. 42
( 55 .)


managers. The purchasing (procurement) manager gets control


reports on inventory and suppliers; the credit manager gets
control reports on accounts receivable and customers™ payment
histories; the sales manager gets control reports on sales by
product categories and salespersons, and so on.
Periodic control reports are rich in detail. For example, the
monthly sales report for a territory may include breakdowns
on hundreds and perhaps more than a thousand different
products and customers. Moving up in the organization to a
brand manager or a division manager, for example, the span
of management authority and responsibility becomes broader
and broader. At the top level (president or chief executive offi-
cer), the span of authority and responsibility encompasses the
whole business. At the higher rungs on the organizational lad-
der, managers need control information in the form of com-
prehensive financial and other reports.
Financial statements for management control are much
more detailed and are supplemented by many supporting
schedules and analyses compared with the profit and cash
flow models explained in earlier chapters, which are used pri-
marily for decision-making analysis. For instance, manage-
ment control financial reports include detailed schedules of
customers™ receivables that are past due, products that have
been held in inventory too long, lists of products that have
unusually high rates of return from customers (probably indi-
cating product defects), particular expenses that are out of
control relative to the previous period or the goals for the cur-
rent period, and so on. The profit and cash flow models illus-
trated in earlier chapters are like executive summaries
compared with the enormous amount of detail in manage-
ment control reports.

In addition to comprehensive control reports, a manager may
select one or several specific factors, or key items, for special
attention. I read about an example of this approach a couple
of years ago. During a cost-cutting drive, the chief executive of
a business asked for a daily count on the number of company
employees. He was told he couldn™t get it. Some data kept by
divisions were difficult to gather together in one place. Some
were in a payroll database accessible only to programmers.
But the CEO persisted, and now the data are at his fingertips
whenever he wants them: A specially designed executive


information system links personnel data directly to a personal
computer in his office. “Management knows I™m watching the
count very closely,” he said. “Believe me, they don™t add staff
It™s a good idea to identify a few relatively critical success
factors and keep a close watch on them. Knowing what these
factors are is one secret of good management. Product quality
is almost always one such key success factor. Customer loyalty
is another.
By their very nature, management control reports are con-
fidential and are not discussed outside the company. Manage-
ment control reports contain very sensitive information; these
reports disclose the “mistakes” of decisions that went wrong.
Often, unexpected and unpredictable developments upset
the apple cart of good decisions. Some degree of inherent
uncertainty surrounds all business decisions, of course. Never-
theless, management control reports do have a strong element
of passing judgment on managers™ decisions and their ability
to make good predictions.

A business relies heavily on its accounting system to
supply essential information for management con-
trol. The reliability of accounting information depends heavily
on specially designed procedures called internal accounting
controls and how well these controls are working in actual

Forms and Procedures
Specific forms are required to carry out the activities of the
business, and certain established procedures must be fol-
lowed. One fundamental purpose of these forms and proce-
dures is to eliminate (or at least minimize) data processing
errors in capturing, processing, storing, retrieving, and
reporting the large amount of information needed to operate a
Forms and procedures are not too popular, but without them
an organization couldn™t function. Without well-designed forms
and clear-cut procedures for doing things, an organization


couldn™t function very well, if at all. On the other side of the
coin, there™s a danger that filling out the forms becomes per-
functory and careless, and some employees may bypass
them or take shortcuts instead of faithfully following official
Internal accounting controls also are instituted for another
extremely important reason”to protect against theft and
fraud by employees, suppliers, customers, and managers
themselves. Unfortunately, my father-in-law was right. He
told me many years ago that, based on his experience,
“There™s a little bit of larceny in everyone™s heart.” He could
have added that there™s a lot of larceny in the hearts of a few.
It™s an unpleasant fact of business life that some customers
will shoplift, some vendors and suppliers will overcharge or
short-count on deliveries, some employees will embezzle or
steal assets, and some managers will commit fraud against
the business or take personal advantage of their position
of authority. Newspapers and the financial press report
stories of employee and management fraud with alarming

In summary, internal controls have two primary pur-
poses: (1) to ensure the accuracy, completeness, and
timeliness of information collected, processed, and reported
by the accounting system, and (2) to deter and detect dishon-
est, illegal, and other behaviors counter to the policies of the
business by its employees, managers, customers, and others.
This is a tall order, but any business manager you ask about
this will attest to the need for effective internal accounting
The ideal internal accounting control is one that ensures
the integrity of the information being recorded and processed,
one that deters or at least quickly detects any fraud and dis-
honesty, and one that is cost-effective. Some controls are sim-
ply too costly or are too intrusive on personal privacy. Body
searches of employees leaving work might qualify, though dia-
mond and gold mines take these precautions, I understand,
and a recent article in the New York Times indicated that
some of General Electric™s employees must go through a
search on exiting from work.


The national organization of CPAs, the American Institute of
Certified Public Accountants (AICPA), is a good source for use-
ful publications that deal with internal accounting controls.*
These are superb summaries and reflect the long experience
of CPAs in auditing a wide range of businesses. The AICPA™s
guidelines are an excellent checklist for the types of internal
accounting controls that a business should establish and
enforce with due diligence.

Speaking of CPAs, financial statement audits by inde-
pendent public accountants can be viewed as one type
of internal control. Based on its annual audit, the CPA firm
expresses an opinion on the external financial statements
issued by a business. Business managers should understand
the limits of audits by CPAs regarding the discovery of errors
and fraud. Auditors are responsible for discovering material
errors and fraud that would cause the financial statements to
be misleading. However, it is not cost-effective to have the out-
side auditor firm do a thoroughgoing examination that would
catch all errors and fraud. It would take too long and cost too
much. The first line of defense is the business™s internal
accounting controls. Having an audit by an independent CPA
firm provides an independent appraisal and check on its inter-
nal controls, but the business itself has the primary responsibil-
ity to design and establish effective internal accounting controls.
Many larger business organizations establish an internal
auditing function in the organization structure of the business.
Although the internal auditors are employees of the organiza-
tion, they are given autonomy to act independently. Internal
auditors report to the highest levels of management, often
directly to the board of directors of the corporation. Internal
auditors monitor and test the organization™s internal accounting

*A good place to start is Statement on Auditing Standards No. 55, “Consid-
eration of the Internal Control Structure in a Financial Statement Audit”
(American Institute of Certified Public Accountants, Inc., New York, origi-
nally issued in 1988 and later amended). Also, the AICPA has put out an
Audit Guide on this topic, and the Committee of Sponsoring Organizations
of the Treadway Commission issued a series of influential publications deal-
ing with internal control in 1992.


controls regularly. They also carry out special investigations,
either on their own or at the request of top management and
the board of directors. Different departments and areas of
operation are audited on a surprise basis or on a regular rota-
tion basis.


Business fraud is like adultery. It shouldn™t happen, but
those who do it make every attempt to hide it, although it
often comes out eventually. The same holds true for business
fraud. Businesses handle a lot of money, have many valuable
assets, and give managers and other employees a great deal
of authority. So it™s not surprising that a business is vulnerable
to fraud and other dishonest schemes. Fraud, in contrast to
theft, involves an element of deception. The guilty person is in
a position of trust and authority. The perpetrator of fraud
owes a duty to his or her employer, but deliberately violates
this duty and covers up the scheme.
Many books have been written on business fraud. Many
seminars and training programs are offered that deal with
fraud in the business world. Indeed, developments are under
way to make the control and detection of business fraud a
professional specialty. Keep in mind that audits and internal
accounting controls are not foolproof. A disturbing amount of
fraud still slips through these preventive measures. High-level
management fraud is particularly difficult to prevent and
detect. By their very nature, high-level managers have a great
deal of authority and discretion. Their positions of trust and
power give high-level managers an unparalleled opportunity
to commit fraud and the means to conceal it.

A few years ago several investment banks and other financial
institutions revealed huge losses caused by employees making
unauthorized trades in financial derivatives. In virtually all of
these cases there was a breakdown in important internal con-
trols. Many of these cases violated one of the most important
of all internal controls”requiring two or more persons to
authorize significant expenditures and major risk exposures.
Many of these cases also revealed another key internal control
that was violated: separation of duties. The authority for mak-
ing a decision and carrying it out should always be separated


from its accounting and record keeping functions. One person
should never do both.
One prime example of a high-risk fraud area in business
comes to mind. The purchasing agents of a business are vul-
nerable to accepting bribes, kickbacks, under-the-table pay-
ments, and other favors from vendors. A purchasing agent I
know very well made me aware of how serious a problem this
is. He didn™t say that all purchasing agents are corrupt, but he
certainly suggested that the temptation is there and that many

Keeping a close watch on cash flows is a good way to catch
signs of possible fraud, which is evidently overlooked by most
managers. Most fraud schemes and scams go after the money.
As Willie Sutton said when asked why he robbed banks,
“Because that™s where the money is.” To get the money and
conceal the fraud as long as possible, a perpetrator must
manipulate and misstate an asset or a liability”most often
accounts receivable, inventories, or sometimes accounts
payable. (Other assets and liabilities may also be involved.)
In particular, managers should keep alert to increases in
accounts receivable and inventories. Not only do these
increases cause negative cash flow effects, such increases
could signal a suspicious change that is not consistent with
changes in sales activity and other facts and information
known to the manager.


. 42
( 55 .)