There are many types of cash transfers a company can choose for certain payments and payees. However, cash transfers can subject a company to a considerable risk of loss, and so require a broad array of controls, which vary considerably by transfer method. The level of manual processing and related controls is significantly different for each kind of transfer, which has a major impact on the long – term efficiency of the finance and accounting functions.
This post describes both basic and enhanced controls for multiple types of cash transfer: check payments, electronic payments, remote deposit captures, procurement cards, and letter of credit. Follow on…
Controls for Check Payments
The control system for check payments assumes that a fully documented packet of payables information has already been created, which contains receiving, purchase order, and supplier invoice information. With this information in hand, the following controls should be used to create and monitor check payments:
1. Remove check stock from locked storage – Unused check stock should always be kept in a locked storage cabinet. In addition, the range of check numbers used should be stored in a separate location and cross – checked against the check numbers on the stored checks to verify that no checks have been removed from the locked location.
2. Restrict access to check – signing equipment – If a company uses any form of computerized check – printing equipment, it may be necessary to lock down all access to it. This can include any printers in which check stock is maintained, signature plates, and signature stamps.
3. Require a manual signature on checks exceeding a predetermined amount – This control is useful when signature plates are used for smaller check amounts. When signature plates are used, there is no longer a final review of payments before they are mailed. Therefore, requiring a “real” signature for large checks adds a final review point to the payment process.
4. Check signer compares voucher package to check – The check signer must compare the backup information attached to each check to the check itself, verifying the payee name, amount to be paid, and the due date. This review is intended to spot unauthorized purchases, payments to the wrong parties, or payments being made either too early or too late. This is a major control point for companies not using purchase orders, since the check signer represents the only supervisory – level review of purchases.
5. Implement positive pay – A strong control that virtually eliminates the risk of an unauthorized check ’ s being cashed is “ positive pay. ” Under this approach, a company sends a list of all checks issued to its bank, which clears only checks on this list, rejecting all others. However, this approach also calls for consistent use of the positive pay concept, since any manual checks issued that are not included on the daily payments list to the bank will be rejected by the bank.
6. Use electronic payments – There are several types of fraud that employees can use when a company pays with checks, while outside parties can also modify issued checks or attempt to duplicate them. This problem disappears when electronic payments are made instead. In addition, the accounts payable staff no longer has to follow up with suppliers on uncashed checks, or be concerned about remitting payments to state governments under local escheat laws, since there are no checks.
7. Reconcile the checking account every day – An excellent detective control, this approach ensures that any fraudulently modified checks or checks not processed through the standard accounting system will be spotted as soon as they clear the bank and are posted on the bank’s web site.
Controls for Electronic Payments
Electronic payments can involve large amounts of money, and so require a stringent set of controls to mitigate the risk of loss. They are:
1. Restrict access to master vendor file – For those electronic payments being made automatically by the accounting software, it is important to keep tight control over changes to the vendor master file, since someone could access the fi le and alter the bank account information to which payments are being sent.
2. Require signed approval document for manually initiated electronic payments – In a high-volume payment environment, nearly all electronic payments are routed through the accounting software, which handles the payments automatically. However, since a manually initiated payment falls outside the controls already imposed on the regular accounts payable process, the addition of an approval document is mandatory, preferably requiring multiple approval signatures.
3. Verify ACH debit filter with bank – If the business arrangement with a supplier is for the supplier to initiate an ACH debit from the company’s account, rather than the company’s initiating the transfer to the supplier, then the company should verify that it has authorized the bank to allow a specific supplier to debit an account.
4. Require password access to payment software – It is necessary not only to enforce tightly limited access to the software used to initiate electronic payments, but also to ensure that passwords are replaced on a frequent basis. This is a critical control and should be rigorously enforced.
5. Require additional approvals – Additional approvals are useful for larger payments. Another approval should be required whenever a new supplier is set up for electronic payment, since this is an excellent spot to detect the initiation of payments to a shell company. The additional approval could be linked to the generation of a credit report on the supplier, to verify its existence as a valid business entity. The highest level of control over electronic payments would be to require dual approvals for all such payments, though this may prove too onerous for ongoing business operations.
6. Require an end-of-day payments review – A standard detection control should be to have a third party who is unrelated to the electronic payments process review all payments made at the end of each day. This review should encompass a comparison of authorizing documents to the actual amounts paid, as well as verification that payments are made to the correct supplier accounts. The preceding set of controls relate only to the process of either issuing an electronic payment to a supplier or of allowing a supplier to debit the company’s bank account, and do not address problems such as unauthorized account debits and the sheer size of potentially incorrect or fraudulent payments. The next controls address these additional issues.
7. Impose an outright debit block on all company accounts – If the company does not wish to incur any risk of having a third party initiate a debit transaction against one of its bank accounts, it can impose a blanket debit block on those accounts, thereby preventing debit transactions from posting to a company account. A result of this control is that all electronic payments be initiated solely by the company, not by its trading partners.
8. Request a daily cumulative limit for authorized trading partner debits – Even if a company has installed ACH debit filters that authorize only certain suppliers to initiate an ACH debit, there is still a risk that the employees of an authorized supplier could fraudulently initiate a very large ACH debit. To mitigate this risk, see if the company’s bank can impose a daily cumulative limit on those suppliers who are allowed to initiate account debits.
9. Request notification of duplicate debits – If a supplier initiates a debit transaction that is identical to one posted in the past day or two, there is an increased risk that this could be a duplicate charge. To reduce the risk of this problem going undetected, have the bank notify the company whenever a duplicate debit is posted or (even better) prior to posting.
10. Use a separate bank account as the source of electronic payments – Because there is a risk of making extremely large fraudulent electronic payments, a useful control is to use a separate bank account as the source of electronic payments, with cash levels kept only high enough to fund those electronic payments made during the normal course of business, based on historical patterns. If an extremely large electronic payment is due to be made, this should initiate additional perusal of the transaction before additional cash is shifted to the account from which the payment will be made. To achieve a greater level of control, the person responsible for shifting funds into the electronic payments account should not be the same person who initiates or approves electronic payments.
Controls for Remote Deposit Capture
Remote deposit capture eliminates the need to physically transfer check payments to the local bank for deposit. However, the replacement process of converting the checks to an electronic format still requires some controls. They are:
1. Verify receipt by the bank – When processing checks through a remote deposit capture system, always print out a verification statement that the image was successfully sent to and received by the bank, and attach this verification to copies of the checks for storage. This ensures that the deposit has taken place.
2. Train for handling of foreign checks – Remote deposit capture works only for checks originating in the United States. However, if the person operating the scanning equipment were to mistakenly scan a foreign check, the system may indicate initial acceptance of the payment and then reject it a few days later. To avoid this delay in check presentation, train the staff regarding the treatment of foreign checks, and use periodic audits of scanned checks to see if any such checks were erroneously entered in the system.
Controls for Procurement Cards
The first control calls for card users to itemize each of their purchases in a separate log, which they then reconcile against the monthly card statement, noting missing receipts and rejected line items as part of the reconciliation. They then assemble this information into a packet of receipts and forms, and have a supervisor review it for inappropriate or split purchases, who then forwards the packet to the accounts payable department for payment:
1. Enter receipt in procurement card transaction log – When employees use procurement cards, there is a danger that they will purchase a multitude of items and not remember all of them when it comes time to approve the monthly purchases statement. By maintaining a log of purchases, the card user can tell which statement line items should be rejected.
2. Reconcile transaction log with monthly card statement – Each cardholder must review his or her monthly purchases, as itemized by the card issuer on the monthly card statement.
3. Fill out missing receipt form – Each card user should attach original receipts to the statement of account, in order to verify that they have made every purchase noted on the statement. If they do not have a receipt, they should fi ll out a missing receipt form, which itemizes each line item on the statement of account for which there is no receipt. The department manager must review and approve this document, thereby ensuring that all purchases made are appropriate.
4. Fill out line item rejection form – There must be an organized mechanism for cardholders to reject line items on the statement of account. A good approach is to use a procurement card line item rejection form, which users can send directly to the card issuer.
5. Complete reconciliation checklist – The statement of account reconciliation process requires multiple steps, some of which cardholders are likely to inadvertently skip from time to time. Accordingly, a standard reconciliation checklist that they must sign is a useful way to ensure that the procedure is followed.
7. Supervisory review for inappropriate or split purchases – There must be a third – party review of all purchases made with procurement cards. An effective control is to hand this task to the person having budgetary responsibility for the department in which the cardholder works. By doing so, the reviewer is more likely to conduct a detailed review of purchases that will be charged against his or her budget.
The preceding set of controls relate only to the process of tracking receipts and reconciling them against the monthly card statement. There are several additional controls that can be used to keep excessive or inappropriate purchases from being made; they are as follows:
8. Restrict purchasing levels – A major control over the use of procurement cards is the restriction of amounts that can be purchased. This may be a maximum amount of daily purchases, a limitation on the total purchased over a month, or restriction to purchases only from suppliers having certain Standard Industry Classification (SIC) codes. This approach is extremely useful for ensuring that cardholders do not run amok with their card purchases, while ensuring that losses are restricted if cards are stolen and used by a third party to make purchases.
9. Require supervisory approval of changes in spending limits – The initial spending limitation on a procurement card is intended to meet the purchasing needs of the user. Consequently, any request for an increase in the spending limit may mean that the user fraudulently intends to purchase beyond the budgeted spending level. To ensure that spending limits do not result in a significant level of overspending, all spending limit changes should be closely monitored and approved by a supervisor.
10. Verify that purchases are made through an approved supplier – The purchasing staff may have negotiated special volume pricing deals with selected suppliers, so it may be necessary to review statements of account to ensure that card users are making purchases from those suppliers. This control can be made more robust by issuing an approved supplier “Yellow Pages” to all cardholders, so they know where they are supposed to make purchases.
Controls for Letters of Credit
The greatest risk with a letter of credit is not being paid. The documents that a payee must present in order to be paid are usually prepared and controlled by other parties, and the terms of those documents may be very strictly defined, thereby delaying payment. All controls related to letters of credit are designed to improve the odds of being paid. The following controls should be implemented prior to finalizing a letter of credit:
1. Avoid approval by the buyer – There should not be any documentation requirement under the letter of credit where the document must be signed by someone who is under the control of the buyer, since the buyer can use this requirement to effectively block payment.
2. Avoid tight dating – The letter of credit contains dates by which goods must be shipped and documents presented. The seller should add a large margin of error to these dates to ensure that they can be met. If they cannot be met, then the seller should avoid shipping anything until the dates have been revised and agreed to in writing by all parties. In addition, the expiry date of the letter of credit should be sufficiently far off to allow for several rounds of document resubmissions.
3. Minimize presentment documents – If there are fewer documentation requirements under the letter of credit, then it will be easier for the payee to obtain payment. This must be negotiated with the buyer prior to issuance of the letter of credit.
4. Require a financially strong issuing bank – The issuing bank assumes the risk of the buyer ’ s insolvency, so the payee should insist that a bank with a strong credit rating be the issuing bank.
5. Require confirmation by a U.S. bank – If the issuing bank is in suspect financial condition, or if the political stability of the issuing bank’s country is questionable, then have a U.S. bank confirm the payment obligation. This confirmation makes the U.S. bank liable for the payment. If the confirmation cost is too high or cannot be obtained at all, then try to have the letter of credit issued outside of the political area that is causing the problem.
6. Require payment prior to buyer possession – The letter of credit should require that the seller is paid before the buyer takes possession of the goods. Otherwise, if there are discrepancies in the presented documents, a buyer that is already in possession of the goods will be less likely to waive the discrepancies, thereby delaying payment to the seller.
The following control involves the timing of shipments under a letter of credit to ensure that the buyer will pay in the event of an amendment to the letter of credit:
7. Complete amendments prior to shipment – If there are issues with the letter of credit that require amendment by the buyer and seller (and agreement by the issuing and confi rming banks), then verify that these changes have been completed and approved in writing prior to shipping the goods to the buyer. Otherwise, it is possible that the bank will not allow the amendments and refuse to pay, even though the goods have shipped.
The following control involves the creation of the seller’s invoice to the buyer, to ensure that it will be acceptable to the bank:
8. Match the description of goods on the invoice to the letter of credit – A bank will not pay under the terms of a letter of credit unless the description of goods on the invoice exactly match those on the letter of credit. The invoice preparer should be well trained on this issue, and it may also be useful to have a second person verify the invoice information.