Implementing Effective Internal Controls in Your Accounting Practice

For Pennsylvania accountants and CPAs, implementing internal control best practices can avoid fraud and financial mismanagement, limit errors, and identify issues at their onset to prevent bigger problems. These measures are critical to protect your clients as well as your own practice.

Internal controls ensure that your accounting information is accurate and that your workflow is efficient and protected from error, loss, confusion, corruption, or fraudulent activity. Establishing best practices will maintain compliance with regulations, decrease the risk of an audit, and ensure that you are prepared if an audit does take place.

Involve your staff in the development of protocols, as they have intimate knowledge of problems and bottlenecks, and they will be more motivated to follow any changes when they have been involved in implementation and understand their purpose.

Before establishing new policies and procedures, do a risk assessment of each area and determine what changes need to be made based on your evaluation:

• Familiarize yourself with data protection regulations, such as the General Data Protection Regulation (GDPR) and other regulations governing financial institutions; determine your level of compliance and any changes that need to be made.
• Inventory all computers, electronic devices, and physical storage areas. Determine which are necessary and what information or electronic devices need to be discarded, and destroy them according to regulations regarding professional shredding of both paper products and electronic devices.
• Evaluate your employees’ use of home offices and cell phones. Home offices can be difficult to regulate, as sensitive data may be left out on a desk or up on the computer when your staff member walks away, or they can be thrown in the trash and disposed of with the family garbage. It is critical to implement stringent policies regarding the protection of sensitive data at home and on mobile devices, which can include special security steps or restricting employees to what work they can perform at home.
• Determine who has access to sensitive information and passwords and implement a need-to-know policy to limit access.
• Evaluate how sensitive information comes into your office (via email, phone, mail, or a protected program such as Verifyle Pro^TM ) and develop stringent safeguards so that this data is accepted only through safe portals.
• Evaluate and update your cybersecurity programs on all devices and educate your employees to identify suspicious emails and phone calls to avoid accidental breaches of sensitive information. Implement policies of sharing data or discussing clients among your staff so that no information is shared on an unprotected platform.

As a member of PSTAP, you get your own Verifyle Pro^TM secure online sharing and messaging account completely free. Using Verifyle to share documents and messages back and forth with your clients provides significant protection for data transfer.

Verifyle also provides a 6-step verification process while still only requiring a single password. Every document, conversation, or note is encrypted separately, thus providing maximum protection, because cyber-thieves are unable to access multiple items of information in a given hack. To access your free Verifyle Pro account, all you have to do is sign up with the email address PSTAP has on file for you at verifyle.com/PSTAP. If you’re not a PSTAP member, learn more about the benefits of membership HERE.

Additional best practices

Some policies and procedures should be established in any accounting firm. Among them are:

• Segregate duties and implement reconciliation by different staff members to decrease the risk of errors or fraudulent activity.
• Lock the cash box and keep a cash receipts journal. Endorse checks as “For deposit only” immediately upon receipt. Deposit cash and checks in a timely manner – daily or every two to three days, according to the amount of cash payments your firm takes in.
• Reconcile physical assets on a monthly basis to determine that your firm’s property has not been removed.
• Provide thorough training to your employees in all areas of internal control, protection of data, and compliance with regulations
• Provide thorough training for your staff on all changes, policies, procedures, and regulations.
• Implement policies to report any financial misstatements, suspected fraud, or security breaches to the appropriate authorities.

Encourage an environment of transparency and cooperation in your firm, one that is built upon ethical business practices and driven by a desire to provide clients with the very best service. Lead by example, treating your team with respect, as you work together to implement new strategies to protect both your clients and the firm. Reach out to the PSTAP community for ideas or help in taking the first steps to improve your firm’s internal controls.