Internal Control Checklist · The Internal Control Checklist provides examples of procedures or tasks to consider as part of your accounts payable internal control system. The checklist

Produced by:

Copyright © Diversified Communications

Learn more about IOFM’s AP & P2P Network membership at APP2P.com/Become-a-member

www.app2p.com

Internal Control ChecklistInstructions: The Internal Control Checklist may be used to document a review of the existing procedures and activities that make up your internal control system, or serve as a guide in developing additional controls.

The Internal Control Checklist provides examples of procedures or tasks to consider as part of your accounts payable internal control system. The checklist is merely a guideline of some control activities. This checklist should be used in accordance with your company’s finance and accounting policies.

The types and implementation of internal controls in your company will depend upon the size of your organization, industry, and internal resources. The checklist is organized based on functional areas within a generic AP department.

Tailor the controls on this list to suit the particulars of your company. Each area also has blank input fields that allow you to add other controls unique to your organization.

Definitions

• Procedure/Activity Enter the procedure or task description.

• Responsibility Enter the name of the person or department responsible for the procedure or task.

• Review Date Enter the date the procedure or task was last reviewed.

• Other Comments Enter any other comments about the procedure or task; this could also include action items and any notes for the next review.

Produced by:


Internal Control Checklist


Control Objectives: (1) Separation of Duties (2) Control date of receipt for payment processing benchmarking.

Control Procedure/Activity Person(s) Responsible Yes No NA Review Date Comments/ Required Actions

Incoming mail is date-stamped

upon opening, documenting the

date received.

Vendor statements are routed

to the AP manager and another

designated manager who is not

involved in the daily AP operations

to review past due amounts.

INCOMING MAIL

Produced by:




Control Objectives: (1) Separation of duties (2) Accuracy of data (3) Prevent irregularities by restricting access authorized personnel (4) Compliance with federal and state regulations


New vendors are set up from the New

Vendor Set-Up form and are pre-

approved by authorized personnel

documented on the form.

Vendor master file access is restricted to

authorized employees documented in the

company policy.

All new vendors are required to provide

signed certified Form W-9 or equivalent

document prior to set-up in the system.

All vendors are assigned a taxpayer

ID and flagged as to whether they are

subject to 1099 reporting.

All recurring payments have a signed

contract on file with a copy of the

payment schedule.

Certified taxpayer IDs are matched to the

IRS TIN Matching program.

Vendor payment limits are flagged in the

system for a maximum per-payment value.

Vendor address, phone number and

other contact information is periodically

checked by someone outside of the AP

function to verify vendor data accuracy

and validity.

All repeat payment vendors (e.g.

landlords, equipment lessors, etc.) are set

up in the vendor master file with a start

and end date, amount, payment interval

and account distribution.

NEW VENDOR SET-UP/MAINTENANCE

Produced by:




Control Objectives: (1) Separation of duties (2) Accuracy of data (3) Prevent errors or irregularities (4) Detect unauthorized transactions (5) timely processing


Cost centers are documented on invoices

to distribute charges to the appropriate

control account.

All invoices are approved before being

entered into the system.

The numerical accuracy of the invoice

is checked.

Invoices for the purchase of inventory

materials are matched to a purchase

order and receiving report.

Invoices for the purchase of services are

matched to a purchase order in accord

with the limits set by company policy.

Recurring vendor invoice payments (e.g.

rents, utilities, etc.) are reviewed and

approved prior to processing.

Invoice quantities, prices and terms are

compared to those on the purchase order.

Invoice quantities are compared to those

on the receiving report.

All invoices have a purchase order

reference number or other reference to

identify the employee who initiated the

transaction.

All invoices are received in a central

location before distributed to processors.

INVOICE PROCESSING

Produced by:




INVOICE PROCESSING - Continued


Copies of the purchase orders and

receiving reports are received in a

central location and accounted for

numerically.

Progress payments with contractors are

approved and compared to the payment

schedule in the contract prior to entry

into the system.

The number of invoices and total

processed in a batch are compared to a

system edit report.

Unmatched purchase orders and

receiving reports are researched in a

timely fashion.

Accuracy of account distribution for transactions entered into the system include:

* Regular reviews of expense distribution

* Reconciliation of expense distribution per

the sub-ledger system versus the general

ledger account

A list of personnel authorized to approve

expenditures and their limits is provided

by the offices of the CEO & CFO.

Maintenance of the list of personnel

authorized to approve expenditures

is performed by the manager of the

accounting department.

All reimbursements for employee

travel and other business expenses are

within the dollar limit in accordance

with company policy and have requisite

approval.

Produced by:






A supervisor or manager reviews

vouchered invoices for approval,

completeness and accuracy.

For a system check of quality control,

selected invoice data is re-entered by a

quality-control employee who is not the

accounts payable data entry employee.

Invoices lacking approval are routed

back to the appropriate department and

correspondence is sent to the vendor.

Invoices are entered into the system

from original documents.

Vendor invoices subject to sales and use

tax are properly charged to the sales tax

control account.

The appropriate personnel are promptly

notified of differences between the

invoice and the purchase order.

Team members are assigned responsibility

to monitor and take all appropriate vendor

discounts.

Preparation of the payment disbursement

file is performed by separate personnel

from those who perform data entry and

vendor file maintenance/set-up.

Vendor credits listed on monthly

statements are reconciled to the vendor

account in the system.

The accounts payable invoice processors

have a complete and accurate listing of

repeat payment requests.

Produced by:






Internal signature card is on file for all

employees who are authorized to approve

vendor invoices.

Spot check signature authorizations

on vendor invoices and compare to the

signature card on file.

Produced by:




DISBURSEMENT PROCESSING


All disbursements processed are

attached to the original invoice support

for review.

All disbursements are reviewed by

a manager independent of accounts

payable. (e.g., controller, VP finance,

accounting manager, etc.)

For checks signed via a check-signing

machine, a numerical check log is

maintained, reviewed and initialed by an

independent manager.

The check log compares the number of

checks processed against the number

of signature impressions per the signing

machine.

The check-signing machine is restricted

to authorized personnel.

The check-signing machine requires

two independent persons to activate the

machine with password codes.

There is a stated dollar limit on checks that

requires a second signature if exceeded.

Check signature cards at the bank are

updated as necessary when personnel

leave the company or are no longer

authorized to sign.

Signature plates are kept in the custody

of designated personnel and restricted so

that use of the plates requires check-out

and in.

All ACH electronic payment files are

reviewed and approved by designated

personnel prior to release.

Control Objectives: (1) Separation of duties (2) Accuracy of data (3) Prevent and detect unauthorized use of assets (4) Safeguard company assets (cash via check stock..)

Produced by:





All manual checks are accompanied by

invoices and supporting documentation

prior to signing.

All manual checks are documented

in the check log.

All invoices paid are documented as

cancelled and paid.

Check remittance advice stubs are

attached to paid invoices.

Checks prepared as payable to "cash" or

"bearer" are prohibited.

The control total of the value disbursed is

compared to the check register amount.

All voided checks are defaced with VOID

on the check and the signature portion

also defaced or removed.

All voided checks accounted for

numerically and also provided to the

check signer at the time of review and

approval.

Check Stock Security features:

* All checks have a stale date on the

face of the check near the amount.

DISBURSEMENT PROCESSING - Continued

Produced by:





* All checks have micro printing in either

the border of the check or the signature

line.

* All checks have a VOID pantograph that

appears when a check is copied.

* All checks have a paper stock to allow

for "laser lock" printing.

* The check stock is printed with a

prismatic color scheme that changes

color hues across the face of the check.

* If checks are pre-numbered, there is a

log identifying the check sequence on

hand versus issued for printing.

* If the check number and bank MICR

information (i.e., check number, routing

number, account number) is printed

from a laser printer, the laser cartridge

is secured with restricted access.

* Blank check stock is secured in a

restricted area and only accessible by

authorized personnel.

All signed and reviewed checks are

routed to the mail room personnel

who are independent of the persons

requesting, preparing and recording the

transaction.

DISBURSEMENT PROCESSING - Continued

Produced by:




OUTGOING MAIL


All processed checks are inserted into

envelopes by personnel other than the

persons who requested, processed and

prepared the transaction.

All checks ready to be mailed are secured

in envelopes and distributed to a central

location in the mail room.

Checks not placed in the mail on the

same day they are received from

accounts payable are returned to a

secured location until mailed.

Vendor checks are never distributed

to requestors; all vendor checks are

distributed via the mail.

Control Objectives: (1) Separation of duties (2) Prevent unauthorized use of payments (3) Safeguard company assets.

Produced by:




VENDOR DEBIT BALANCE & CUSTOMER REFUNDS


All check requests for customer refunds

have supporting documentation approved

by the manager.

Each customer refund request has a

reason for the payment.

The account distribution is documented

for each customer refund request.

Authorized personnel who review

customer refund requests have restricted

inquiry access to the customer's account

to verify accuracy and validity.

All vendor debit balances are reconciled

to vendor account statements.

Vendor correspondence is kept on file for

validity, status and collection of vendor

debit amount.

Write-offs of debit balances are approved

and performed independently from the

person requesting, processing or paying

the vendor.

All vendor debit balances have

documentation supporting the reason for

the amount.

Control Objectives: (1) Prevent and detect errors and irregularities in vendor accounts (2) Accuracy (3) Detect unauthorized transactions

Produced by:





Access to the AP system is password

restricted for all personnel.

Passwords are required to be changed

every 90 days.

Passwords require a combination of alpha

and numeric characters.

Access to the AP system is restricted to

authorized terminals.

Access within the AP system modules is

restricted by user ID.

A list of users of the AP system is

provided to managers of each group and

updated based on personnel turnover.

An organizational chart is maintained and

updated for personnel turnover.

System controls are used to restrict

changes to master data files that require

approval.

System user controls reject unauthorized

transactions.

A user control report is generated

periodically to review rejected

transactions.

SYSTEM SECURITYControl Objectives: (1) Separation of duties (2) Prevent unauthorized use of payments (3) Safeguard company assets.

Produced by:





Rejected transactions are held in a

suspense file for review.

Edit-control reports are regularly

generated and reconciled for

processed transactions, to review the

reasonableness of outputs and balances.

The IT department receives audit alerts

for unauthorized access.

There are system controls on data entry, including:

* A check for duplicate

invoice reference numbers

* A check for invalid vendor IDs

* Field edit checks for improper

entry of characters

* Edits for improper account distribution

* Warning edits for amounts

exceeding limits

* Warning alerts and reports for

security override

* Two independent persons with a pass

code combination are required to allow

system overrides

SYSTEM SECURITY - Continued

Produced by:





Each terminal has "time out" security so

that computers left idle for a period of

time sign off the user.

User access is prohibited to the system

source code.

There is a regular back-up of all AP

system data for record retention.

Archived system data is stored off-site in

a secured location with restricted access

to authorized personnel.

Insurance coverage includes equipment,

software and data.

The insurance coverage is active.

There is a written disaster recovery plan

document that outlines the retrieval of

system data and records.

The disaster recovery plan is tested on an

annual basis at least.

The system archives real-time

transactions to protect against loss of

important files and programs.

All security password codes are unique

and not shared among employees.


Produced by:





Security codes to the AP system are

deactivated for all personnel who have

terminated employment.

Access codes and keys are changed

when personnel terminate employment,

as applicable.


Produced by:





Responsibilities for the requisition,

purchase and receiving are separated

from invoice processing and

disbursement.

Responsibilities are separated for the set-

up of new vendors, invoice processing

and disbursement preparation.

Responsibilities are separated for the

reconciliation of accounts payable

balances from invoice processing, vendor

set-up and disbursement preparation.

Responsibilities for disbursement

preparation are separated from the

approval function.

Responsibilities for the processing

functions in accounts payable are

separate from those in the general ledger.

Responsibilities for the disbursement

preparation in accounts payable are

separate from responsibilities for the

general ledger.

Bank reconciliations are performed by

persons independent of the accounts

payable function.

The IT department is independent

from the accounts payable and general

accounting functions.

All account reconciliations are reviewed

by persons independent of person doing

the actual reconciling function.

An organizational chart is maintained

and updated for management by function

within the AP department.

SEPARATION OF DUTIES Control Objectives: Prevent collusion and override of controls

Produced by:





The system administrator that grants

access to the AP system is independent

of the AP function.

Sales and use tax returns and

escheatment property tax returns are

performed by persons independent of the

AP function.

SEPARATION OF DUTIES - Continued

Produced by:





All applicable vendors are flagged in the

New Vendor Set-Up for 1099 reporting.

Correspondence is circulated on a regular

basis to vendors who have not certified

their taxpayer ID.

Vendor payments are only processed

after receiving Form W-9 or a substitute

form certifying the taxpayers ID and tax

withholding status.

Vendors subject to 1099 reporting are

reviewed by personnel independent of the

processing and disbursement functions in

accounts payable.

All Forms 1099 are submitted to the

applicable vendors before January 31.

All applicable 1099 Informational Returns

are filed in accordance with the reporting

deadlines.

1099 Planning Calendar

1099 INFORMATION RETURN REPORTINGControl Objectives: Compliance with federal, state and local laws

Produced by:





Products and services purchased from

vendors are identified as to their tax

status.

A list of items and taxing jurisdictions

is circulated among the appropriate

personnel.

Sales and use tax returns are prepared

by persons independent of the accounts

payable function.

A monthly schedule of sales and use tax

disbursements is circulated to designated

accounts payable personnel.

The set-up and maintenance of the

rates by jurisdiction is separate from the

accounts payable function.

All disbursements to tax agencies are

supported with the sales or use tax

return.

SALES & USE TAX Control Objective: (1) Compliance with federal, state and local laws (2) Accuracy of disbursements to govt agencies

Produced by:





Account reconciliations are performed

each month.

All reconciliations are reviewed and

initialed by persons independent of

reconciling the accounts.

A list of all reconciling items is

maintained with the month end financial

reporting.

Old items noted on the reconciliation are

researched.

All items written off from the account

reconciliation are pre-approved by a

manager independent of the accounts

payable function.

Adjustments to account balances arising

from the reconciliation are performed

by persons independent of the accounts

payable function.

RECONCILIATIONSControl Objective: (1) Detect errors or irregularities in financial records (2) Accuracy of financial transactions and account balances (3) Prevent unauthorized transactions

Produced by:





There is a published cut off date for

processing invoices to the current period

in the AP system.

There is a system control activated to

reject the entry of an invoice into a prior

period that has been closed.

All unmatched receiving reports are

compiled and a value determined from

the corresponding purchase order.

A list of received but not processed

invoices is compiled at the end of a

reporting period.

The adjustments to account balances

for accrued expenses are performed by

persons independent of the accounts

payable function.

All accrued expense control account

balances are reviewed by managers

independent of the persons preparing the

accruals.

ACCRUED EXPENSESControl Objective: (1) Accuracy of the financial records (2) Prevent unauthorized transactions in the financial records

Produced by:





All personnel are subject to background

checks prior to being hired.

Regular reviews are performed with each

employee.

Responsibilities are clearly stated in job

descriptions for each employee.

All employees are required to take their

allotted vacation time.

Key processing personnel are covered

under a fidelity bond.

All positions within the accounts payable

function have job descriptions.

An organizational chart is maintained and

updated noting the names and titles of all

personnel.

When employees leave the organization,

they go through an exit interview.

All keys and other company property

that gives access are returned by the

employee upon termination.

EMPLOYEE/PERSONNELControl Objective: Safeguard company assets

Produced by:





All grant disbursements are accompanied

with the approved application.

Correspondence is circulated to persons

awarded grants as outlined in the grant

program and federal or state compliance

regulations.

Grantee disbursements are monitored for

proper compliance with the grant terms.

Missing financial compliance reports

are researched on a timely basis to

reestablish compliance.

Grantee disbursements are terminated

for noncompliance per the terms of the

grant.

Grantees are required to file a statement

of compliance with the conditions of the

entitlement program.

An encumbrance disbursement report is

circulated to department heads for review

of proper account distribution.

A published list of restricted fund

donations is circulated to the appropriate

accounts payable personnel.

Encumbrance reserves are

reconciled monthly.

GRANTS, ENCUMBRANCES & OTHER ENTITLEMENT PROGRAMSControl Objective: (1) Prevent unauthorized use of funds (2) Compliance with fiduciary duty (3) Detect errors or irregularities in accounts and transactions

Documents

Internal Control Checklist · The Internal Control Checklist provides examples of procedures or tasks to consider as part of your accounts payable internal control system. The checklist