Broadly speaking, internal controls are methods, processes or procedures that an organization puts into place in order to:
- ensure that financial information is accurate, timely and reliable,
- ensure compliance with regulatory, financial and operational requirements,
- achieve or implement business objectives,
- prevent, mitigate and detect fraud,
- and safeguard assets.
The control environment should be as specific as the business itself, and there is no one formula for creating reliable controls. The business needs to spend time thinking about what are the risks, and design and implement controls that will appropriately address the risks. The following are some examples of common controls for small businesses:
Dual Cheque Signing
Having two signees on cheques provides a safeguard against misappropriation of cash through fraudulent cheques. In conjuction with signing the cheques, all expenses should be reviewed to ensure that they are genuine expenses for the business.
Bank reconciliations involve reconciling between the balance per the bank and the general ledger. Typically performed monthly, bank reconciliations will ensure that all items per the bank statement have been appropriately recorded in the general ledger.
Counting inventory can help to reduce both the risk of potential misappropriation of assets or theft as well as inaccurate inventory levels. Cyclical inventory counts reconciled back to perpetual inventory systems can uncover discrepancies between what the inventory system shows and what is actually on hand.
Access/Safeguards for assets
It might sound old fashion, but simple controls such as locking cheques, reducing access to warehouses, password protecting systems can go a long way. Restricting the access can safeguard both your tangible assets and information from theft and damage.
Segregation of duties
Segregation of duties is not so much a control, but rather a principle in designing controls. Dividing processes between people can be very effective in reducing misappropriation of assets and other fraud risks as well as detecting errors in processes and inaccurate information.
For example, different people should approve invoices, prepare cheques to pay the invoices, sign checks and reconcile the bank account. Not only does this reduce the risk of fraud, but it also places a series of checks and balances to ensure that all processes are being completed correctly.
Deloitte Information & Controls Assurance :