Let’s Talk About Internal Controls 

Written By Christine Walsh

Internal controls are policies and procedures that companies use to ensure the accuracy and reliability of their accounting and financial information. They also help to prevent fraud and promote accountability.

Sounds like something all organizations would have, right? 

You’d think so. 

The fact of the matter is that a surprising percentage of companies – particularly those growing from small- to mid-sized – do not have internal controls. Sometimes they’ve “always did their finances this way.” Sometimes they only learned about internal controls after they were on the receiving end of fraud or theft. 

Either way, every company needs a tight set of internal controls. Here’s the minimum we recommend to – and require of –  our clients…

Do Not Give Full Level Access to Online Banking

Whether you have an internal or external bookkeeping resource, giving them full, administrative online access to your business bank account is a recipe for disaster. It could be your best friend,  a trusted recommendation or someone you’ve worked with for decades. If a person who is not an officer of the company has the ability to move money, you’ve created a liability. 

But a bookkeeper needs to see transactions and bank statements in order to do his or her job. That is true. But virtually all banks offer permission limits like “view only.” 

It’s simple: only officers of the company should have full access to the business’ online banking. You might even want to limit it to the CEO and the CFO. 

It’s worth noting that as an external service provider, we refuse full permission online banking access – even if our clients want us to have it. 

Have a Bill Payment Approval Process

If paying a bill only requires one person and a few clicks, the company is at risk. We set all of our clients up with Bill.com so that even if we are handling all of the company’s bill payments, no payment can go through without the client signing off on it. 

Look at Your Financial Statements… Regularly! 

When it comes to a business’ finances, ignorance is anything but bliss. Business owners have to look at their financial statements on a regular basis. They need to look for fluctuations, anomalies and changes in cash. 

There’s perhaps no better internal control than knowing exactly what’s happening. 

Secure All Apps and App Ownership

Picture this scenario: A company hires a part-time bookkeeper. He or she sets the company up on a new accounting system. Said accounting system ownership is under his or her email address. Fast forward a few years and that person decides to part ways with the company. They’re still the account owner of that not-so-new-anymore accounting system. The company emails. The call. No response. 

You can see where this is going. 

Businesses must control ownership and access to all of the financial applications it uses. Accounts with various financial applications should be set up with internal email addresses, accessible by not just one person (i.e., finance@company.com). 

Similarly, organizations should require multi-factor authentication for all users – internal and external – in order to prevent fraudulent access. 

Have a Solid Financial Operating Process in Place

A repeatable, predictable financial process limits the risk of errors or fraud. Steps that should be well defined include how to invoice a customer, bill payments, required approvals, how payments are received in accounts receivable. 

It’s All About Mitigating Risk

Sound internal controls make it less likely for fraud to occur while layering transparency and accountability to an organization’s financial operation. Foregoing them is just… risky. 

Christine Walsh
Previous

The Case Against Bundling
Next

Don’t Look Now, But We’re Two-Thirds of the Way Through 2024