BANK ACCOUNT RECONCILEMENTS Page 3
Risk Assessment - Risk is the possibility that an event will occur and adversely affect the achievement of objectives. Risk assessment is the
process used to identify and assess internal and external risks to the achievement of objectives, and then establish risk tolerances. It is the
basis for determining how risk will be managed.
Control Activities - The actions and tools management establishes through policies and procedures that help to detect, prevent, or reduce the
identified risks that interfere with the achievement of objectives and to respond to risk in the internal control system.
An integral part of the control activity component is segregation of duties. However, in very small governmental units, such segregation may not
be practical. In this case, compensating activities should be implemented which may include additional levels of review for key operational processes and
random and/or periodic review of selected transactions. In smaller units, these reviews and testing of processes might be performed by governing boards
or other elected officials.
There is an expectation of segregation of duties. If compensating controls are necessary, documentation should exist to identify both the areas
where segregation of duties are not feasible or practical and the compensating controls implemented to mitigate the risk. Clear documentation should be
maintained for continuity as well as ease of communication to outside parties.
YES NO
1) Does management identify, analyze and respond to risks regarding the preparation and review of the bank reconcilement?
a. What areas have been identified regarding the preparation and review of the bank reconcilement that may be exposed to risk?
i. Risk factors may include non-compliance with statutes, changes in management or employees, competence and experience
of personnel assigned to the bank reconcilement process, findings reported in prior audits regarding the bank reconcilement,
new accounting system, new technology allowing alteration of documents, volume of receipt and disbursement transactions,
susceptibility of fraud occurring in receipting and disbursing activities (including both misappropriation of assets and fraudulent
financial reporting), bank errors and various fees not investigated timely, nonsufficient checks received and no timely follow up,
insufficient documentation, interest and finance charges, unauthorized access to accounting applications, override of system
controls, etc.
b. Does management analyze the identified risks to determine the effect of risk on achieving a correct bank reconcilement? For
example, does management consider how likely the risk will occur, if the risk is based on complex or unusual transactions, if the
risk is based on fraud, etc.
c. How has management addressed risks associated with using computerized accounting records, such as unauthorized access
to applications or data, potential loss of data, and reliance or inadequate systems that may adversely affect internal control?
d. How has management responded to identified risks? For example, management may accept the risk and take no action,
choose to eliminate certain processes to avoid the risk and/or institute proper internal controls.
e. When needed, does management go back to the governing board to enact or modify policies that will that will clearly define
these areas?
2) Does management clearly define proper procedures for the preparation and review of the bank reconcilement to enable the
identification of risks and to define risk tolerances? Written procedures should be clear and address items such as who will be
involved in the bank reconcilement process, how a correct bank reconcilement will be achieved and when will proper bank
reconcilement procedures be in place.
3) How does management prevent fraud and errors in the accounting records, which are used to compute cash and investment
balances? For example, are important internal control procedures in place such as approvals, regular preparation or review of
reconciliations, review of supporting schedules or reports, etc.?
4) Is management continually aware of changes, both external and internal, that could affect a correct bank reconcilement? If yes,
does management determine any modifications needed in the internal control process to adopt to these changes?
5) Did the governing board or management incorporate external requirements, such as state statutes and Uniform Compliance
Guidelines?
6) What procedures are in place to ensure that the information reported on the bank reconcilement is correct and reflective of the
accounting records and the bank reconcilement is performed monthly?
7) Are employees involved in the bank reconcilement process bonded?
YES NO
1) Is there a system of checks and balances (segregation of duties) to ensure a correct bank reconcilement?
a. Are responsibilities for reviewing the bank reconcilement segregated from those preparing the bank reconcilement?
b. Are responsibilities for preparing the bank reconcilement segregated from those involved in receipting and disbursing activities?
c. Are responsibilities for preparing a reconcilement between the receipts ledger and the credits to the bank account segregated
from those involved in the receipting process?
d. Are responsibilities for preparing a reconcilement between the disbursements ledger and the debits to the bank account
segregated from those involved in the disbursing process?