Five Components of a Good Internal Control System for Small to Medium Businesses

When we talk about “internal controls” in business, we’re talking about the systematic measures put in place in order to conduct operations in an orderly and efficient manner. Internal controls act to safeguard a company’s assets and resources, ensure the accuracy and completeness of its accounting data, detect errors, fraud, and theft and produce reliable and timely financial and management information.

UntitledSmall businesses sometimes neglect internal controls, if they think about internal controls at all. But internal controls for smaller entities can be put in place, though they are more likely to be informal and carried out by one or a handful of people.  However, a few managers enforcing control procedures in a top-down fashion can produce a good internal control system for a small company.

Here are five components of a good internal control system for smaller entities:

1)      The managers at the top should be committed to performing key internal control procedures diligently.  It’s management’s character that shapes the control environment (especially in a smaller company).

2)      Management should be performing daily walk-arounds, collecting feedback on the effectiveness of the company’s accounting and operational systems.

3)      One or more governance committees might be created and given “hands-on” oversight involvement in the business’s activities.  Committee members can be tasked with monthly, entity-level control duties, for example, reviewing and approving supporting documentation against checks written.

4)     Management personnel should communicate internal controls through frequent interaction with the accounting staff.  The performance of basic activity-level controls (such as determining that all orders have been shipped and billed, that invoices are initiated only after shipments are made and that bank accounts are reconciled), should be documented for periodic inspection by management.

5)      An ERP system that limits risks of errors or fraud can produce better and more accurate financial reports.  Standardized reporting formats, password and processing controls should be included in accounting software.

At Accountnet, we work with our clients to involve them in the design, implementation, operation, evaluation, and improvement of their internal control systems. We provide “Good Practice Guidance” (GPG) to ensure that a business’s professional accounting and reporting can be used to improve its internal controls.

Download the Microsoft Management Reporter 2012 FactSheet (PDF).