In accounting, a key term to know is “internal control.” Internal control is the series of processes and procedures that are performed within the organization to ensure the integrity and accuracy of the financial information and reporting of that organization. Internal control is very important to consider in order to protect the business owners, employees, vendors, investors, and other stakeholders.
In a small business, maintaining good internal control is often a challenge since staff size is smaller and resources are limited. Yet, it is essential to understand so that the business owners understand what risks they are taking every day in their businesses. A good system of internal controls can help the organization reduce the risk of fraud, safeguard against loss, and demonstrate good business practices.
Segregation of duties is the first of three key concepts of internal control. It means that tasks should be assigned to different people when there is a risk that having everything assigned to one person could hide errors or even theft. For example, the person who opens the mail and receives checks should not be the same person who applies the check to the correct customer in Accounts Receivable.
Delegation of authority is the second key concept of internal control. While the owner has ultimate control, they cannot do everything. They must delegate to staff. Staff have the responsibility to maintain internal controls in their area of responsibility.
System access is the third concept of internal control. Access to documents, rooms, computers, applications, and other items should be on a need-to-know basis to reduce risk. While one person might have system access to enter a transaction, they should not also be the one to have system access to review or approve that same transaction.
Every aspect of the business should be considered while setting up the company’s policies and procedures. In a small business, an easy way to develop internal controls is to review each major transaction flow and implement the controls needed.
On the customer side, this includes receiving the customer order, sales contracts, shipping, invoicing, managing accounts receivables, collections, bank deposits or merchant reconciliations, and cash management. It can also include customer service, pricing, and promotional activity.
On the vendor side, the process includes adding controls for vendor selection, purchase orders, receiving, bill pay, managing accounts payable, payments, managing travel and expense accounts, and company credit cards.
Depending on the company, additional areas that need to be reviewed for internal control include inventory and supply chain management and government contracts, if any.
When hiring, the process of hiring, onboarding, training, evaluating performance, and payroll should be considered. Safety is also an important consideration.
A very large part of internal control development should focus on the information technology operations of the company. Areas include user access and controls, password management, naming conventions, physical security, disaster recovery, and network and applications development, updates, and change control. Data entry should also be considered and is best included when developing controls for the customer, vendor, and employee functions.
Additional functions that need internal control processes include treasury and financing; financial reporting, budgeting, and planning; records storage, access, retention, and destruction; asset management; and insurance.
Internal controls can be applied to small businesses as well as large organizations. It’s all about being able to feel confident that your business is operating with financial integrity, accuracy, efficiency, and a reduced risk of failure. If you have questions about how internal control applies to your business, be sure to reach out to us any time.