Owning a small business comes with myriad challenges. Don’t let fraud become one of them. It’s a common misconception that fraud can only happen to big corporations. But, according to an Association of Certified Fraud Examiners (ACFE) report, small businesses (those with fewer than 100 employees) are hit by fraud more frequently than large organizations and suffer higher average losses. The truth is that fraud can occur at any place and in any business, regardless of size. That’s why small businesses need to prevent and mitigate fraud using internal control measures.
What are financial controls?
Financial controls are the internal processes businesses put in place to prevent or detect accounting errors. The purpose of these controls is to keep accounting records accurate and reliable and to detect and deter fraudulent activity. These controls are generally both manual and automated.
Although it’s not possible to completely eliminate the risk of fraud or errors in accounting, there are some essential internal financial controls that small businesses should use to lessen the likelihood of skimming, misappropriation of assets, payroll theft, and other common fraudulent behaviors.
Every business is unique and may require different sets of internal controls, but they generally fall into one of five categories:
- Cash controls pertaining to security and loss prevention
- Accounts payable (AP) controls ensure that payments are authorized and made to the right party
- Financial controls help keep financial reporting clean and accurate
- Data security controls provide appropriate access to systems
- Human resources (HR) controls document policies and procedures for employees
Although not an exhaustive list by any means, here are 27 essential internal financial controls we recommend for small businesses:
- Keep business and personal accounts separate to avoid commingling transactions.
- Reconcile accounts regularly and compare internal cash books with external bank statements.
- Conduct double-count checks on all cash deposits.
- Track beginning and ending cash balances on point-of-sale cash drawers.
- Limit the number of people with access to online and offline bank information.
- Limit the number of authorized signers for digital payments and checks.
- Require dual-signing by the owner on disbursements over certain amounts.
Accounts payable controls
- Require formal estimates on all purchases over a certain amount.
- Triple-match invoices with purchase orders and proof of payment.
- Reconcile credit card statements to general ledger expense accounts.
- Require two levels of approval for the creation of new vendors.
- Require a double sign-off on petty cash transactions.
- Create formalized policies for travel and entertainment reimbursement.
- Compare budget actuals to forecasts (look into automated software to do this for you, sending status alerts so that you can keep track).
- Ensure that at least two people handle the process of initiating, recording, approving, and reconciling transactions.
- Require evidence documentation for all transactions.
- Use an outside CPA to look over your financial reports on a regular basis.
Data security controls
- Implement zero-trust security measures, such as only allowing an individual access to the modules necessary for their specific role.
- Use unique, high-strength passwords and update them regularly.
- Perform regular system backup.
- Store data offsite using a secure facility.
- Ensure that background checks form part of all hiring procedures for individuals who will have access to financial information.
- Require owner’s approval for new employees added to payroll.
- Carefully review payroll reports for each payment period.
- Train your staff on relevant policies and security measures.
- Create an environment that promotes honesty and open communication.
- Periodically rotate accounting roles and responsibilities.
Secure your systems
In our experience, it’s often antiquated and manual processes that leave small businesses vulnerable to fraud from both the inside and the outside. The right financial software, on the other hand, can build in many preventative controls by default. For example, you could set up an accounts payable system that requires a manager’s approval to set up a new vendor. Many cloud-based accounting software programs can also automate detective controls, highlighting irregularities for investigation and correction.
Concerned about fraud? Consider an internal audit.
An internal audit involves reviewing your small business’s internal controls, governance, processes, and procedures. Along with discovering areas of opportunity, an internal audit can also uncover any internal theft and risk of losses.
If you’re not sure where to start with your internal controls, contact us today to schedule a consultation. Our experienced team of business CPAs and outsourced CFOs can help you establish a solid network of financial controls and give you one less thing to worry about.
You may also be interested in: What you need to know about the Beneficial Ownership Information filing requirement