Admin & Finance - Section 3: Internal Controls Flashcards
True or False:
Rural practices are less vulnerable than other practices when handling money.
False; rural practices are just as vulnerable as other practices when handling money.
Why is it important to have protocols and internal controls in place in your practice?
Protects clinic and staff from the accusation of security breaches.
True or False:
It is easier to refute any allegations of impropriety when a clinic has proper protocols in place.
True
What 3 things can create crime?
Means, motive, and opportunity
True or False:
One person should be in control of the entire process.
False; there should be multiple individuals and controls in place to ensure that one individual is not in charge of the entire process
Risk example:
Cash received from patient is diverted to ____.
Employee
Risk example:
Charge and applicable payment are not ____.
Posted
Risk example:
Charge is posted with payment ____ to reduce balance.
Adjusted
Risk example:
____ ticket is destroyed.
Fee
Risk example:
____ are diverted to the wrong account.
Deposits
Risk example:
Records are ____ to cover up diverted funds.
Altered
Risk example:
Cash drawer or petty cash ____.
Leakage
Risk example:
Business supplies or inventory items are consumed or removed for employee’s ____ use.
Personal
What are 2 ways in which payroll data can be falsified?
1) Hours worked
2) Hourly rate increased without authorization
Falsely reporting hours worked in an example of what type of risk?
Payroll records being falsified
Increasing an hourly rate without authorization is an example of what type of risk?
Payroll records being falsified
A check to an RHC can be mishandled by being applied to medical accounts of a ____ member.
Family
A check to an RHC can be mishandled by deposits being diverted to accounts controlled by ____ ____.
Bad actors
A check to an RHC can be mishandled by being ____ or ____ off an applicable account.
Adjusted or written off
A check to an RHC can be mishandled by deposits being ____ from the system.
Deleted
Within an accounts payable scheme, how can paying bills be mishandled?
Bills can be paid to a “company” controlled by an employee or an employee’s family/friend
Within an accounts payable scheme, how can services be misdirected?
Services can be paid for that weren’t actually rendered
Within an accounts payable scheme, an employee could receive ____ for paying for more expensive items/services.
Kickback
Why are smaller clinics more at risk for accounts payable schemes?
They are often more lax and have less robust systems in place to catch risk/fraud
What do internal controls help identify and mitigate within an organization?
Financial risks
Internal controls are protocols which are implemented to ensure the ____ of the financial and accounting system.
Integrity
Internals controls are protocols which are implemented to ensure ____ and ____.
Security and accountability
Internal controls are protocols which are implemented to communicate ____ policies throughout the organization.
Management
What are the 3 purposes of internal controls?
1) To protect ____ health, 2) to protect ____, and 3) to protect the ____ of the medical practice
1) Financial
2) Efficiency
3) Operations
What 5 areas do internal controls address?
1) Deposits/cash
2) Accounts payable
3) Mail
4) Inventory
5) Bank statements/credit card statements
True or False:
All systems of internal controls are identical.
False; no two systems of internal controls are identical.
True or False:
Many core philosophies regarding financial integrity and accounting practices have become standard management practices.
True
Internal controls should be ____ to meet the size, needs, resources, and capacity of the organization.
Scalable
Internal control is a process that involves controlling the ____ to the practice.
Risk
____ is the best defense against risk.
Prevention
When moderating risk, what is important to communicate to staff members?
That protocols are being consistently monitored and measured.
What is a key factor in moderating risk in relation to staff?
Staff knowledge that a process is in place to monitor processes
When moderating risk, communication to staff members that protocols are being consistently monitored and measured is a key factor. What is this taking away from the employee?
The opportunity and means to defraud the organization.
True or False:
When moderating risk, you do not need to have a policy for banking and controls.
False; you do need a policy in place for banking and controls.
True or False:
You need a policy in place detailing deposit reconciliation.
True
What do you need to consider when creating a policy to moderate risk in relation to income mail?
Who receives incoming mail?
What do you need to consider when creating a policy to moderate risk in relation to financial websites?
Who has access? Who has administrative privileges?
What do you need to consider when creating a policy to moderate risk in relation to inventory controls?
How do we keep inventory from walking out of the door?
True or False:
You need a policy in place detailing purchasing controls.
True
Where does malfeasance frequently occur with bank transactions?
Deposits and monthly statements
Bank statements and checks cashed must be ____ reviewed and reconciled by 2 different people.
Independently
Bank statements must be reviewed by a ____.
Manager
True or False:
The same person who prepares the deposits can be the same person who actually takes the deposits to the bank.
False; deposits should be made by someone other than the person who prepared it.
Who can make recommendations to your organization for banking controls that are appropriate?
Your CPA
Why is it essential to split up responsibilities that employees have within the banking/deposit process?
To not give employees the means and opportunity to defraud the organization
As a best practice for cash and deposits, who should review/audit deposit and cash reconciliations?
Someone other than who prepared them
True or False:
One individual should be responsible for preparing the daily deposit, and a different person should do the actual deposit.
True
Who should verify cash drawer and petty cash balances?
Someone other than who prepared them
Cash reconciliation review should be separated from ____ preparation.
Deposit
What is one way to ensure that fee tickets and corresponding payment tickets cannot be altered and deleted?
Having them auto-numbered through HER/PM.
Appointments should be tracked and compared to what?
Expected charge posting
What policy should be implemented in regards to cash receipt book?
All patients should receive a receipt if not immediately posted with receipt to account.
What should contractual write offs and adjustments be reviewed for?
Trends and typical percentages to total charges
True or False:
One individual should open the mail and one should stamp checks for deposit.
True
True or False:
Bank statements can come to the same person who is responsible for posting and depositing payments.
False; bank statements must come to different personnel than the individual responsible for posting and depositing
How can an employee not wanting to take a vacation be a red flag?
They could be covering up suspicious activity that they’re afraid someone else would uncover if the were away from the off.
True or False:
In many ways, inventory is similar to cash.
True
True or False:
Diverting inventory into employees’ hands is the only example of why inventory controls are needed.
False; too much inventory can also be purchased, which would require inventory controls
In regards to inventory controls, what 2 things should require authorization?
1) Who can sign for goods and services
2) Who controls the release of goods and services out the door after the processing has been completed
As an inventory control, ____ limits of purchasing authority should be established.
Maximum
As an inventory control, what should all payments be supported by?
Invoices and 1099s
As an inventory control, ____ should be required for all purchases over a stated limit.
Bids
True or False:
As a purchasing control, credit cards for the practice should have limited users and access.
True
As a purchasing control, receipts should be retained and presented with monthly ____.
Statement
As a purchasing control, what should accounts payable checks that are prepared have attached to them?
Invoices
As a purchasing control, what should you require for electronic bill pay?
Invoices with a report of payables
True or False:
Patient credit balances do not need to be reviewed.
False; patient credit balances must be reviewed
True or False:
Payroll reports should be reviewed.
True
True or False:
There should be a limit on the amount of authorized individuals that can write-off balances for accounts.
True
True or False:
A transaction should be able to be deleted.
False; a transaction should never be able to be deleted. Should either be adjusted off or written off.
As a way to monitor write-offs, formal tracking of write-off authorizations should be done by ____.
Provider
As a best practice, you should perform a cash reconciliation at what frequency?
Daily
As a financial website control, a ____ should be maintained for website changes and updates.
Log
If your business deals with e-commerce, you need to establish a log procedure to track what 2 things?
1) Who makes edits
2) How edits to your website are made
As a financial website control, all changes or edits to the site should be made through who?
A designated employee
True or False:
EFT transfer bank privileges do not need to be limited.
False; EFT transfer bank privileges should be limited
In small practices, we often lack ____ to be able to separate duties according to best practices.
Staff
In small practices, policy development and execution is often ____.
Informal
In small practices, ____ reporting process does not occur.
Regular
In small practices, we often ____ our employees too much.
Trust
Within the “trust but verify” model, you must ____ duties and insist on ____.
Segregate, oversight