• Home
  • For Lawyers
  • NZLS Services for Lawyers
  • For the Public
  • Branches
  • Earthquake assistance
• About us
  • NZLS Constitution
  • NZLS Council
  • NZLS Board
  • NZLS Committees
  • NZLS Secretariat
• Contact us
  • About this Site
  • Accessibility
  • Feedback
  • Sitemap
  • Web feeds
• News, submissions, publications
  • News
  • Submissions
  • LawPoints
  • LawTalk
  • Pamphlets
  • Annual reports
• Library
  • Services
  • Resources
  • News archive
  • Contact the library
  • Library catalogue

(Regulation 11)

Trust Account Guidelines contents

Accounting controls

11.1 Accounting controls are the features incorporated into the design of an accounting system to help ensure that transactions are duly authorised and correctly and completely recorded and that money is safeguarded. In relation to trust accounts of practices, they generally comprise:

• separation of individual responsibilities.
• supervision
• controls incorporated into the design of the computer system
• external controls, such as the Act, Regulations, Rules and Guidelines.

Where the effectiveness of some controls is limited by the smallness of an office, it may be possible to compensate for this in other ways, usually by more detailed supervision.

Separation of responsibilities

11.2 Separation of responsibilities in an accounting system involves allocating to individuals defined tasks that have the effect of proving the validity of their colleagues' work. For example, the operator who posts receipts entries to the trust account ledger effectively reviews the work of the cashier who wrote the receipts. Similarly, the legal executive preparing a settlement statement from the ledger effectively reviews the ledger entries. Separation of responsibilities should ensure that any decline in the accuracy or standard of work surfaces in the system.

11.3 The mail should not be opened, collected and sorted by people who operate the trust account. Similarly, those who are responsible for receiving or paying trust money should not be involved in posting entries to the trust account ledger or in preparing trust account journal entries. Where this is unavoidable in a small office, you must ensure adequate supervision of the relevant functions.

Supervision

11.4 Supervision means regular and systematic scrutiny by a person independent of those who perform the function being supervised. Supervision becomes more important in a small office where arrangements for separation of responsibilities are not practicable. In this case, you should exercise control by becoming familiar with and regularly reviewing key operations in the system. These include:

• participation in the mail opening and sorting process
• scrutiny of the journal entries
• scrutiny of lists of ledger balances and the ledger accounts themselves
• scrutiny of the monthly reconciliations.

Vacations

11.5 Vacations are important, because they create the opportunity to detect problematic areas. A good internal control requirement is that a person in a position of responsibility be absent from the office for at least two consecutive weeks. During this period, others should detect any matters that are inconsistent with established practice. Vacations over a month end for the reconciliation clerk will enable the reconciliation to be completed by someone else thereby providing an opportunity to detect any irregularities in the reconciliation.

Computer system security

11.6 It is now common even for small law practices to process their trust account records by computer, as well as practice accounts and a number of other applications which are outside the scope of these guidelines (eg, time recording and billing). In practically all applications, there will be a need for appropriate security. Advice should be obtained and proper precautions followed in the design of any system where there is a significant risk to the practice in the event of data loss or corruption.

The following relates to computer processing of the trust account records:

System access

Many practices now operate networked systems throughout the office thus giving greater access to the various databases in use. Where this is the case there should be first level access control by password at the network entry level. Each subsequently available application software should be considered for password entry control depending on the risk presented by the data held in that application.

Access to the trust account should be controlled by passwords and should give each person only the degree of access required for his/her responsibilities. Individuals will normally have defined tasks (refer guideline 11.2) and the access which the system allows each individual should reflect those tasks. For example, the accountant would have authority for the full range of accounting entries but other staff would have access only for those types of entries that they are authorised to make. Partners or directors would normally be restricted to "read only" access as they will not be trained in data entry and that will protect them and the data from their lack of familiarity with the system.

Proper procedures must be used in respect of passwords including that they are known to only the respective users, are changed regularly, are not so simple that they might be guessed by others and the passwords of staff who leave are cancelled.

Any kind of remote access arrangements (eg, from laptops or home offices) must be similarly controlled and be reasonably secure against hackers.

Some software suppliers support their customers by means of a telephone helpdesk or by sending technicians to the site. In either case, communications with the supplier should be authorised by the Trust Account Supervisor and recorded in a log. The log will give a record of problems and service calls that can prove valuable in later disputes or inquiries and accordingly the Trust Account Supervisor should scrutinise it regularly.

Controls on input

You should ensure that proper work routines and procedures are in place sufficient to ensure that input is complete, accurate and authorised, eg:

• daily routines, where responsibility for different tasks is clearly allocated.
• input batches are checked and totalled before entry.
• an input control record is in use, adequate to record what has been entered and to provide a running total to confirm that shown by the computer.
• staff training in input procedures is adequate, particularly when staff change.

Controls on output

Most trust accounting systems provide a daily summary of transactions. This should be reviewed by a senior staff person or the Trust Account Supervisor, compared with the input control record and scrutinised for any odd-looking results.

Transaction lists of receipts, payments, journals, etc are usually available in the system and should be scrutinised for any anomalies or unauthorised entries. This can conveniently be at month end when checking the monthly reconciliation. Particular notice should be taken of transaction reversals and correction entries.

Monthly lists of balances and other such information should be distributed to authors so that they can scrutinise the balances for which they are responsible and raise any queries as appropriate.

System back up and recovery

Back-up procedures should be fully documented and checked regularly to ensure they are in operation. Back-up disks, tapes or CDs should be sent offsite or placed in fireproof storage at regular intervals according to the level of transaction volume (eg, low – monthly; high – weekly or even daily).

Restoration from back-up should be tested regularly.

You should arrange for hardware facilities to be available in the event your system is damaged, destroyed or stolen in a burglary.

General

It is prudent to document the system and procedures as they apply to your office, in a form that facilitates introducing new staff to their role and minimising disruption when a person leaves.

Selection and installation of new computer systems

11.7 Before installing a system, you should carry out adequate research to ensure that a proposed installation will be suitable for the needs of your practice in all aspects of computer processing.

The NZLS Inspectorate maintains a software contact schedule that lists known available trust accounting software packages. This schedule lists software names and company contacts who can give you further information about the features and prices of their product. Before contacting these software houses, it is suggested that you consider your needs for:

• trust accounting and reporting.
• time and cost recording.
• practice accounting and management reporting.
• debtors control.
• compatibility with other applications such as Word, Excel, Landonline and the internet.

You should then prepare a request for proposal to send to each software house selected to submit, detailing your system needs. The software house should respond with a comprehensive proposal, ideally presented to your practice in person. Before making the final choice, you should:

• Make inquiries about the vendor/author, how long the system has been in existence, how many installed sites it has in New Zealand, what arrangements and staff are available for support of your system, and the financial stability of the vendor.

• Consider the impact these changes are going to have on your existing hardware installation. Will the software changes require a major upgrade to the hardware in your office?

• Make contact direct with existing users for a frank discussion on the performance of the system.

• Confirm that the capacity of the system is appropriate to your practice and its likely future needs.

• Consider seeking professional advice before making a decision.

• Consider the extent of education and training for key staff members who will operate the system, and for users who must understand certain parts of it. Ensure this is adequate and that ongoing support will be readily available.

When converting to the new system, the following areas require attention:

• Initially training will be guided by software house personnel. Thereafter, features should be introduced on a step-by-step basis, at a rate that the staff can absorb – eg, trust accounting functions, one month; time and cost records, the following month. System transfer time is often underestimated and can be a stressful time for staff involved.

• Permanent information such as names, addresses, account codes should be entered before the planned conversion dates so that only the balance need be entered on the day.

• Consider keeping the old system ready to be restarted for a period in case the new system is not fully successful.

Desktop banking

11.8 ‘Desktop banking’ or other electronic banking transactions also require security measures. A desktop banking system for trust money should incorporate adequate safeguards in its design including:

• Transfer of funds from the trust account should require the involvement of two people specifically authorised for this purpose (ie, the person preparing the transfer and the release authority). These systems have their own bank developed release processes and these should be dovetailed with your own payment authority structures.

• Partners, directors and staff should have the same duty to preserve the secrecy of their passwords as applies in respect of EFTPOS cards.

• The ability to check payee bank account details on a payment requisitions (or equivalent) against an encoded deposit slip or client details previously recorded.

• Display of transactions on the screen or printout in advance of release, for inspection by the payment authority.

• Confirmation when funds have been transferred. This is normally a bank generated “funds sent” report, which should be retained as part of your payment support records.

• Such transaction displays, when released, to be sequentially numbered and retrievable on the screen for (say) the previous six months.

• Equivalent transaction reports with the same sequential numbers to be printed out and filed sequentially.

• The ability to store schedules of payee details for regular payments such as interest.

• Other procedures and precautions as recommended by the bank supplying the service.

Retention of trust account records

11.9 Regulation 11(5) provides that trust account records relating to a client must be retained by the practice for at least six years after the last transaction is recorded in them. There are, of course, a number of other legal obligations to retain trust account records for particular periods, such as obligations in respect of income tax and GST. No attempt is made in these guidelines to list all such obligations.

11.10 On the death or incapacity of a sole practitioner, his or her trust account records must be retained by the successor to the practice or disposed of as required by Regulation 11(5).

11.11 Unused stocks of trust account receipts, trust account cheque forms and other trust account forms should be kept in a secure place and details of holdings and usage recorded.

11.12 Detailed guidance on retention of records is available.

Trust Account Guidelines contents