Cash controls in business finance and accounting include cash management, internal control, and enterprise risk management (ERM) measures, as described in best practices frameworks and guidance from the COSO committee, created by the Treadway Commission. The U.S. federal government’s Sarbanes-Oxley Act of 2002 requires SOX cash controls.
What are Cash Controls in Business?
Cash control is cash management and internal control over cash and cash-related policies within a company. Cash controlling receipts and cash disbursements reduces erroneous payments, theft, and fraud. Internal control includes corporate governance, company policies, segregation of duties, authorized approvals for purchases, designated signature authority with limits, payments reconciliation, and bank account reconciliation.
Internal control over cash improves as a business grows and increases its accounting team’s size to assign separation of duties in cash handling and recording cash transactions in the accounting records.
Internal Control of Cash Receipts
Cash receipts are incoming cash from any business transaction. Cash receipts from customers include cash received immediately for cash sales, money orders, cash from credit card payments, and the cash collection of accounts receivable balances for credit sales when their cash payment is due. Cash receipts also relate to asset sales, including investments or property and equipment sales.
How can cash receipts be controlled?
- Obtaining employee bonding insurance, requiring background checks
- Establishing segregation of duties
- Safeguarding cash and cash equivalents in secure locations
- Using a lockbox to receive cash payments from customers
- Making daily bank deposits
- Reconciling the cash balance on bank statements to the general ledger at least monthly
- Establishing a procedure to ensure that all cash receipts are recorded
- Having supervisors approve voided transactions and returns
- Petty cash fund audits and petty cash internal controls
- Requiring authorized approvers for accounts receivable customer account write-offs
- Auditing and confirming accounts receivable customer balances by a CPA firm
Internal Control of Cash Disbursements
Cash disbursements are also called cash payments. Internal controls for cash apply to cash disbursements.
How can cash disbursements be controlled?
Internal control over cash disbursements includes:
- Establishing segregation of duties
- between employee handling cash receipts and making cash disbursements
- between employee making payments and approving payments
- between employee incurring expenses and approving payments
- Following company cash control policy stating approval limits and authorized approvers
- multiple bank account and check signers with limits
- Requiring multiple approvals, including the CEO and board of directors approval for significant transactions
- Approving cash payments based on two-way or three-way document matching of supplier invoices, approved purchase orders, (and receiving reports)
- Using sequential payment numbers to account for missing items
- Reconciling payments on a timely basis
- Maintaining a controlled and secure petty cash fund, and cash drawer in a POS system
- Preparing at least monthly bank reconciliations and petty cash reconciliations and reimbursement
- Reviewing the vendor master file for accuracy of vendors and inactive vendors
- Validating vendors online to reduce fraud
- Using budgetary accounting controls and investigating variances from actual results
- Establishing adequate IT and software controls, including passwords and two-step validation
- Avoiding phishing, phone, and mail fraud schemes
- Having an annual financial audit by a CPA firm
Bank Deposits and Bank Reconciliations for Cash Control
Bank deposits and bank account reconciliations are examples of internal control and cash accounting.
Retail companies with physical point-of-sale cash registers need to safeguard cash assets in the cash drawer. Ecommerce companies also need to implement adequate cash controls.
For store locations, every cashier has an assigned cash drawer. At least every business day, a cash count needs to reconcile electronic cash receipt totals to cash contained in the cash drawer of each POS. A second authorized employee must do this cash count and reconciliation to achieve the segregation of duties for internal control over cash.
Customers need to receive sequentially numbered receipts or a cash register tape receipt, with an electronic copy retained by the merchant. One internal control (and tax avoidance) risk is that cash received is never recorded in the POS system or accounting records.
Employees who handle cash and record cash need to be bonded by an insurance policy.
Bank deposits, including cash deposits, should be daily to improve cash controls. For cash and paper checks received, proper segregation of duties requires more than one employee. One person lists the amount of cash and checks received by date, check number, and amount, with the total amount received for the day on a bank deposit slip or cash control sheet. A second person makes the bank deposit. A third person records the bank deposit in the accounting records.
For all company bank accounts, reconcile the cash balance per the bank statement at least monthly with the general ledger cash account balance for that bank account. Many accounting systems offer automated bank reconciliations. Accounting software vendors may offer detailed automatic bank deposits. Reconcile checking accounts and savings accounts.
Using AP Automation Software for Internal Control of Cash Payments
Global mass payments and payables software automates and streamlines the entire accounts payable workload, substantially reducing time, errors, and fraud. Tipalti AP automation software improves control over cash disbursements by:
- Using self-service supplier or vendor onboarding for data accuracy
- Scrubbing suppliers against blacklists for global compliance and fraud reduction
- Checking the validity of supplier tax identification numbers
- Obtaining automated authorized approvals
- Checking for duplicate payments by payers
- Generating electronic remittance advice with paid invoice numbers
- Using an automated engine for screening payments with 26,000+ rules
- Automatically reconciling payments in real-time
COSO Frameworks for Cash Controlling Best Practices
Understanding cash control requires a basic understanding and high-level view of good internal control for financial and business or enterprise risk management. COSO provides internal control and enterprise risk management (ERM) frameworks and guidance that describe best practices.
What is COSO?
COSO is the Committee of Sponsoring Organizations of the Treadway Commission. COSO sponsors are prominent, accounting, financial, and auditing organizations:
- American Accounting Association
- American Institute of Certified Public Accountants (AICPA)
- Financial Executives International (FEI)
- IMA: The Association of Accountants and Financial Professionals in Business
- The Institute of Internal Auditors (IIA)
What are the COSO Frameworks for Internal Control and ERM?
COSO has published two updated frameworks on internal control and enterprise risk management (ERM). The Internal Control–Integrated Framework was initially issued in 1992.
COSO frameworks with update dates and Executive Summary links are:
- 2017 Enterprise Risk Management: Integrating with Strategy and Performance
- 2013 Internal Control–Integrated Framework
In June 2018, COSO released a supplement to Enterprise Risk Management – Integrating with Strategy and Performance, authored by CPA and consulting firm, PwC. The supplement, which includes real business case studies, is titled ERM Compendium of Examples.
In August 2020, the COSO committee issued guidance on BlockChain and Internal Control: The COSO Perspective. COSO indicates that blockchain increases risks and requires the implementation of some new internal controls for risk management.
The COSO Internal Control–Integrated Framework illustrates internal control with a cube illustration showing three readable sides. The top of the COSO cube represents the Objectives, the side is Components, and the third side is Organizational Structure.
What are the 3 Internal Control COSO Objectives?
The COSO framework objectives of internal control are:
What are the 5 Internal Controls COSO Components?
The COSO framework integrated components of internal control are:
- Control environment
- Risk assessment
- Control activities
- Information & communication
- Monitoring activities
What are the 4 COSO Internal Control Organizational Structures?
The COSO framework organizational structures of internal control are:
- Entity level
- Operating Unit
Cash Flow Management for Cash Control
Cash management is used for controlling cash flow for business growth.
Cash management is an essential financial function that plans the timing of cash inflows and outflows and signals when financing is needed to sustain and grow business operations. Effective cash control establishes credit policies, approvals, and limits, speeds up the collection of cash receipts, takes invoice prompt payment discounts, and shortens the cash conversion cycle.
Cash management includes capital expenditure project approvals and cash budget allocations based on net present value, ROI, or other measures selected by your business.
The Statement of Cash Flows is a financial statement that shows the beginning and ending cash balance and the inflows and outflows of cash by category, with some added disclosures. The Cash Flow Statement classifies cash flow as operating, investing, and financing activities.
Cash Control Methods – In Summary
Businesses need to implement cash control procedures for cash balances, cash receipts, and cash disbursements to avoid a valuable liquid asset’s misappropriation. We explained the importance of cash control, COSO internal control and enterprise risk management (ERM) frameworks, and features that AP automation software provides to control cash and reduce fraud and erroneous cash payments.