Internal control is a very special phrase in the accounting profession. Tactically, it’s the set of processes that help a company produce accurate data throughout the organization, follow reporting requirements and laws, and maintain consistency and accuracy in its operations. Strategically, it’s an entirely new way of thinking and doing business.
Internal control helps to reduce organizational risk. A blunt way of putting it is internal control is what you put in place to avoid mistakes, intentional or accidental, and to control accuracy and quality. It impacts every aspect of an organization.
Here are some practical examples of good ideas that support internal control:
- When data is private and secure, provide access only to employees who need to know the data and restrict access of others.
- Have someone check that your bank balance matches the reconciled amount in your books. That someone should be different from the person who does the reconciliation. This is an example of segregation of duties.
- Lock up paper checks. Use the missing check number report to make sure none of the stock could be used for nefarious purposes.
- Have employees sign in and out equipment that they take home. This is part of asset management.
- Write and enforce a hardware and software use policy. Include items like employees should make sure their anti-virus software is active at all times. They should not bring in disks or CDs, and they should not download games or other unauthorized programs. This protects from computer viruses and helps to avoid catastrophic network failures.
There are hundreds of internal control procedures that can be implemented in small businesses as they grow into larger businesses.
Internal control is typically a big part of an audit or an attest function in accounting. It determines how many additional procedures an auditor needs to do in order to provide assurances about the reliability of the financial reports. It’s also just good plain common business sense to implement. Many internal control processes as are cost-effective for your business to protect it at the level of risk you’re comfortable with.