Why do Internal Controls Matter?
Firstly, internal controls are put in place to protect company assets and reduce the risk of fraud. The growing awareness of fraud, has meant that investors, banks, financial institutions, and other companies are wanting to see stronger evidence of internal controls.
The following is a list of key reasons why a small business would want to create strong internal controls:
- Focus on getting the financial statements right.
- Obtaining recommendations or financing from outside parties such as investors, bankers, or accountants.
- To solve present business problems, and/or help prevent fraud from occurring.
- The potential to go public.
- Customers who are Sarbanes-Oxley compliant may require it.
Our Milwaukee bookkeeping and consulting firm helps small businesses with accurate financial reporting and internal controls at a price they can afford. Get a free consultation to learn more about how our services can help you.
Accuracy of Financial Statements
Informed management decisions cannot be made with access to accurate financial statements that are available in a timely manner. Good internal controls make it possible for you as an owner to trust the financial information you are seeing when you receive it.
The utilization of good internal controls is beneficial in working with investors, bankers, and accountants, as it enables them to trust the numbers they are seeing, and in turn work with you in the manner that you desire.
Risks of Fraud in Small Businesses
Fraud can be a big problem for small companies, as well as large ones. There are many forms of fraud including credit card and check fraud, and employee theft. Employee theft can range from false overtime claims, stealing inventory, embellishing expense accounts, and skimming cash. In whatever way it occurs, fraud can result in significant financial losses. The Association of Certified Fraud Examiners estimates a typical business will lose an average of 7% of revenue from employee theft. A 2008 report stated: “small businesses-defined as those with less than 100 employees-suffered both a greater percentage of frauds (38%) and a higher median loss ($200,000) than their larger counterparts. These findings accentuate the unique problems in combatting fraud-primarily the limited amount of fiscal and human resources available for anti-fraud efforts-frequently faced by smaller organizations.”
CEOs looking to go public often cite internal control enhancements as their most challenging corporate governance issues. One of the biggest aspects to this is the reliability of financial reporting and the preparation of financial statements. According to a report by Ernst & Young, 66% of institutional investors say that systems and controls should be implemented and operating effectively prior to the IPO. The ability to withstand the new level of scrutiny from outside sources including auditors is integral to their success.
The 2002, Sarbanes-Oxley Act strengthened the need for stronger internal controls, including accountability of companies regarding their financial statements. This is because companies under Sarbanes-Oxley are required to monitor and assess their internal control over financial reporting, including evaluations and disclosures throughout the year.
Key Components for Internal Controls
There are number of key components that make up strong internal controls, each with a multitude of processes to enable. The three components reviewed herein are:
- Accounting System.
- Financial Reporting.
Through developing systems and processes relating to these 3 areas, a business of any size should be able to implement good internal controls. The Giersch Group has experience working with businesses in a variety of industries including construction, legal, service and nonprofits.
The commitment to implement from the top is key in any system or process changes. Adherence to your own controls sends a clear message to employees about your importance. As discussed in previous topics, business owners are rarely accountants and are rightly focused in the operations and revenue generation of their business. However, at least once a month management should review of the financial statements. While reviewing the operational results of the business is the main purpose of financial review, management should regularly look for inconsistencies that trigger questions to financial statements. One way to assist this process is for management to develop an understanding of what the books should look like and have a set of acceptable thresholds, which if any significant variances occur, are to be reviewed in detail. Oversight and review by the management is an important aspect of internal controls, to make sure employees, including trusted family members, are aware that the management are attentive to the details. Other options for management include a written ethics policy for all employees and random spot checking of reports and documentation.
Good financial systems have been discussed at length in order to generate accurate and timely financials for decision making purposes. With a good system in place, the review process for management can become more systematic and effective. An important step is determining who should have access to the various segments of the financial systems. This gives the potential for significant and fundamental businesses decisions to be made without the knowledge and/or permission of the owner. All financial systems give options for restricting access and control to various members of the team. This point is covered in more detail later on with a discussion on the segregation of duties. Finally, the process of automated backups of financial data is important for compliance, risk avoidance, and fraud prevention.
Reviewing and understanding financial statements is an important exercise for all business owners. Not only is it important for when the owner is reporting to the bank or the IRS, but also to ensure accuracy and the ability to follow up on irregularities in a timely manner. The regular and systematic review process with the board, outside advisors, or CPA is also crucial in preventing fraud. Knowledge that the financials are being reviewed on a regular basis helps to deter potential fraud from within the company.
Segregation of Duties
The following graphics show examples of how a company, based on number of office employees, can segregate responsibilities in a manner that improves internal controls.