top of page
Writer's pictureSonia Lee

Internal Controls for Small Businesses

Updated: Jun 19

Date: February 26, 2024

By: Sonia Lee Ng, CPA



man sitting in a control room

Even though the Sarbanes-Oxley Act of 2002 only applies to publicly traded companies, it has influenced all other companies to focus on the importance of internal controls over financial reporting.


The implementation of effective internal controls is crucial for small businesses to safeguard assets, prevent fraud, ensure accurate financial reporting, and promote operational efficiency of a company.


Key Internal Controls for Small Businesses:

Segregation of Duties: Its a fundamental internal control principle that involves dividing key tasks and responsibilities among different individuals to reduce the risks of errors, fraud, and misuse of resources. Assign different responsibilities to different employees to prevent any single individual from having control over an entire transaction process. Types of Duties: a. Authorization - the responsibility to approve or initiate transactions b. Recordkeeping - the responsibility to maintain accurate records of transactions c. Custody - the physical control or handling of assets or resources. Some Important Internal Control Categories: a. Controls over cash to prevent losses:

  • Review bank transactions and reconcile cash accounts on a monthly basis.

  • The same person cannot be in charge of the entire process.

  • Monitor POS transactions.

  • Include a remittance advice on your invoices so customers send their payments with that portion.

  • Use electronic transfer authorization to pay for the company's service or products on a recurring basis.

  • Reduce the amount of cash on hand by using banking, EFT payments, etc.

  • If your company maintains a petty cash fund, keep in a secured locked area, set a limit for expenses, prepare a registry or log to record petty cash transactions, require evidence and receipts for issuing cash reimbursements. Require approval of replenishment requests.

  • Establish policies with requirements for expense reimbursements.

b. Controls over inventory:

  • Inspect and count inventory when received and when dispatched, and issue a receiving report and a dispatch report.

  • Conduct physical inventory counting periodically.


c. Controls over data security:

  • Have personnel update passwords on a quarterly basis.

  • Educate personnel about cybersecurity threats, phishing emails, and establish policies on data handling.

  • Restrict internet browsing.

  • Maintain a password log in physical format in a secured and locked box in case you need access to computers in case the employee is no longer working for the company

e. Controls over accounts payable:

  • Review payments and vendor invoices for authorization and payment to whom it corresponds.

  • Use direct deposits for reducing risk of fraud in payroll.

  • New employees should be approved before adding them to the payroll system.

f. Financial controls:

  • Monitor operational and financial performance.

  • Maintain personal finances and business finances separately.

g. Human resources controls:

  • Perform criminal background checks before hiring new staff.

  • Require employees to have vacations, and delegate their tasks when they are on vacation. You may prepare standard operating procedures manuals so another employee may perform those tasks while the employee is on vacation. Limitations for Small Businesses Since small businesses may have a limited staff, it is challenging to achieve full segregation of duties. However, even partial segregation can provide significant benefits. a. To compensate the lack of segregation of duties, implement management oversight and regular reconciliations.

  • Authorization Procedures: Establish clear policies and procedures for authorizing transactions (Purchases, expenses, payroll, etc.) Implement an approval process that require authorization from designated personnel before transactions are executed.

  • Physical Controls: For assets such as cash, inventory, equipment (use of locks, safes, and restricted access areas). Conduct regular inventories and reconcile them with the accounting records to find discrepancies.

  • Documented Policies and Procedures: (SOPs) for key financial and operational processes need to be documented. Outline clearly the steps to be followed, roles and responsibilities, and approval requirements. Review and update them regularly as needed.

  • Regular Reconciliations: Bank accounts, accounts receivable, accounts payable, and other critical accounts should be reconciled on a regular basis. Comparison of accounting records with external documents should be made to identify discrepancies and errors on a timely basis.

  • Employee Training and Awareness: Provide employees with comprehensive training on internal control policies, procedures, and ethical standards. Educate your business staff on their roles and responsibilities in maintaining internal controls and detecting potential issues.

  • Management Oversight: Mechanisms for management to oversee and monitor internal controls effectively. Conduct periodic reviews and evaluations of control activities to ensure compliance and effectiveness.

  • Information Technology (IT) Controls: Its implementation will help protect sensitive data and systems from unauthorized access, alteration, or destruction. This may include: password policies, access controls, encryption, and regular system backups.

  • Segregation of IT Duties: System administration, network management, application development. To reduce risk of errors or fraud. Make sure individuals do not have excessive access privileges beyond their job requirements.

  • Monitoring and Review: Regular monitoring and review of internal controls to assess their effectiveness and identify areas for improvement. Conduct internal audits or engage external auditors to provide independent evaluations of control processes.


The implementation of these internal controls may help small businesses mitigate risks, improve operational efficiency, and enhance overall financial integrity. It's essential to tailor internal control measures to the specific needs and circumstances of your business while remaining compliant with relevant laws and regulations. Regular monitoring and periodic updates to internal controls are also critical to adapt to changing business environments and emerging risks.


If you have any questions or need additional information about internal controls for your small business, please contact us.


25 views0 comments

Comments


bottom of page