If you engage a bookkeeper/BAS agent to make payments on your behalf, you need to take care of security issues as this can be risky.
Ensuring you have appropriate procedures and security controls in place and that you and your staff follow these at all times is very important. Inadequate internal controls can leave the door open for client records to be compromised.
As a minimum, the ATO recommend that you:
- Use individual user login details and passwords for all systems where this is possible, including laptop computers, and these are kept private at all times.
- Regularly change all passwords.
- Remove user access and change shared passwords immediately when a staff member leaves.
- Ensure staff do not leave online portals open, and lock computer screens when unattended.
- Encrypt computer files where possible.
Instigate a financial controls policy.
- Document your financial controls process.
- Ensure you know who has access to your banking details.
- Limit access to financial records and processes to approved users.
- Have a specific written agreement on the roles and level of access/authority of management, the bookkeeper and anyone else involved in making payments on behalf of the owner.
- Give specific authority to anyone making payments on your behalf. This may be unique to each payment or it may be an agreed authorisation covering certain payments over a given period of time.
- Ensure you understand and authorise all payments being made on your behalf. Regularly check your bank to ensure you recognise all payments made.
- Consider involving two people for the authorisation process.
- Where possible, ensure payments to be made are entered into the accounting software program and linked directly to the bank payment transaction.
- Periodically review the process and who is authorised to make payments on your behalf.
- Periodically review payments made, for example, check for duplicate bank numbers, check that amounts paid to known suppliers match what is in the accounting software and supplier documents.
Please let us know if you would like us to provide you with templates to use for authorisation, financial controls policy and payments checklists.
© The Institute of Certified Bookkeepers