Who or what is in control of your business? Can you see the horizon? Do the controls allow you to see impending danger? Do you crash and then look for the warning signs that you missed that could have prevented that crash? How do your internal controls in your business measure up to standards within your industry? Careful consideration of these questions will reveal what is your approach and response to risk and whether you are willing to take the time to consider the risks that may be preventing your business from growing, and whether you care enough to put in place, those internal controls that will assist you in a softer and profitable landing. Its time to kick your business into safety gear.
The Need for Internal Controls
If you have ever baked a cake from scratch, you will know that you must control the timing of when to add the wet ingredients and when to add the dry ones, so that you minimize the risk of the cake flopping, or not gaining the right consistency. Similarly, you must control the temperature of the oven or you risk the cake being burnt to a crisp and end up in a total loss. Such a loss would include time, labor, and materials. So too, the implementation and proper execution of a robust internal control system in your business enhances and further ensures the outcome of accurate and timely financial information and reporting and minimizes loss. The illustration at the left is intended to give you a visual display of the need for internal controls at every level and within each department of your organization. To successfully achieve your mission, goals, and objectives you must do so with a plan that would mitigate risk that may threaten your organization on every side.
General Internal Control Measures
Adopt a conflict of interest policy
In addition to adopting a conflict of interest policy, it is wise to monitor and ensure compliance with this policy. For instance, you may wish to monitor that the supervisor of the accounting department does not bear a close and intimate relationship with the person recording cash in the same department as the supervisor.
Introduce a whistleblower policy
Someone in your organization may wish to inform you of an illegal act that is occurring in your organization. Such a person may be more willing to do so once he is aware that there is a whistleblower policy in place to protect him.
Develop a Retention and Destruction of Documents Policy
The requirements for the retention and destruction of documents in your organization may vary for audit purposes or for IRS purposes. Such a policy relates in part to how long you are required to maintain accounting records. It is advisable that you review the AICPA’s Filing and Record Retention Procedures guide, in addition to the IRS Regulations, state and local government retention requirements before you finalize you own retention and destruction of documents policy.
Routine Internal Control Measures
Segregation of Duties
Minimizing the risk of fraud and errors may include having more than one person involved in certain activities such as the custody of assets, authorization or approval, and the recording and reporting of accounting transactions. The segregation of duties is therefore particularly important and equally advisable in areas such as the receiving of cash, cash disbursements, payroll, procurement and the receiving of goods.
Code of Conduct
Having a robust code of conduct lends support to the mission of your organization. Have you determined what are the proper practices and responsibilities of your organization? If you have not yet done so, please develop and implement a code and have everyone in your organization, including directors sign off on them and confirm that they have read them. A Code of Conduct adds safety to your organization and it addresses issues such as sexual harassment, inappropriate language both verbally and written (business writing), relationships with vendors and suppliers, and matters of confidentiality, bribes and kickbacks, and use of equipment in the workplace.
Many organizations have embraced electronic systems for their business operations and have experienced reduced costs of doing business. Computerized systems come with many advantages for the safeguarding of a company’s financial records. However, there still exists a great need for internal controls so that these advantages may continue to abound to the well-being of the organization on a whole. Be sure to require IDs and passwords for accessing your business records on computerized systems. Prohibit the sharing of passwords and control remote access to your systems as well. These added internal controls to your computerized systems will minimize the risk of errors, help in identifying violators of these internal controls and help to prevent the risk of leaking confidential information.
What are some risks that are peculiar to the industry in which your company operates, and peculiar to your company? If you have not done such a risk analysis or you are unsure of how to begin, let us help you identify those risks NOW. In addition to identifying those risks with you, we will also assist you in developing a winning internal control system that will minimize those risks and equip your company with a robust internal control system that will keep your business running profitably with you as a formidable leader in your industry.