Are internal controls necessary for my small business?

Internal controls are policies are procedures put in place to ensure continued accuracy and reliability of accounting systems. They are put in place to enhance financial integrity, control errors, and prevent fraud. According to the Sarbanes-Oxley Act of 2002, internal controls are corporate governance measures that businesses put in place to safeguard investors from fraud.

During an audit, the auditor will examine the effectiveness of your business’ internal controls to assess the level of compliance with laws and regulations and the accuracy of financial information provided in your financial statements; and then they give an opinion. Therefore, it is the responsibility of business owners/managers to set up and effectively manage internal controls.

Internal controls are in two major categories:

1. Preventive Controls

These are measures put in place to prevent accounting errors and fraudulent activities from occurring. Preventive controls are proactive and focused on quality.

Some of these measures include:

• Separation of duties such as bookkeeping, deposits, reporting and auditing.
• Controlling access to different parts of an accounting system via passwords, lockouts, and electronic access logs.
• Standardizing documents used for financial transactions, such as invoices, internal materials requests, inventory receipts and travel expense reports.
• Requiring specific managers to authorize certain types of transactions adds a layer of responsibility to accounting records.
• Having formal policies and procedures for sourcing, bidding, and purchasing goods and services.
• Generating and storing critical supporting documentation.
• Documenting accounting policies and procedures to help accounting and finance staff understand and follow formalized rules and maintain consistent controls.
• Outsourcing certain business functions (such as payroll, human resources, benefits, bill payment, accounting, compliance, customer service, or IT services) to third party service providers.
• Having formal policies for full and complete accounting and approval processes for every corporate credit card transaction incurred by every employee and business owner. In addition, each employee should have a defined spending limit.
• Pre-approval of actions and transactions (such as a Travel Authorization).

2. Detective Controls

These are measures put in place to identify missing accounting information with the aim of detecting errors and fraud after the transaction has occurred. Detective controls provide evidence that preventive controls are operating as intended.

Some of these measures include:

• Physical audits such as hand-counting cash and any physical assets tracked in the accounting system, such as inventory, materials, and tools.
• Using a double-entry accounting system adds reliability by ensuring that the books are always balanced. Calculating daily or weekly trial balances can provide regular insight into the state of the system.
• Occasional accounting reconciliations can ensure that balances in your accounting system match up with balances in accounts held by other entities including banks, suppliers, and credit customers.
• Review organizational performance (such as a budget-to-actual comparison to look for any unexpected differences).
• For employee travel and personal expense reimbursement, every employee should prepare an expense report addressing all business-related expenditures. Included in the report should be supporting receipts above a specific threshold amount established by the business.

Conclusion: There is no one-size-fits-all formula to setting up internal controls. Internal controls are designed to fit the needs of your business in order to enhance operational efficiency.