Regardless of the size of your organization, it’s imperative to keep track of your finances and have controls in place to keep them safe. Well-designed internal controls will help you avoid misstatements in your accounting records, and potential fraud, as well as detecting any incidents that slip through.
Having the right procedures in place is important, but don’t forget the important of organizational culture. Management and your board should set a tone of compliance, communicate the importance of controls, and lead by example. The controls you have should be understood by everyone involved and documented, both for training new employees and for reference to keep practices consistent over time.
Smaller organizations have a harder time segregating duties and fully implementing internal controls. There are fewer people available to be involved in the process, and each of them tends to already have a full plate. Even so, it’s important to use best practices where possible and have policies and procedures that ensure quality of financial data and security of cash and other assets.
A central tenet of internal controls is the segregation of duties. Don’t let one person handle an entire process if you can avoid it. Any time money is being handled, there should be two sets of eyes checking the work. A few areas to consider are:
- Timesheets for hourly staff should be reviewed and approved by a supervisor or manager.
- Checks should be distributed by a different person than processes payroll.
- Periodically check for ghost employees. If paychecks are mailed, look for duplicate addresses. If people are paid by ACH, look for duplicate accounts receiving funds. Check for duplicate Social Security Numbers.
- Accounts Payable
- Require that large purchases by approved in advance.
- Check stock should be locked up and only designated people should have access to them.
- Never have signed blank checks.
- The check signer should review the supporting documentation before signing.
- Accounts Receivable
- Compare logs of money received to what is applied to receivables.
- Credit memos and bad debt write-offs should be reviewed by operational staff.
- Follow up on past due balances.
- Credit Cards
- Have an up-to-date list of who has credit cards.
- Require all purchases to be substantiated, that same as you would for an accountable reimbursement plan.
- Review statements for suspicious purchases.
- Separate people should open the mail and deposit money.
- The person who opens the mail should maintain a cash/check log of what is received.
- Immediately endorse any check that comes in the mail, including “For Deposit Only” with your company’s bank account information.
- Any money not yet deposited should be locked in a safe or locking drawer with limited access. Deposits should be made in a timely manner.
- Bank Reconciliations
- Bank reconciliations should be done in a timely manner.
- People who make deposits and process accounts payable should not prepare bank reconciliations. If this isn’t feasible, the bank statement and reconciliation should be reviewed by another staff person every month. See this article about what to check for on a bank reconciliation.
- Financial Statements
- Prepare financial statements monthly or quarterly to be reviewed by management and, if appropriate, your board.
- Compare budget to actuals, and evaluate significant fluctuations.
Internal controls are not an absolute guarantee of avoiding misstatements and fraud. People will make mistakes or bad judgment calls, and even with segregated duties, there can be collusion. However, controls that are designed well for your organization, and implemented well, will reduce your risk. They can also improve the quality of your financial reporting, reduce the cost of audits, and ensure compliance with regulations.