Assessing Controls Related to Cash
When you assess an auditing client’s cash control risk, remember that control risk is directly affected by the internal controls the company has set in place. Cash is a risky account because the money can easily be stolen if the business lacks good internal controls. Proper cash management is crucial for all businesses so that they can meet their short-term payment obligations. Your assessment of a client’s cash controls is important because poor controls may affect your going-concern assessment (whether you think the company will stay in business for at least a year after the balance sheet date).
The cash process has control risk associated with one major issue: correctly recording cash account balances on the financial statements.
Separating duties is always the first characteristic of having good cash controls because it provides a system of checks and balances. Having more than one employee work on a specific cash accounting task reduces the ability of one employee to skirt the accounting system and steal from the company.
For example, when a business receives payments from customers by mail, here’s one way that duties can be separated among employees:
One employee opens the mail and maintains a manual or computerized log of all cash and checks received. This log should list the check number, amount, payer, and purpose of the payment (for example, the invoice numbers being paid). This employee should also immediately restrictively endorse the back of the checks with a stamp that says “For deposit only” and includes the business’s name and bank account number.
Another employee is responsible for applying the payment to the customer’s account using the log.
A third employee records the payments on the bank deposit slip, reconciling the number and amounts of payments to the log of cash and checks received.
Yet another employee, who doesn’t have access to deposit slips, takes the deposit to the bank. Not having access to deposit slips prevents the employee from removing cash from the deposit and preparing a new deposit slip for the amended amount.
Lacking collusion among all four employees, there should be no problem with misappropriation of customer payments received by mail.
Businesses have a moral imperative to make employee theft as difficult as possible. Having lax cash controls may be an almost overwhelming temptation to an employee facing tough financial times. Your extent of involvement here is assessing internal controls to see whether they’re adequate to prevent employee theft or catch it in a timely way. Your only concern is whether the financial statement assertions regarding cash balances are materially correct, meaning either that no theft was committed or that theft occurred but cash and other affected accounts were adjusted. You don’t need to worry about any criminal charges brought against an employee perpetrating theft.
In most acts of employee theft, three circumstances lead to the commission of fraud:
An incentive to steal: A company can’t do much about an employee’s incentive to steal or his ability to rationalize the theft.
The opportunity to steal: Your audit client can do a lot to reduce the opportunity to steal to almost zero. I discuss two ways earlier in this section: separating duties and monitoring cash deposits.
The ability to rationalize or justify stealing: Some employees, both management and nonmanagement, will find reasons to justify fraud — at least to themselves.