„All businesses – big or small – need effective internal controls. Failure to implement properly designed control measures can expose your business to operational and financial risks and losses. Weaknesses in internal controls can often be mitigated through implementing a combination of anti-fraud controls and/or slightly modifying existing business processes.”
Good internal controls help you manage resources and make sure operations are efficient and effective.
The following steps are sure to help you minimise risks and promote best practice at your business:
A business is a set of interrelated processes. A process is a set of activities that are interconnected or that interact with one another. According to Wikipedia, a business process or business method is a collection of related, structured activities or tasks that produce a specific service or product (serve a particular goal) for a particular customer or customers. The ‘customer’ can be internal or external.
Your core business processes are those different set of routine activities or operations you carry out in your business. Example of processes which are generic to most businesses are the sales process, treasury (and cash management) process, purchase-to-pay process, and human resources process. A business process can either be manual or automated. Identifying your core business processes will help you dictate how they operate, and ease your oversight function.
Control procedures are the policies and procedures that have been put in place to ensure that process owners and managers can take the correct action to ensure the business achieves its objectives. Procedures explain the how, why, what, where and when of any set of actions.
will go a long way in establishing a strong control environment in your business.
Documenting policies and procedures can help to clearly define business operations and establish best practice operating procedures. Documenting key controls in each of your business cycles (such as sales and receivables, treasury and cash management, purchases, and human resources) can provide transparency and consistency and allow for roles to be easily assigned to specific individuals.
Written procedures help train new employees by explaining why they need to do what is asked of them, and reduces the time taken to train them. Written procedures also reduce the margin for errors and help employees understand the business quickly.
Small businesses have recurring processes, just like large ones. Processes such as sales, customer service, marketing, inwards and outwards of stock, and human resources are generic to most organisations regardless of size. Using business process management (BPM) software is one of the ways to automate your processes.
Business Process Management (BPM) tools are built for tasks such as automation of work, tracking business performance, the execution and management of processes, collecting, sharing, and storing data, and combining real-time collaboration, just to name a few.
Business Process Management software helps businesses increase efficiency and decrease costs. The top processes automated by BPMs are:
In small businesses with limited human resources, it’s not uncommon for a single employee to be solely responsible for completing multiple tasks in a critical process. Reassignment of specific duties within a process to other appropriate individuals can significantly help to mitigate risks in many cases. Generally, assigning different people the responsibilities of authorizing transactions, recording transactions, maintaining custody of related assets, and reconciling accounts provides for more effective internal controls.
For example, the treasury process of approving invoices, preparing cheques, signing cheques and reconciling bank accounts should be carried out by different employees as much as possible. Likewise, different employees should be handling incoming cash and cheques, posting payments, making deposits and performing reconciliations.
Employees should not be granted more access to information systems than they actually need to perform their job responsibilities; access rights granted to employees should be limited based on the employee’s level and/or job requirements. As the employee’s workload expands, additional access rights may be granted.
All users’ access rights should be reviewed on a periodic basis to ensure that there is a legitimate business purpose for the access granted to each user. This will enhance the system of controls and security in place.
This involves oversight from either the owner, a supervisor, a third party, or a combination of those parties. The internal control system require your employees to do their job honestly and effectively, this is why this last step is crucial to the power of the control system. Without it, your employees can simply skip steps or worse, work together to circumvent the controls.
Businesses processes and controls are a means to an end, and not the end in itself. The end goal is to help you achieve the following: