Does Your Business Have Its Internal Controls in Place?
We are approaching mid-year, making it the right time for a company to assess whether it has the proper internal controls. Business owners should put measures in place to protect the company’s financial and management data. Internal controls establish a process for how your business handles receiving and reporting money and administrative and management tasks. Below are the internal controls all companies should have in place.
Segregation of Duties
Segregation of duties is the assignment of work. The responsibilities are divided or segregated among different people to reduce the risk of error or inappropriate actions. Segregation of duties is an essential building block of sustainable risk management and internal controls for a business. The intent behind segregation of duties is to eliminate instances in which someone could engage in theft or other fraudulent activities by having excessive control over a process. An example of segregation of duties is the person receiving and signing checks is different than the person with access to the general ledger to make journal entries.
Physical controls secure a company’s equipment, inventories, securities, cash, and other assets. This security can occur by using locks, safes, or other environmental controls. Access is restricted to those with the authority to handle them.
Reconciliation is the process of comparing transactions and activities to supporting documentation. Reconciliations are comparisons between similar records maintained by different people to verify that transaction details are accurate and that all transactions are correctly recorded. Specific examples include performing a reconciliation from bank statements to check register/records and balancing/reconciling cash on hand to sales or transaction activity on the cash register totals.
Policies and Procedures
Established policies, procedures, and documentation that provide guidance and training to ensure consistent performance at a required level of quality. These should be available at all levels of the organization.
Transaction and Activity Reviews
Management’s review of the transaction, operating, and summary reports help to monitor performance against goals and objectives, spot problems and identify trends. Specific examples include a monthly review of budget statements to actual expenses, phone call activity reports for personal or non-business-related phone calls, and a review of timecards and overtime hours by employees.
Information Processing Controls
When data is processed, various internal controls are performed to check the accuracy, completeness, and authorization of transactions. Data entered is subject to edit checks or matching approved control files or totals. Numerical sequences of transactions are accounted for, and file totals are controlled and reconciled with prior balances and control accounts. Development of new systems and changes to existing ones are maintained, as is access to data, files, and programs.
Establishing and using internal controls is vital for businesses of any size. While internal controls cannot always prevent fraud, in normal circumstances, they can help detect fraudulent activity. Internal controls can also ensure that financial statements are prepared both timely and accurately while addressing any assertions made in the completed financial statements. Establishing internal controls can set the tone in a business. A business that does not correctly develop internal controls is far more likely to experience multiple issues than a business with strict internal controls.