by Heidi M. Wendel, CPA, CFE
In business, at home and in our communities, we regularly run into “controls” or “rules” that provide safeguards. Whether it’s a computer password, a work identification badge, a driver’s permit or a fence around a swimming pool, these safeguards offer measures that can help protect privacy, personal safety, legal compliance and a shield from criminal activity.
Every good business employs checks and balances – internal controls – to assure that operations are effective and efficient, financial reporting is reliable and compliance with laws and regulations is followed. In particular, internal controls protect both owners and employees from financial loss or allegations.
Examples include segregation of duties or, separating financial functions and responsibilities to assure that adequate checks and balances are in place. It is important not to allow a single person to control all financial duties such as receiving cash, processing payments, purchasing, overseeing payroll and reconciling bank statements. Segregation could include an owner receiving and reviewing a bank statement before it is passed on to the bookkeeper for reconciliation, or that checks are prepared by one person but reviewed and signed by another. A checklist of the most common examples of segregation of duties is highlighted below (see sidebar).
In many operations, especially very small businesses, it is common for one person to carry out many duties, including many financial functions. It is also common for a business owner to trust their staff and hesitate to ask questions, or to defer making changes because it doesn’t seem convenient. Yet, setting up and maintaining internal controls isn’t about lack of trust but, rather, good business practices, future growth and protection for the business, the owners, the board and the employees. Smaller businesses can achieve adequate internal controls without too many roadblocks by balancing human resources, financial functions and segregation of duties.
Organizations should regularly review their internal controls to make sure that they are sufficient to meet the organization’s current needs and are working as designed. As businesses grow, operations change and past practices may not be effective for the future. An evaluation will: 1) Identify the organization’s control objectives; 2) Review policies, procedures and documentation; 3) Discuss controls with staff involved; 4) Observe the control environment; 5) Test transactions as appropriate; 6) Share findings, concerns and recommendations; and, 7) Determine that corrective action is taken on weaknesses.
Internal controls go beyond safeguarding an organization from financial loss. They can also assist in maintaining reliable financial reporting and maximizing effective operations.
Heidi M. Wendel, CPA, CFE joined Dennis, Gartland & Niergarth in 1994 and became a partner in 2007. She oversees the audit department and government/nonprofit team at Dennis, Gartland & Niergarth and brings 20 years of experience working with nonprofit organizations, schools, agribusiness, cooperatives, governments and businesses throughout northern Michigan. Heidi is a member of the American Institute of CPAs, Michigan Association of CPAs, Michigan Government Finance Officers Association and Michigan School Business Officials, and serves on the MACPA fraud task force.