In accounting, “internal control” is a key term to know. Internal control is the series of processes and procedures that are performed within the organization to ensure the integrity and accuracy of the financial information and reporting of that organization. It is an important means of protecting the business owners, employees, vendors, investors, and stakeholders.
In a small business, maintaining good internal control is often a challenge since team size is smaller and resources are limited. Yet, it is essential to understand so that owners understand what risks they are taking every day in their businesses. A good system of internal controls can help the organization reduce the risk of fraud, safeguard against loss, and demonstrate good business practices.
In this article, we’ll discuss the three key concepts of internal control–segregation of duties, delegation of authority, and system access–and optimizing business operations.
Key Concepts
Segregation of duties is the first key concept of internal control. It dictates that tasks be assigned to different people when there is a risk of hidden errors or theft as a result of having all responsibilities assigned to one individual. For example, the employee who opens the mail and receives checks should not also be the individual responsible for applying the check to the correct customer in Accounts Receivable.
Delegation of authority is the second key concept of internal control. While the owner has ultimate control, they cannot accomplish everything that needs to be done. They must delegate assignments to their team, who are then responsible for maintaining internal controls in their area of work.
System access is the third concept of internal control. Access to documents, rooms, computers, applications, and other items should be on a need-to-know basis to reduce risk. While one person might have system access to enter a transaction, they should not also be the one to have system access to review or approve that same transaction. We’ve made two YouTube tutorials to help you add users to QuickBooks. For QuickBooks Online, click here. For QuickBooks Desktop, click here.
Business Operations
Every aspect of the business should be considered while setting up the company’s policies and procedures. In a small business, an easy way to develop internal controls is to review each major transaction flow and implement the controls needed.
On the customer side, this includes receiving the customer order, sales contracts, shipping, invoicing, managing accounts receivables, collections, bank deposits or merchant reconciliations, and cash management. It can also include customer service, pricing, and promotional activity.
On the vendor side, the process includes adding controls for vendor selection, purchase orders, receiving, bill pay, managing accounts payable, payments, managing travel and expense accounts, and company credit cards.
Depending on the company, additional areas that need to be reviewed for internal control include inventory and supply chain management and government contracts, if any.
When hiring, the process of hiring, onboarding, training, evaluating performance, and payroll should be considered. Safety is also an important consideration.
A very large part of internal control development should focus on the information technology operations of the company. Areas include user access and controls, password management, naming conventions, physical security, disaster recovery, and network and applications development, updates, and change control. Data entry should also be considered and is best included when developing controls for the customer, vendor, and employee functions.
Additional functions that need internal control processes include treasury and financing; financial reporting, budgeting, and planning; records storage, access, retention, and destruction; asset management; and insurance.
Internal controls can be applied to small businesses as well as large organizations. It’s all about being able to feel confident that your business is operating with financial integrity, accuracy, efficiency, and a reduced risk of failure. If you have questions about how internal control applies to your business, be sure to reach out to us at any time.