Internal controls are the mechanisms, rules, and procedures implemented by a company to ensure the
integrity of financial and accounting information, promote accountability and prevent fraud. Besides
complying with laws and regulations, and preventing employees from stealing assets or committing fraud,
internal controls can help improve operational efficiency by improving the accuracy and timeliness of
financial reporting.
Why Strong Internal Controls Are Necessary for a Healthy Business
Strong internal controls can keep a company healthy by helping to achieve four key business objectives:
- Safeguarding assets. The right controls protect a business’ physical and financial
assets from fraud, theft, and errors. Likewise, proper controls quickly identify errors and fraud if
they occur. One of the most essential concepts related to internal controls (and specifically to
safeguarding assets) is the segregation of duties (i.e., separating incompatible functions) because it
prevents a single individual from requesting, authorizing, verifying, and/or recording business
expenditures.
- Ensuring reliable financial reporting. Owners and managers require accurate
financial information to make informed decisions. Because solid internal controls help to maintain the
validity of financial data, they also equip management to make more educated judgment calls.
- Maintaining compliance. Credible financial data enables organizations to fulfill
their duties to file complete and accurate tax returns, as well as meet any financial reporting
obligations (e.g., to fulfill loan covenants). Appropriate processes and procedures also allow
organizations to meet other regulatory and statutory filing or reporting requirements.
- Accomplishing operational efficiency. Organizations typically operate more
effectively with processes and procedures in place. A strong internal control environment can foster
efficiency through automation of manual controls, removing unnecessary or duplicative steps in a
process, or combining certain functions in a cost-effective manner. Finally, when financial data is
consistent and easily accessible, management receives timely and relevant information to verify that
activities are in-line with business objectives.
Prescribing the Right Internal Controls for Your Business
Solid internal controls are essential for a healthy business. Before a company can
select any controls, management should know which ones best address its challenges. There are three
primary types of internal control “medicine” that business owners and managers can use to increase their
operational efficiencies.
1. Preventive and Detective Controls
Solid internal controls are essential for a healthy business. Before a company can select any controls,
management should know which ones best address its challenges. There are three primary types of internal
control “medicine” that business owners and managers can use to increase their operational efficiencies.
A preventive control mitigates the occurrence of errors or irregularities (picture an
apple a day keeping the doctor away). For example, if the objective is to ensure accurate time,
attendance, and payroll records, then a good preventive control might be required supervisor approval of
all employee attendance entries before their processing in the system.
On the other end, a detective control identifies existing errors and irregularities to
prompt corrective action (imagine an X-ray identifying an already broken bone). Processes such as internal
audits, physical inventory counts, and monthly bank account reconciliations are all examples of detective
controls.
In the best cases, preventive and detective controls work hand in hand. For example, acceptable-use
policies and access controls protect access to valuable customer data and accounting information.
Simultaneously, the creation of computer usage logs and monitoring through regular audits might detect any
unusual activity that has previously occurred.
2. Mitigating Controls
Another type of internal control is a mitigating control, which includes procedures that
can help reduce risk. For example, if an organization is too small to properly segregate duties, then it
can establish mitigating controls such as detailed transaction reviews, after-the-fact approvals, and
surprise checks to reduce the risk in the affected area.
3. Manual, Automated, and IT-Dependent Controls
Each of the above controls can be manual, automated, or IT-dependent. Manual controls
require human action, such as two signatures on a check. Automated controls monitor
routine processes without human action. For example, accounting software may be programmed to deny an
accounts payable invoice if the original vendor invoice, purchase order, and record of receipt are not all
provided. IT-dependent controls require a combination of automated processing and human
interactions. For instance, the automated denial of an accounts payable invoice may be captured in an
exception report that allows a human to correct data entry or other issues so that the erred invoice can
be re-processed through the system.
The Right Types of Internal Controls Could Lead to a Bright Prognosis
Implementing the right types of internal controls increases the likelihood of a positive prognosis for
your company’s health. Assess your organization’s current needs and goals to determine which controls will
work best for you.
Nugent & Associates
if you would like us to assist you in diagnosing your business’ operational condition.
Conducting an Internal Control Check-Up
Prescribing the right internal controls is not necessarily complex, but it does require careful examination
of the business’
organizational structure. Business owners and executives should identify not only what checks and balances
they need to implement, but also who is responsible for ensuring that they work.
Controls over financial processes generally fulfill at least one of these criteria:
- Completeness. All records and transactions are included.
- Accuracy. The correct amounts and other relevant data are recorded.
- Validity. The transactions captured or recorded were real and appropriate.
- Authorization. The proper authorization levels are in place to cover such things as
approvals, payments, data entry, and computer access.
- Timeliness. Financial reports are available in a timely manner for decision
usefulness.
Take Control of Your Business’ Health
In the end, strong internal controls increase the likelihood of achieving and maintaining business
health. Take charge of your organization’s health by implementing the appropriate internal controls. Does
your organization need help establishing — or refining — effective internal controls? If so, then
Nugent & Associates
.
Our experienced professionals have the insights
to help you improve the health of your company.
Our Services to Strengthen Your Internal Controls
At times you may need a trained outside professional to evaluate your company's
operations to determine if the appropriate controls are in place to ensure proper handling of resources
and to protect
yourself from employee theft.
We assess your internal control systems to determine the efficiency and effectiveness of your operating
procedures. Then we make recommendations that help your company become stronger and more profitable by
correcting any
inefficient or ineffective operating procedures we find.
What we do for you...
-
Implement segregation of duties so that duties are divided, or segregated, among different people to
reduce risk of error or inappropriate actions. No one person has control over all aspects of any
financial
transaction.
-
Make sure transactions are authorized by a person delegated approval authority when the transactions
are
consistent with policy and funds are available.
-
Ensure records are routinely reviewed and reconciled, by someone other than the preparer or
transactor, to
determine that transactions have been properly processed.
-
Make certain that equipment, inventories, cash and other property are secured physically, counted
periodically, and compared with item descriptions shown on control records.
-
Provide employees with appropriate training and guidance to ensure they have the knowledge necessary
to
carry out their job duties, are provided with an appropriate level of direction and supervision, and
are aware of the
proper channels for reporting suspected improprieties.
-
Document policies and procedures and making them accessible to employees. The documented policies
and procedures provide day-to-day guidance to your staff and continuation of duties in the event of
prolonged employee absences or turnover.
-
Review operations to ascertain whether results are consistent with established objectives and goals
and whether the operations are being carried out as planned.