In the first on a series of blogs on internal controls and fraud we look at some of the key controls that we would consider essential in ensuring the accuracy and safety of your bank accounts.
The main control over the bank is of course completion of regular bank reconciliation, whereby the balance in the bank statement is reconciled with the transactions included in your accounting system. Reconciliations should be prepared at least monthly and differences investigated as soon as possible. With larger Credit Unions, reconciliations are likely to be prepared weekly or daily. Reconciliations should also be reviewed by another person and signed by both the preparer and reviewer. In addition, the Supervisory Committee should be carrying out a separate check on the bank reconciliation at least once a quarter.
Another key control is setting out who is authorised to open a new bank or deposit account. Accounts should only be opened with Board’s approval. Having the opportunity to open an account in the Credit Union’s name provides the opportunity to commit a number of frauds and should therefore always be tightly controlled. Credit Unions should set out all controls and processes for opening accounts within a treasury management policy, and this should be provided to all those involved in the process. It should also include the financial institutions which the Credit Union considers are within its risk appetite before any investment is made. Often this will be based on the credit rating of the financial institution.
A common fraud area is where emails or other forms of correspondence advise that one of the credit union’s supplier has changed bank details. Where there are any instances of this, the financial procedures should outline the checks required to verify any change. This could take the form of phoning the supplier to confirm or asking them to confirm in writing on supplier head noted paper by the known supplier contact. There should also be proper checks in place over any changes to member’s bank details.
Clearance days also need to be watched by Credit Unions. If members deposit cheques into the Credit Union then these funds should not be allowed to be withdrawn until the cheque has cleared. Similarly, Credit Unions should be aware that funds deposited by card payment could be withdrawn at a later date by the card company if they have been made illegally.
A full audit trail should always be kept for any payment. In addition, invoices should be checked to ensure the amounts are correct, the invoice aligns with the order, the goods or services have been received and all invoices signed confirming they have been properly authorised in line with delegated authority.
Segregation of duties is the cornerstone of any process, although it can be difficult to achieve in smaller Credit Unions. Authorising the transaction, making the payment and recording the transaction should be carried out by separate staff wherever possible. Whenever a credit union staff or Board member are signing a cheque or authorising a payment it is important that the amount is reviewed in conjunction with the attached paperwork before signing the cheques, or approving online payments. If you are signing the cheque or authorising the payment you are taking responsibility for that payment and you must therefore be satisfied with the details of that transaction. Finally, most Credit Unions understand the importance of ensuring there are at least two people authorising cheques, however as electronic payments are becoming more prevalent, it is important that electronic payments made via the online banking facility incorporate dual authorisation. Not all online banking systems require dual authorisation. Without this control you may not be covered by your fidelity bond insurance for unauthorised payments.