Internal Controls are safeguards that ensure that your hard-earned money isn’t lost accidentally or worse, doesn’t walk out the door in someone else’s pocket. Basic internal controls include not sharing passwords or logins, separation of duties, and audits.
Unique Passwords
If money were to go ‘missing’ and all employees used the same password it would be impossible to determine the responsible party because the system’s audit log entries would be the same login shared by everyone making it impossible to determine who made the detrimental keystrokes. It’s imperative that every employee has their own ID/password for every system. There is no circumstance where passwords should be shared. This protects the business but it also protects the person in multiple ways, including not being blamed for something they didn’t do and from being ‘set up’ by a co-worker who doesn’t like them – yes, this happens. Additionally, when someone leaves their workstation, they should completely log out of the computer to prevent someone from going into the computer or a system under the credentials of the person logged in.
Separation of Duties
Separation of duties means that the same person taking the cash from the customer shouldn’t be the same person adding up the day’s receipts and determining the bank deposit amount. This keeps someone from pocketing cash and entering a smaller deposit than it should have been. Another separation that’s often overlooked is paying invoices. To save money businesses will have a single person opening the mail, receiving invoices, entering invoices, paying invoices, and approving/cutting the checks. Without oversight or separation of duties, an employee can create a fake invoice, with payment to them, and slowly steal money from the business. If you feel the need to run to your books and check if it’s happening to you, I would say run fast. The stats on how often this occurs without separation of duties is frightening. Therefore, having separate people for each of these tasks, and someone in authority to provide approvals for any cash spent, keeps everyone accountable.
Audits
Audits include counting cash banks employees have in their possession. I can tell you in my career I’ve opened someone’s bank to find an IOU lying at the bottom of the bank and all of the cash missing. Any employee who has cash in their possession, even managers at executive-level positions, should have periodic surprise audits to ensure the amount they were given is exactly what is in the bank at the time of the audit. You never want to tell them there will be an audit or when it will be because they’ll make sure all the money is there. You want the element of surprise! Any amount of missing money should be handled as theft and is best avoided with strong language in the employee handbook, on the standards and expectations of handling the bank. In addition, a document should be signed by the employee at the time the bank is received, outlining the standards and expectations, making any theft cases that involve the police and a jury easier to win. The same goes with inventory or any other item in the business, even laptops or equipment the associate uses. Inventory should be audited monthly as a part of the financial process, however, a surprise inventory audit is also recommended, with access to inventory tightly controlled and able to be logged (not by the same person accessing the inventory). Each piece of equipment should be ‘signed out’ to the employee in a new hire document which states they are responsible for serial number 02156123035 followed by the guidelines for usage. This is especially important if they are transporting their computer or even a thumb drive to and from work. Many companies have been hacked because of found or stolen equipment costing thousands or millions of dollars in loss (but that’s another article).
Having internal controls ensures your financial information is accurate and your business is compliant with laws and regulations. The owner or manager is often responsible for the oversight of the internal controls, however, many employees may be involved in the execution of the internal controls and a bookkeeper can advise on internal control opportunities within your business.
There are many internal controls that can be put into place to safeguard your money and protect your investment. Don’t delay!
