Every Company Needs Good Internal Controls
As a business owner or entrepreneur, often your primary focus is on your business operations. Administrative tasks and creating rigid structure are normally not top of mind while you’re building your brand. Unfortunately, however, lack of internal controls can have devastating consequences for businesses of all sizes. It’s not “just” theft or blatant fraud, to which businesses lose billions of dollars each year, but smaller losses that can occur every day due to lackadaisical controls. These might include penalties and fees, shrinkage of supplies and inventory, time theft, and many more costs.
Did you know that fraud is more prevalent than you may think? According to recent PWC survey, almost 50% of companies have experienced at least one incident of fraud in the past 24 months. Over 40 % of fraud are perpetuated by someone within the organization. (https://www.pwc.com/gx/en/services/forensics/economic-crime-survey.html). Small organizations are the most common victims or targets of organizational fraud, but also have the most to lose. This is why as a business owner or entrepreneur, you need to take the necessary steps to make sure you are protected.
Successful and effective fraud prevention programs require effort and planning, but the results are well worth the investment. And establishing a robust system of internal controls, such as segregation of duties, to prevent fraud is the best and most cost-effective method to limit exposure and business losses because of fraudulent activity.
What is the Purpose of Internal Controls?
One of the key functions of internal controls is to mitigate risk. When used effectively, they promote accountability and consistency in the business, which can help to prevent a variety of issues and mitigate major business risks, including our “top 4”:
Errors (“unintentional” fraud)
You might think internal controls are just there to prevent theft, but that is just the beginning! There are many adverse conditions a business could suffer if financial information is misstated (including fines and penalties, loss of credit and credibility).
Internal controls also help reduce errors by defining procedures and protocols to reduce employee mistakes. Internal controls, like employee training, may start with an orientation and continue with ongoing programs like learning a new work process or computer system. Common basic controls including timely reconciliation of bank and credit card statement to ensure that your bank balance and financial information are both accurate and complete.
The “tone” of every organization is set at the top. When management implements a solid internal control structure, it communicates the organization’s values and sets the expectation that risk will not be tolerated. This influences the control consciousness of its people and creates an environment of awareness, which in many ways is the basis for an effective control in the first place.
By documenting processes and having established control procedures, you have effectively become more efficient already! Each employee can follow the process rather than spending time recreating the process over each time it is done. Well-documented and defined roles and responsibilities also help to ensure that every task is done by one and only one person, limiting confusion and overlapping responsibilities.
Types of Controls
There are three main types or categories of internal controls: preventative controls, detective controls, and corrective controls.
Preventive controls prevent something from happening and are processes designed to stop fraudulent activities from occurring. Keep in mind that internal controls to prevent fraud and misappropriation remove the ability to commit fraud or conceal fraudulent acts.
Detective controls will detect when something has happened. Ideally, these controls will discover an issue before it can become a significant problem.
Corrective controls are implemented when a gap is identified, or when detective controls discover a problem. These controls could include disciplinary action or implementation of new preventative and/or detective controls.
Typical Controls for Small Business
Segregation of Duties
Internal controls are important for ensuring the separation of duties in order to avoid conflicts of interest, reducing the risks of financial mismanagement and fraud. Segregation of duties creates a system of checks and balances so that no one person can control an entire function without a review or access to every piece of information.
In other words, the basic idea underlying separation of duties is that no employee should be in a position to perpetrate as well as conceal errors and fraud in the normal course of their duties. This may be difficult for small businesses to enact due to staffing levels, but good business leaders can “get creative” to make sure the bases are covered in important areas.
Social Engineering Training
Social engineering fraud is the art of influencing individuals to disclose information and getting them to act inappropriately. Note that the weakest link in any organization is human. When a fraud loss occurs, responding effectively is important.
Social engineering training ensures that the situation is managed well and that the impact on your business is mitigated. It is important to implement procedures to thwart phishing and other infiltration attempts.
Review is the process of reviewing and assessing your business’s numbers. And asking questions and employing a professionally skeptical “show me” attitude is a control in itself. It provides awareness that management is engaged in all aspects of operations and that confirmation of controls is being enforced.
You should also use the right physical control to secure any business assets. A good physical control will give appropriate access to the specific individuals that require it. Examples include keeping cash in locked cash drawers and securing inventory in secure locations. You should also regularly check the existence of your inventory, such as counting cash at the end of the shift or regularly checking inventory counts.
Keep your bank accounts secure with users having appropriate access. It is vital to secure your office or facility with some level of access – keys, badges or electronic codes. From a cybersecurity perspective, electronic controls can also protect your business or company from the risks that can compromise an IT environment. Phishing and spam filters can help keep your systems safe from ransomware and hacking – all of which are on the rise!
Management’s proactive approach toward detecting and preventing fraud, coupled with effective internal controls, can decrease the opportunities to commit fraud, instilling an ethical culture within a business organization.
Unfortunately, many small businesses do not realize their weak systems or lack of systems until the fraud has already occurred. As a business owner, making sure that you’ve appropriate internal controls and procedures in place will help provide the peace of mind necessary to continue doing what you do best. Keeping controls top of mind and staying vigilant is key!
Of course, if you need help understanding and implementing the proper internal controls for your business, a Fractional Finance team from PPS Solutions is always ready to help. Working with business owners and entrepreneurs, we can review internal controls that are in place and then recommend additional controls in order to increase effectiveness, efficiencies and mitigate potential frauds from taking place in your business. Please find out how we can help today by booking a consultation at www.ppsfinance.com!