Internal control is a very special phrase in the accounting profession. Tactically, it’s the set of processes that help a company produce accurate data throughout the organization, follow reporting requirements and laws, and maintain consistency and accuracy in its operations. Strategically, it’s an entirely new way of thinking and doing business.
Internal control helps to reduce organizational risk. A blunt way of putting it is internal control is what you put in place to avoid mistakes, intentional or accidental, and to control accuracy and quality. It impacts every aspect of an organization.
As a small business, you should be familiar with the concept because it can help you reduce risks you might not realize you have. Here are some practical examples of good ideas that support internal control:
Access Controls: When data is private and secure, provide access only to employees who need to know the data and restrict access of others.
Separation of Duties: Have someone check that your bank balance matches the reconciled amount in your books, and that someone should be different from the person who does the reconciliation. The further duties are separated, the less chance there is of an employee committing fraudulent acts.
Physical Audits: Hand count cash and physical assets, as well as materials and tools. Physical counting can show if there are hidden discrepancies.
Asset Management: Have employees sign in and out equipment that they take home.
IT Controls: Write and enforce a hardware and software use policy that includes items like employees should make sure their anti-virus software is active at all times, they should not bring in disks or CDs, and they should not download games or other unauthorized programs. This protects from computer viruses and helps to avoid catastrophic network failures.
In actuality, there are hundreds of internal control procedures that should be implemented in small businesses as they grow into larger businesses.
Internal control is typically a big part of an audit or an attest function in accounting; it determines how many additional procedures an auditor needs to do in order to provide assurances about the reliability of the financial reports. But it’s also just good plain common business sense to implement as many internal control processes as are cost-effective for your business to protect it at the level of risk you’re comfortable with.
If you’d like to discuss the idea of internal control further, please feel free to contact us at any time.