Internal control is a very special phrase in the accounting profession. Tactically, it’s the set of processes that help a company produce accurate data throughout the organization, follow reporting requirements and laws, and maintain consistency and accuracy in its operations. Strategically, it’s an entirely new way of thinking and doing business.
Good internal control practices help to reduce organizational risk. A blunt way of putting it is internal control is what you put in place to avoid mistakes, intentional or accidental, and to control accuracy and quality. It impacts every aspect of an organization.
As a small business, you’ll want to be familiar with the concept because it can help you reduce risks you might not realize you have. Here are some practical examples of good ideas that support internal control:
When data is private and secure, provide access only to employees who need to know the data and restrict access of others.
Have someone check that your bank balance matches the reconciled amount in your books, and that someone should be different from the person who does the reconciliation. This is an example of what’s called segregation of duties.
Lock up paper checks and use the missing check number report to make sure none of the stock could be used for nefarious purposes.
Have employees sign in and out equipment that they take home. This is part of asset management.
Write and enforce a hardware and software use policy that includes items like employees should make sure their anti-virus software is active at all times, they should not bring in disks or CDs, and they should not download games or other unauthorized programs. This protects from computer viruses and helps to avoid catastrophic network failures.
There are literally hundreds of internal control procedures that should be implemented in small businesses as they grow into larger businesses.
Internal control is typically a big part of an audit or an attest function in accounting; it determines how many additional procedures an auditor needs to do in order to provide assurances about the reliability of the financial reports. But it’s also just good plain common business sense to implement as many internal control processes as are cost-effective for your business to protect it at the level of risk you’re comfortable with.
If you’d like to discuss the idea of internal control further, please feel free to reach out to Bob Nelson at your convenience.