Below is an article written by Dave Robinson, co-founder with his brother Ben, of Driven Insights. It shows a different perspective on Internal Controls from what I teach students in my classes at Rhode Island College (a more classical approach). This article provides a more common sense approach for small businesses who don’t have the luxury of large staffs.
Are you tired of inaccurate financial reports? Do you lay awake at night wondering if someone might be exploiting your systems for personal gain? Are you confident your data is secure?
It is critical to have the right internal controls as they help ensure:
- you’re operating within the law,
- your information is accurate and secure and
- no one is exploiting weaknesses in your system for personal gain.
- The typical organization loses 5% of revenues each year to fraud
- Small businesses are both disproportionately victimized by fraud and notably under-protected by anti-fraud controls, a combination that makes them significantly vulnerable to this threat
We recommend implementing internal controls for small business that address compliance, taxes, data security, fraud protection and more. We take a closer look at each of these in the sections below.
You need to know the laws and regulations that apply to your business and make sure your systems comply with their requirements. For example, do you know how you need to store customer credit card numbers or employee social security numbers? Failure to comply can be time-consuming, expensive and damaging to your reputation, so you need to do all you can to ensure compliance now. Additionally, many stakeholders (such as lenders or investors) will require financials in compliance with GAAP (Generally Accepted Accounting Practices) so be certain your team understands what this entails.
Do you have a great CPA who you trust implicitly? Keep in mind that there is no room for shortcuts – or errors – at this step. You need a trusted advisor to make sure you’re addressing income, payroll, sales and use taxes. More specifically, you need to know what rules apply to your business, and what the process is for paying these taxes (by what deadlines and along with which forms). What is the frequency for paying taxes? Can you produce confirmation that the last three payments were made on time and for the correct amount? These are the types of tax questions your team should be prepared to address.
It’s also in your best interests to have controls related to data security. For example, are all confidential files locked away in a filing cabinet or office? Are all IT accounting systems password protected with robust password management policies? Do these systems offer login audit trail reports? Data security is critical, so make sure you’re doing all you can to protect sensitive information.
Fraud can largely be prevented through separation of duties. For example, create a process where one person collects and deposits receipts while another records accounts receivable. This should be similar for payroll and accounts payable where bank statements are reconciled by someone other than the person responsible for issuing checks.
We’re all human. We make mistakes. Some level of errors is to be expected. But your internal controls should protect against these errors going undetected. Your monthly closing process is a great place to embed these checks and balances. For examples, reconciling the bank, cash, and credit card accounts each month is a simple way to catch mistakes. Another is to print out the year-to-date profit and loss reports each month and study them for any inconsistencies. A fresh set of eyes proof reading reports in search of abnormalities goes a long way toward creating error free books.