Separation of duties is the key ingredient in any internal control system. Without that separation, it is virtually impossible to be reasonably assured that the organization’s internal control goals are met. In a small organization, there may be as few as two or three individuals involved in the processing, recording, and reporting of transactions. With careful planning and assigning of duties, it is possible to establish an elementary internal control system with very few people. If the committee staff is very small maintaining some level of separation of duties and independent review is of prime importance The Treasurer can provide independent review so long as he or she does not process transactions on a day-to-day basis or prepare a disclosure report. The controls discussed below include those over cash and non-cash assets that are readily convertible into cash (e.g., liabilities whose liquidation will require the use of cash, such as accounts payable and notes payable). The areas discussed below represent particular vulnerabilities the Commission has identified based on its regulatory experience. They do not represent an exhaustive list of assets to be safeguarded.
Limit the number of bank accounts to those absolutely required to manage the committee’s business. It may, for example, be more convenient to have separate accounts for the primary and general elections and/or receipts and disbursements. Obviously, the fewer the accounts, the greater the control and the smaller the opportunity for errors or wrongdoing.
A political committee should obtain from the Internal Revenue Service an employer identification number (“EIN”) in the name of the committee and all committee bank accounts should be in the name of the committee and utilize the committee EIN. Never approve the opening of an account in the name of an individual or the using of an individual’s Social Security Number. The mailing address should be a committee address and the statements should be delivered unopened to a person not charged with processing transactions. Only the treasurer or his designee should be permitted to open and close bank accounts. Those with such authority should be specifically named in writing.
Limit the number of persons authorized to sign checks. In addition, checks in excess of a certain dollar amount should require the signature of two responsible individuals. The recommended threshold is $1,000. Facsimile signatures should be prohibited unless controlled by a checksigning machine with a numerical sequence counter. No signature stamps should be allowed.
Debit and credit cards must be carefully controlled since they represent easy access to committee assets. The committee’s bank or credit card issuer may be helpful in this regard. It may be possible to place dollar restrictions on cards, both on a per transaction basis and a cumulative limit. Once expenditures are approved, the limit can be re-established. Limits or prohibitions can also be placed on cash withdrawals.
Review the transactions on bank statements and reconcile the statements to the accounting records each month in a timely manner. Many committees find that the use of one of the commercially available small business accounting software packages is useful in this process. They often include a simplified pre-programmed process for reconciling the accounts and locating differences. The review and reconciliation are essential to determining if any errors occurred, unauthorized checks were issued or receipts were stolen. Someone should reconcile the bank statement other than the check signers and those controlling the checking account and processing transactions. The individual responsible for reconciling the account should receive the bank statement unopened. This one step of segregating the processing of transactions and the reconciliation of accounts would have prevented or quickly revealed a number of the misappropriations and the associated false reporting that the Commission has observed in recent years. It is also an excellent technique for discovering errors and omissions that occur accidentally.
Prior to filing each report, a reconciliation between bank and accounting records and the disclosure reports should be undertaken. The use of electronic banking can contribute to the timely reconciliation process and allow reconciliations to be easily done when reports do not coincide with bank statement dates. Access to the electronic banking system should be limited.
Require all wire transfers to be pre-authorized by two responsible individuals and immediately recorded in the accounting records. A committee sequential identification number (similar to a check number) is often helpful in recording and controlling wire transfers. A gap in the sequence number indicates a wire transfer that was not recorded. The Commission has encountered situations where the failure to record wire transfers has resulted in substantial misstatements in disclosure reports. Naturally, the reconciliation of the checking accounts to the accounting records and the disclosure reports will help prevent the filing of erroneous reports.
Finally, investigate other control related services that the committee’s bank may be able to provide. With electronic banking, information is available instantly that can contribute to a more secure control environment. Also banks may be able to screen checks that are drawn on committee accounts during their processing for compliance with agreed upon criteria.
Make a list of receipts when the mail is opened. Ideally, the person opening the mail and preparing the list should be independent of the accounting function. A responsible official should periodically (during the monthly bank reconciliation if not more often) compare the list with the recorded amount for the deposit and the deposit amount on the bank statement. Some committee’s have found using a lockbox service (to independently open mail, record the contributions, and make bank deposits) to perform this part of receipt processing beneficial. Such services may be available through the bank.
The employee responsible for opening the mail should complete to following:
- Place restrictive endorsements, such as For Deposit Only to the Account of the Payee, on all checks received. The account number can be added but that addition may cause a security concern by providing each contributor the committee’s account number.
- Prepare a list of the money, checks, and other receipts.
- Forward all receipts to the person responsible for preparing and making the daily bank deposits. Cash and check receipts should be deposited intact daily.
If the committee receives contributions via debit and credit card, the same type of information described above for checks and cash should be assembled for those contributions. The same verification to bank deposits should also be performed. The procedure will depend on the system that the credit card processor has in place. These control issues should be taken into account before selecting a firm to process the committee’s credit card contributions.
Prohibit delivery of unopened business mail to employees having access to the accounting records.
Contributions that are received by committee personnel at events and in person should be subject to the same procedures as those received via mail. Lists should be made and the checks submitted to the person(s) doing other contribution processing.
Secure undeposited receipts in a locked cabinet at all times.
Cash refunds should require approval.
Locations where the physical handling of cash takes place should be reasonably safeguarded.
Generally, disbursements should be made with pre-numbered checks, with the exception of petty cash. Using checks for all major cash payments ensures that there is a permanent record of the disbursement. The check should be pre-numbered so that it is accounted for properly. This procedure helps to prevent the issuance of a check that is not recorded in the cash disbursement records. As noted above, it is good practice to require checks in amounts greater than a specified amount to require two signatures. Additionally, pre-signed checks should not be allowed. The use of credit and debit cards should be very carefully controlled and detailed records of the transactions should be required of all users. Avoid using credit and debit cards to withdraw cash. Wire transfers should require dual authorization and each wire should be assigned a sequential number to help assure that all such payments have been recorded. Wire transfers should be recorded in the accounting records immediately.
If a mistake is made when preparing a check, void the check before preparing a new one. The voided check should then be altered to prevent its use, retained to make sure all prenumbered checks are accounted for, and filed with other checks for a permanent record. The stock of unused checks should be safeguarded and regularly inventoried.
If possible, check signing should be the responsibility of individuals having no access to the accounting records.
Draw checks according to procedures prescribing adequate supporting documentation and authorization. It is in a committee’s best interest to ensure that invoices that have been properly authorized support disbursements. This documentation should include (1) a proper original invoice; (2) evidence that the goods or services were received; and (3) evidence that the purchase transaction was properly authorized. Some committees find the use of a check authorization form to be useful. The signatures required for such authorizations can vary based on the size and nature of the transaction.
All supporting documents should be canceled or marked “paid” once a disbursement is made to avoid double payments. In the past the Commission has observed instances where failure to take these steps has resulted in many costly duplicate payments. Payments should not be made on statements or balance-due billings unless underlying invoices are included.
Mail all checks promptly and directly to the payee or if they are to be delivered by committee staff, require that the person taking control of the checks signs for them. The person mailing the check should be independent of those requesting, writing, and signing it.
Use an imprest petty cash fund with one custodian. The imprest fund involves replenishing petty cash only when properly approved vouchers and/or petty cash log entries are presented justifying all expenditures. The amount of the replenishment is equal to the difference between the stated amount of the fund and the remaining balance. For accountability, only one person should be in charge of the fund. The amount to be placed in the petty cash fund will need to be determined by the committee based on its operating needs but should be kept to the minimum amount needed to make small disbursements. A petty cash fund of not more than $500 should be adequate in most cases. If that proves not to be the case, the committee should review its policies concerning which disbursements may be paid from petty cash. No cash disbursement in excess of $100 is permitted.
Many committees use a payroll service for much of the payroll function. Where there are more than a few employees, a service can be a very effective way of handling payroll and maintaining a separation of duties within the payroll operation. As an additional benefit, the service will often take care of the preparation and filing of the necessary tax returns, and thereby help avoid errors and associated penalties. If the committee chooses to handle payroll in-house, the signing and distribution of the checks must be properly handled to prevent their theft. The controls should include limiting the authorization for signing the checks to a responsible person who does not have access to timekeeping or the reparation of the payroll, the distribution of the payroll by someone who is not involved in the other payroll functions, and the immediate return of unclaimed checks for redeposit.
If the committee has more than a few employees, it is advisable that it use an imprest payroll account to help prevent the payment of unrecorded payroll transactions. An imprest payroll account is a separate checking account in which a small balance is maintained. A check for the exact amount of each net payroll is transferred from the general account to the payroll checking account immediately prior to the distribution of the payroll. The advantages of an imprest account are that it limits the organization’s exposure to payroll fraud, allows the delegation of payroll check-signing duties, separates routine payroll expenditures from other expenditures, and facilitates cash management.
The accounts payable/notes payable procedures are clearly related to the procedures for cash disbursements and payroll. The control concern is to make certain that all liabilities are properly recorded and ultimately paid. There should be proper segregation of duties over the performance of the functions of comparing receiving reports, purchase orders, and invoices and the handling of the actual disbursement functions. As noted previously, invoices should be stamped “paid” and payments should not be made from statements of account unless accompanied by the related bills and invoices. These procedures prevent accidentally paying the same charges more than once. For disbursements that are not normally accompanied by an invoice (e.g., payment on a note or office rent), the authorization should come from a responsible official.
Most political committees are required to file their reports electronically and therefore many of their accounting records are automated. All of the same control considerations that apply to a manual transaction system apply to an automated system. In particular, separating functions so that data files are reconciled to other records by someone independent of the transaction processing and reporting function is critical. In addition, in electronic systems, the selection of software, the training of staff in the use of that software, limiting access to the system, and security of the data are important considerations.
In many cases, the electronic filing software is separate from accounting software. If this is the situation, determine if data can be exported from the accounting software to the filing software. Not only is it more efficient than entering the data twice, it reduces the opportunity for error.
There is an additional safeguard that is important and sometimes overlooked. The electronic data must be regularly backed up to avoid a loss of data that can interfere with a committee’s ability to file timely and accurate disclosure reports. Regardless of whether such a data loss stems from a hardware failure, a software failure, human error, or a disaster such as a fire or a flood, the result is the same. There are several ways to accomplish a data backup. In some instances, the software supplier will “host” the data meaning that it resides on the supplier’s server and is backed up by the supplier. If a backup is to be done locally, it can be accomplished by copying the data to a tape or CD and storing the backup off-site. Ideally, the backup should be done daily.
While no system of internal controls can ever be foolproof and one set of controls is not a good fit for all types of committees, the elements identified above can significantly reduce the opportunity for intentional misappropriation of funds and any related false reporting. Furthermore, many of these internal controls can also reduce the likelihood of inadvertent errors that can result in reporting problems. This discussion of internal controls is not intended to be exhaustive or to prescribe any one set of controls. It is up to each political committee to carefully consider what internal controls are valuable and feasible.