In accounting, a
key term to know is “internal control.” Internal control is the series of
processes and procedures that are performed within the organization to ensure the
integrity and accuracy of the financial information and reporting of that
organization. Internal control is very
important to consider in order to protect the business owners, employees,
vendors, investors, and other stakeholders.
In a small
business, maintaining good internal control is often a challenge since staff
size is smaller and resources are limited. Yet, it is essential to understand
so that the business owners understand what risks they are taking every day in
their businesses. A good system of internal
controls can help the organization reduce the risk of fraud, safeguard against
loss, and demonstrate good business practices.
Key Concepts
Segregation of
duties is the first of three key concepts of internal control. It means that
tasks should be assigned to different people when there is a risk that having
everything assigned to one person could hide errors or even theft. For example, the person who opens the mail and
receives checks should not be the same person who applies the check to the
correct customer in Accounts Receivable.
Delegation of
authority is the second key concept of internal control. While the owner has ultimate control, they
cannot do everything. They must delegate to staff. Staff have the responsibility
to maintain internal controls in their area of responsibility.
System access is the
third concept of internal control. Access to documents, rooms, computers,
applications, and other items should be on a need-to-know basis to reduce risk.
While one person might have system access to enter a transaction, they should
not also be the one to have system access to review or approve that same
transaction.
Business Operations
Every aspect of the
business should be considered while setting up the company’s policies and
procedures. In a small business, an easy
way to develop internal controls is to review each major transaction flow and
implement the controls needed.
On the customer
side, this includes receiving the customer order, sales contracts, shipping,
invoicing, managing accounts receivables, collections, bank deposits or
merchant reconciliations, and cash management. It can also include customer
service, pricing, and promotional activity.
On the vendor side,
the process includes adding controls for vendor selection, purchase orders, receiving,
bill pay, managing accounts payable, payments, managing travel and expense
accounts, and company credit cards.
Depending on the
company, additional areas that need to be reviewed for internal control include
inventory and supply chain management and government contracts, if any.
When hiring, the
process of hiring, onboarding, training, evaluating performance, and payroll should
be considered. Safety is also an
important consideration.
A very large part of
internal control development should focus on the information technology
operations of the company. Areas include user access and controls, password
management, naming conventions, physical security, disaster recovery, and network
and applications development, updates, and change control. Data entry should also
be considered and is best included when developing controls for the customer,
vendor, and employee functions.
Additional
functions that need internal control processes include treasury and financing; financial
reporting, budgeting, and planning; records storage, access, retention, and destruction;
asset management; and insurance.
Internal controls can be applied to small businesses as well as large organizations. It’s all about being able to feel confident that your business is operating with financial integrity, accuracy, efficiency, and a reduced risk of failure. If you have questions about how internal control applies to your business, be sure to reach out to us any time.
Want all the latest from us right to your email?