Internal Controls: Good Controls are Useless if Management Can Override Them

Standard

Some companies think they are protected against employee fraud because they have strong internal controls. Often, that’s the case. Good controls mean the rules are followed and the money is properly accounted for.

Sometimes, however, good controls are meaningless. What about the controls over the controls? All the rules and designated procedures in the world are meaningless if management has the ability to override them at will. When these overrides go unchecked, the company is often no better off than if they didn’t have any controls in place.

Indeed, the risk that management will override controls established to prevent fraud and ensure accurate financial statements is great. It is a constant risk as executives are in a position to manipulate numbers and direct employees to aid the manipulation. They can easily fabricate transactions or modify numbers to craft the financial statements to report whatever their hearts desire.

Smaller companies are often at greater risk of management override simply because they have fewer employees and less segregation of duties. Clearly it’s easier to get one or two employees in a small company to disregard internal controls than it is to get ten employees in a larger company to participate. Larger companies naturally have more checks and balances in place because there are more sets of eyes looking at the numbers.

Mechanics of Overrides
The motivation for management to override internal controls could include things such as:

  •  Dependence on financial results for receiving bonuses or other benefits
  • Need to meet debt covenants or other benchmarks imposed by lenders or investors
  • Manipulation of stock price
  • Pending sale of the company or refinancing of debt
  • Desire to take shortcuts through the company’s system

The methods used to override the system of internal controls are many. Management can do things like adjust accounts receivable to make the aging look more favorable, record non-existent sales, improperly manipulate inventory reconciliations, record false credits from vendors to lower expenses, hide documentation that could alert auditors to unrecorded liabilities at year-end, capitalize expenses, induce customers or vendors to provide false responses to auditor confirmations, or lie about the true nature of a transaction (and therefore its accounting treatment).

There are constantly opportunities for management to override the system to benefit the company or an individual. Because there are so many ways to commit this type of fraud, and finding proof is often difficult, it’s easy to see why employees, auditors and board members might throw their hands up in disgust. Where do they begin looking when the possibilities are endless? That’s exactly what the dishonest manager is hoping for, because then the chances of detection become even more remote.

3 thoughts on “Internal Controls: Good Controls are Useless if Management Can Override Them

  1. I would add that companies sometimes turn a blind eye to “work-arounds” which bypass financial controls because the systems they put in place have become too onerous. While it should be difficult to spend company money, some systems make it nearly impossible for a business to be flexible.

    I’m not an accountant, but I often have to deal with the systems put in place by accountants (please don’t take that personally, I might have to talk to you at a party again). The reality is that business needs to be sure they hire people who have an ethical and moral compass in addition to placing common sense controls on financial transactions and records.

Leave a Reply