Read time: 3 mins
Internal controls are the processes, checks and balances that need to be put in place as a business grows. Internal controls can relate to any aspect of your business, from human resources to IT. Internal controls in accounting are critical and are used for safeguarding assets. Having a system of internal controls, including a segregation of duties, matters because as much as you trust your team, simply having a team means there is no longer one person with complete oversight and knowledge of the operations.
When implementing an internal control procedure, ensure it includes a means to generate evidence that a process has been followed or completed. This may be as simple as requiring that a document be initialled—but if there is nothing to show that something happened, it didn’t!
As your business grows and becomes more complex, it is more likely that errors, duplication or omissions can occur. For example, without internal controls to dictate who is responsible for certain purchases, more than one person may make the same purchases, resulting in duplication and waste. Or products may be received by mistake from a supplier and, without internal controls, the fact that the items were not ordered may be missed. There are many other reasons to implement internal controls—and the longer you wait to introduce these procedures, the more difficult it will be to change your company’s processes and to get buy-in from your employees (see below).
Why establish internal controls in accounting? If you are required to have a review or an audit but do not have sufficient internal controls in place, an accountant will not be able to satisfactorily conduct their tests. And if you are claiming a tax credit such as through the SR&ED Program, you may not be able to support your claim if you do not have adequate timesheets and other records, and this could result in a significant loss of funding.
Employees may have a negative reaction to the implementation of internal controls. They may feel that these are time consuming, labour intensive or show a lack of trust in them. It is important to communicate to your co-workers and colleagues that these processes are required as the business grows, not only for oversight purposes (although this is certainly part of it) but also for planning, tracking and review purposes.
Internal controls generally fall into one of two categories: preventative or detective.
Preventative controls are those such as requiring dual signatures on cheques or having password-protected files. This type of control protects and limits access to business assets.
Detective controls include reconciling the bank or inventory counts. Typically these internal controls are performed periodically to see if any need to be corrected. They will often turn up internal errors or problems, as well as any external errors (such as bank errors).
One of the key concepts in placing internal controls over a company’s assets is segregation of duties. Segregation of duties serves two key purposes:
Segregation of duties involves separating three main functions and having them conducted by different employees:
This segregation of duties is often difficult to achieve in small businesses, but should be implemented as much as possible. In some cases, it may result in an employee from another department being responsible for one of the functions.
Where it is not possible to have adequate preventative internal controls including segregation of duties, it is important to implement a compensating control. An example of this could be increased periodic oversight by you or the board of directors.