Let’s set the scene. You have successfully closed that first round of funding and your company is up and running with cash to spend. Now that there is money in the bank, it is management’s responsibility to safeguard assets and ensure responsible spending. This is where internal controls come into play.
Often times I see entrepreneurs lacking focus on their internal controls as they believe it is a burden to build systems on top of their current processes. The reality is that effective internal controls should be built into existing processes to ensure efficiency and effectiveness.
Controls and processes will be unique to each company based on the product or service offering.
Internal controls are often distinguished by two separate characteristics: preventative and detective. Preventative controls prevent the misuse of corporate assets. Detective controls catch the misuse of assets after the fact. Both can be effective when built into your business’ daily processes to ensure an efficient and effective operating environment.
Preventative controls are designed to avoid errors from occurring in the first place. In order to achieve this, management must be proactive at building these controls into their processes from the get-go.
A common preventative control is segregation of duties. Simply put, the approval, recording, and custody/handling components, should all be separate tasks. For example, an individual should not be responsible for both handling the cash (i.e. making bill payments) and reconciling the bank account. It is wise to have two separate individuals write and sign a cheque, or to at the very least have two signing authorities.
Another common preventative control is the requirement for written approval or authorization before a purchase can be made. Even using numbered cheques and invoices can help an organization keep track of expense and revenue items, which in turn, can aid in preventing erroneous, fraudulent, or fictitious incidents from happening in the first place.
Detective controls are a mechanism to catch errors after they have occurred. These controls help to ensure sound financial reporting in the sense that financial reports will be accurate and the company is not defrauded by internal parties. Sound financial reporting will make your investors happy.
When considering detective controls, management should think about their monthly meetings that are held. How often are you sitting down with your co-founders reviewing the budgets to actual and questioning variances? This is a form of detective control and can help the company catch errors after they have occurred.
For those start-ups who have a sound bookkeeping function in place, it is common to see bank reconciliations being relied on as another detective control. In this scenario, the accountant is looking to see if there are any unusual instances which have cleared the bank during the period.
Finally, to be effective, the controls need to be documented and communicated across the organization. The controls should be reviewed periodically and adjusted as necessary. Consistent application without exception will allow for effective use of the internal controls to best safeguard corporate assets.
To summarize, aside from sound financial reporting, building an internal control system will help your business become more efficient and effective. Internal controls will help your company prevent and detect fraud in a timely manner. It is management’s responsibility to ensure that adequate controls are in place. Why not get a head start and implement these systems now?
Matthew Blostein, CPA, CA