Internal Controls Best Practices
While you cannot control what affects your business from the outside, you can (mostly) control what affects your business from the inside. Internal controls not only protect the financials of your business, they also ensure compliance with policies and procedures, track the efficiency of how your resources are used, and indicate whether or not your goals are met. While businesses typically have existing internal controls in place, many are lacking the full scope of what should be included.
Internal controls are typically organized around five main parts:
- Control Environment
- Risk Assessment
- Control Activities
- Information and Communication
- Monitoring Activities
By focusing on the control environment, your business sets the tone for what employees should expect and what is expected of them. This includes the mission, values and philosophy of your business. The key leadership within your business needs to adhere to these environmental standards and establish an environment that is organized to foster growth within your staff and your business.
- Create an environment that supports the established internal controls.
- Exhibit honest and ethical behavior and your employees will feel inclined to do the same (potentially mitigating your risk of fraud).
- Hire employees who are the best fit for the position and for the business.
- Assign roles and responsibilities for all staff members and leave no room for interpretation.
By assessing the risks of your business, you will be able to better identify and manage internal and external sources that could slow or prevent the success of your business. These include risks to your accounting and audit processes, compliance and your risk of fraud.
- Look for red flags that indicate employee fraud and embezzlement such as payments to credit card companies that are slightly larger than expected or business card charges for non-business activities. If something doesn’t look right, dig deeper.
- Check the account statements of your business, either by reviewing your paper statements each month or monitoring your activity online, to mitigate fraud. If you have online banking, set up email alerts that send out notifications when account activity occurs.
Control activities are policies and procedures to support the success of business objectives and to mitigate risks previously identified. This includes employee training and outlining the roles and responsibilities of each person.
- Limit online banking activity to include only what each user needs to engage in.
- Make sure that financial duties have dual control or are segregated. For example, the bookkeeper should not be in charge of recording expenses, signing checks making deposits and reconciling the bank accounts. Always designate different people to support your back office functions, with the owner or CPA as gatekeeper.
Information and Communication
Information and Communication is essential for employees to fully understand and carry out their assigned activities in the internal control process.
- Address any changes in roles or responsibilities among employees, as well as any activities that affect one or more employees in your business.
- Clearly communicate with employees the policies, proper use and security of confidential information such as customer and employee information and financial data.
- Establish the roles, responsibilities and rights when setting up multiple users to access online banking features to avoid any duplicate or missing processes.
Monitoring is important to catch inherent risks such as reoccurring issues or too many (or too few) people managing a system. It is also necessary when there is a change in personnel or processes or significant business growth.
- Evaluate your internal controls when new technology is implemented, such as online banking. New opportunities could mean improved efficiency in staffing and resources.
- If a position isn’t filled or two positions are consolidated, make sure all roles and responsibilities for the positions are covered by another employee.
Without internal controls, it is difficult to track the efficiency of your operating departments and how your business is performing. There is also a greater chance that your financial reports will be inaccurate and you’re less likely to be compliant with laws or regulations that apply to your business. By having internal controls in place, you have more control over how your business operates, set standards of behavior for employees and ensure the success of your business’ processes.