What are internal controls and what do they do for my business?
Internal controls are processes and procedures that are in place to safeguard the assets of a business. This is a short summary of the purpose of internal controls, and is intended to encourage small businesses to understand and strengthen their internal control system.
While the term “internal controls” cause a reader to think of expensive and time consuming procedures that are only feasible to large organizations, this is an important part of every business management strategy. Small businesses can implement simple and common sense ideas that will strengthen the accounting system and business as a whole.
A well designed internal control system begins with an assessment of the risks that face the organization. By evaluating the risks, managers can target areas that are potential for error or abuse and can tailor the control to fit the specific need. Internal controls should be focused on two specific points: prevention and detection. An effective system will be a combination of both types of internal controls. Controls such as segregation of duties, preapproval requirements for dispersals, computerized tracking of workflow, and limited access to company assets or data, or the use of bank lockboxes all prevent an error from happening. Actions such as requiring double signatures, review of cash transactions and bank reconciliations, physically inspecting and counting of shipments and inventory, as well as audit procedures are controls that can be implemented to detect errors after they have happened.
Internal controls are important to small businesses for four predominant reasons:
- Assure accurate accounting records
- Combat Fraud
- Comply with regulations and outside parties
- Preserve reputation.
Ensure Accurate Accounting Records
Astute business owners and managers understand the value in accurate financial numbers. In today’s competitive business environment, accurate financial numbers are a key component in making sound management decisions. Beyond management decisions, accurate financial data will generate an accurate tax return, accurate statements for lender or shareholder reports, and are the cornerstone of a well-managed company.
Fraud is a lot closer than it may appear. Fraud can happen in any organization, and it likely happens to some degree in nearly every organization. It may be as small as petty larceny or inaccurate employee time recording, to as large as embezzlement or “white collar” financial statement crime. The 2016 ACFE Report to the Nations on Occupational Fraud and Abuse continues to report that an estimated 5% of revenues are lost to fraud every year. Small businesses are not immune to fraudulent acts. Controls are needed to address the three points of the fraud triangle; opportunity, pressure, and rationalization. Preventive controls are focused on removing the opportunity for fraud to take place. Segregating duties so more than one person is responsible for each transaction reduces the opportunity window. Equally important is the detective controls. Fraudulent events can begin when a person makes a mistake and later realizes the error was not caught. This lack of detective controls, in turn, creates an opportunity for a small mistake to turn into a potentially crippling continuing fraudulent situation, as the person now understands how to exploit the company to one’s advantage. One of the highest deterrents to fraud is the fear of being caught and detective controls are a leading driver in catching fraudulent actions.
Comply With Regulatory and Outside Parties
All publicly traded companies have a regulatory requirement to maintain a sufficient level of internal control over the company’s assets. Companies and governmental units under audit will be assessed on the risks that they face and the controls in place to mitigate those risks. Even small businesses could be asked by lenders or owners/partners to define what controls are in place to eliminate the risks of misstatement or misappropriation.
A positive reputation is a key ingredient in successful business. A reputation can be marred through poor financial control such as errors in billing, payments, or the inability to meet obligations. Media coverage of potential fraud or misappropriation has as unfair negative impact on the organizations that fall victim to the crime. Although the preservation of reputation is not often a focus when designing internal controls, the lack thereof will increase the likelihood of failure.
If you have any questions on implementing internal controls for your business, please request a complimentary accounting consultation or contact us at (616) 642-9467.