purchase and receiving are separated
from invoice processing and
disbursement.
Responsibilities are separated for the set-
up of new vendors, invoice processing
and disbursement preparation.
Responsibilities are separated for the
reconciliation of accounts payable
balances from invoice processing, vendor
set-up and disbursement preparation.
Responsibilities for disbursement
preparation are separated from the
approval function.
Responsibilities for the processing
functions in accounts payable are
separate from those in the general ledger.
Responsibilities for the disbursement
preparation in accounts payable are
separate from responsibilities for the
general ledger.
Bank reconciliations are performed by
persons independent of the accounts
payable function.
The IT department is independent
from the accounts payable and general
accounting functions.
All account reconciliations are reviewed
by persons independent of person doing
the actual reconciling function.
An organizational chart is maintained
and updated for management by function
within the AP department.
SEPARATION OF DUTIES Control Objectives: Prevent collusion and override of controls
Produced by:
Copyright © Diversified Communications
Internal Control Checklist
Learn more about IOFM’s AP & P2P Network membership at APP2P.com/Become-a-member
Control Procedure/Activity Person(s) Responsible Yes No NA Review Date Comments/ Required Actions
The system administrator that grants
access to the AP system is independent
of the AP function.
Sales and use tax returns and
escheatment property tax returns are
performed by persons independent of the
AP function.
SEPARATION OF DUTIES - Continued
Produced by:
Copyright © Diversified Communications
Internal Control Checklist
Learn more about IOFM’s AP & P2P Network membership at APP2P.com/Become-a-member
Control Procedure/Activity Person(s) Responsible Yes No NA Review Date Comments/ Required Actions
All applicable vendors are flagged in the
New Vendor Set-Up for 1099 reporting.
Correspondence is circulated on a regular
basis to vendors who have not certified
their taxpayer ID.
Vendor payments are only processed
after receiving Form W-9 or a substitute
form certifying the taxpayers ID and tax
withholding status.
Vendors subject to 1099 reporting are
reviewed by personnel independent of the
processing and disbursement functions in
accounts payable.
All Forms 1099 are submitted to the
applicable vendors before January 31.
All applicable 1099 Informational Returns
are filed in accordance with the reporting
deadlines.
1099 Planning Calendar
1099 INFORMATION RETURN REPORTINGControl Objectives: Compliance with federal, state and local laws
Produced by:
Copyright © Diversified Communications
Internal Control Checklist
Learn more about IOFM’s AP & P2P Network membership at APP2P.com/Become-a-member
Control Procedure/Activity Person(s) Responsible Yes No NA Review Date Comments/ Required Actions
Products and services purchased from
vendors are identified as to their tax
status.
A list of items and taxing jurisdictions
is circulated among the appropriate
personnel.
Sales and use tax returns are prepared
by persons independent of the accounts
payable function.
A monthly schedule of sales and use tax
disbursements is circulated to designated
accounts payable personnel.
The set-up and maintenance of the
rates by jurisdiction is separate from the
accounts payable function.
All disbursements to tax agencies are
supported with the sales or use tax
return.
SALES & USE TAX Control Objective: (1) Compliance with federal, state and local laws (2) Accuracy of disbursements to govt agencies
Produced by:
Copyright © Diversified Communications
Internal Control Checklist
Learn more about IOFM’s AP & P2P Network membership at APP2P.com/Become-a-member
Control Procedure/Activity Person(s) Responsible Yes No NA Review Date Comments/ Required Actions
Account reconciliations are performed
each month.
All reconciliations are reviewed and
initialed by persons independent of
reconciling the accounts.
A list of all reconciling items is
maintained with the month end financial
reporting.
Old items noted on the reconciliation are
researched.
All items written off from the account
reconciliation are pre-approved by a
manager independent of the accounts
payable function.
Adjustments to account balances arising
from the reconciliation are performed
by persons independent of the accounts
payable function.
RECONCILIATIONSControl Objective: (1) Detect errors or irregularities in financial records (2) Accuracy of financial transactions and account balances (3) Prevent unauthorized transactions
Produced by:
Copyright © Diversified Communications
Internal Control Checklist
Learn more about IOFM’s AP & P2P Network membership at APP2P.com/Become-a-member
Control Procedure/Activity Person(s) Responsible Yes No NA Review Date Comments/ Required Actions
There is a published cut off date for
processing invoices to the current period
in the AP system.
There is a system control activated to
reject the entry of an invoice into a prior
period that has been closed.
All unmatched receiving reports are
compiled and a value determined from
the corresponding purchase order.
A list of received but not processed
invoices is compiled at the end of a
reporting period.
The adjustments to account balances
for accrued expenses are performed by
persons independent of the accounts
payable function.
All accrued expense control account
balances are reviewed by managers
independent of the persons preparing the
accruals.
ACCRUED EXPENSESControl Objective: (1) Accuracy of the financial records (2) Prevent unauthorized transactions in the financial records
Produced by:
Copyright © Diversified Communications
Internal Control Checklist
Learn more about IOFM’s AP & P2P Network membership at APP2P.com/Become-a-member
Control Procedure/Activity Person(s) Responsible Yes No NA Review Date Comments/ Required Actions
All personnel are subject to background
checks prior to being hired.
Regular reviews are performed with each
employee.
Responsibilities are clearly stated in job
descriptions for each employee.
All employees are required to take their
allotted vacation time.
Key processing personnel are covered
under a fidelity bond.
All positions within the accounts payable
function have job descriptions.
An organizational chart is maintained and
updated noting the names and titles of all
personnel.
When employees leave the organization,
they go through an exit interview.
All keys and other company property
that gives access are returned by the
employee upon termination.
EMPLOYEE/PERSONNELControl Objective: Safeguard company assets
Produced by:
Copyright © Diversified Communications
Internal Control Checklist
Learn more about IOFM’s AP & P2P Network membership at APP2P.com/Become-a-member
Control Procedure/Activity Person(s) Responsible Yes No NA Review Date Comments/ Required Actions
All grant disbursements are accompanied
with the approved application.
Correspondence is circulated to persons
awarded grants as outlined in the grant
program and federal or state compliance
regulations.
Grantee disbursements are monitored for
proper compliance with the grant terms.
Missing financial compliance reports
are researched on a timely basis to
reestablish compliance.
Grantee disbursements are terminated
for noncompliance per the terms of the
grant.
Grantees are required to file a statement
of compliance with the conditions of the
entitlement program.
An encumbrance disbursement report is
circulated to department heads for review
of proper account distribution.
A published list of restricted fund
donations is circulated to the appropriate
accounts payable personnel.
Encumbrance reserves are
reconciled monthly.
GRANTS, ENCUMBRANCES & OTHER ENTITLEMENT PROGRAMSControl Objective: (1) Prevent unauthorized use of funds (2) Compliance with fiduciary duty (3) Detect errors or irregularities in accounts and transactions