News headlines involving embezzlement, fraud, data breaches, and other scandals may have you nervous, especially during the current economic climate. “What is happening within my organization?” might be a thought regularly occurring in your head. After all, fraud is one of the most common ways that companies lose money.
To protect your business from fraud, you must continually evaluate internal controls. These protocols help keep a business safe from specific types of company risk.
Incorporating internal controls can ensure the effectiveness and efficiency of operations and support reliable reporting.
These Internal Controls Can Protect Your Company
According to the Association of Certified Fraud Examiners (ACFE), organizations can reduce the impact of fraud by pursuing internal controls and policies that actively detect fraud. Some examples may include management review, account reconciliation, and surveillance/monitoring.
Here are four other simple and straightforward internal controls for your company to consider:
1. ACH Payments
Do you have a custom signature stamp for your office? If you do, we advise against this option. Even if you keep it locked up or only allowed specific employees to use it, there are still issues with this kind of system.
A better option is to implement an electronic system such as Automated Clearing House (ACH) payments. By sending payments through ACH, businesses can use fewer resources than traditional paper checks, and they can more easily track income and expenses with electronic records.
2. Separation of Powers
Separation of powers is as crucial to your business as it is to the government. When one person has all the power, the system is likely to fail. Just like a system of checks and balances, having dual control in place is ideal for any business.
One employee can be responsible for setting up ACH payments and wire transfers, while another employee can be responsible for approving these numbers.
Reviewing and catching critical errors is a vital part of this process. If there is oversight by more than one person, the possibility of theft and fraud significantly decreases. When dual control is in place, the system can often be effective in combating asset misappropriation.
By practicing the separation of powers, three main functions are able to occur:
1. Custody of assets
2. Authorized use of assets
3. Record keeping of these assets
It might seem that having two employees dedicated to managing assets is overkill for your small business. While it might be challenging to achieve, it should be implemented whenever possible to improve the overall performance of the organization.
3. Single User/Password
Every day you and your employees access websites to conduct business as usual. Many companies share one login to their bank, accounting software, credit card, and other financial accounts. Where do you store your vital login information? In a spreadsheet? On your phone? Printed out and next to your computer?
Either way, these are not secure ways to save your password information. These logins are so easy to hack and steal that it is up to your company to protect itself.
Make sure each user/employee is set up as an authorized user, and you can set the rights for each person. You can also research inexpensive and secure apps or websites to hold your logins, ensuring that the hacking rate drops significantly. When people leave the organization, make sure to delete the username and change common passwords.
4. Expense Reimbursement
Implement a process for all employees to follow regardless of hierarchy. Make sure to have an annually updated policy and require receipts/invoices over a certain dollar amount.
If you have corporate credit cards, you can utilize merchant category codes to restrict the types of goods/services for which they are used. For more information on this process, you can reach out to your card company for assistance.
How Should Internal Controls Be Implemented?
Has your business ever completed an internal control audit? If not, this is a great place to start. By completing an audit, the effectiveness of any current controls is tested, and the audit can also highlight weak points for the company.
When your organization takes part in an audit, there are essential processes and paperwork that need to be reviewed by a CPA. Having a set of eyes outside of your organization can be vital to the success of this audit.
While it might require preparation and a lot of documentation, the result will provide your organization with information that is consolidated all in one place, making it easy to access financial reports and statements in the future.
The implementation process itself can be quite an undertaking for a company to manage itself. For this reason, we recommend you find an expert to take on and manage this audit.
How Often Should Internal Controls Be Updated?
All of your company’s internal controls should be updated yearly. One easy way to remember to do this is to make it part of your annual shareholder meeting where the control details can be documented and voted on.
While these are examples of simple internal controls to implement, the Signature Analytics team of experts can make recommendations based on your industry and the nuances of your business.
If you need assistance, please contact us to have internal controls set in place or feel free to ask us any other accounting and finance questions.