No owner expects that his or her employees will take money or property that belongs to the business. Nor do owners expect to be deceived by vendors or tricked by customers. In order to discourage or prevent losses through outright theft or inadvertent errors, businesses establish a variety of processes and procedures collectively referred to a internal controls. This post provides an introduction to a series of internal controls principles that all businesses should employ as a minimum level of protection.
The propose for establishing internal controls is to provide a reasonable expectation that the business will function as intended, that financial information is accurate and the applicable regulations and laws are complied with. The central theme of this article is limited to a discussion of five internal control principles as they relate to the business operation.
- Separation of duties: The key principle of this control is that the person handling the asset (cash, inventory, equipment, etc.) must not have access to the records that account for the particular asset. For example the person receiving cash from customers must not have access to the accounting records for the recording of cash receipts. The person responsible for receiving inventory must not have access to the inventory accounting records.
- Transactions are properly authorized: Procedures must be set up to ensure that every transaction is properly authorized and that without such authorization the transaction cannot be completed. As an example, dollar limitations might be established such that purchases over a particular amount requires the approval of the owner or a manager. While that is part of the control, the other part is that measures must be in place that will prevent the placement of orders over the threshold.
- Adequate documents and records; An adequate system for recording transactions, such as sales, purchases, and employee hours, must be established. While computer bases systems are common today, a system should be in place for properly filing and storing physical documents.
- Physical control: Steps must be taken to physically safeguard physical assets (such as inventory and equipment) and company records (such as documents and computer files). In this era where identify theft has become a common occurrence, controls need to be in place to prevent unauthorized access to sensitive personal information such as credit card numbers and social security numbers.
- Independent review: Business owners would be wise to follow the advice on one of our past Presidents – “trust but verify”. Reviews must be periodically conducted by knowledgable individuals who are not connected with the processes under review. Typically people forget or sometimes purposely don’t follow prescribed procedures. Periodic checks serve as a deterrent and also detection technique.
This post has looked at five internal control principles that are a must for all businesses. These five principles are 1. Separation of duties, 2. Transactions are properly authorized, 3. Adequate documents and records, 4. physical controls, and independent review.