Internal Controls Made Easy: Practical Steps to Reduce Fraud and Errors
“A lawyer with his briefcase can steal more than a hundred men with guns.” – Mario Puzo, The Godfather
I’ve been on a Godfather kick lately (as you can see) and it got me thinking: What is the biggest financial threat to businesses in today’s digital age?
No one’s stealing software at gunpoint, but there is a danger that comes from “inside the family”—fraud and financial errors lurking within your organization.
Before you brush that off, consider this: Even conservative estimates suggest that businesses hit by fraud see a 10.9% to 25% drop in total equity value. Meanwhile, surveys show that overworked accountants are making more errors than ever—at least several times a month.
But whether it’s $20k in mistaken allocations every month or a $2 million fraud, the result is the same: Lost money, shaken confidence, and a shattered reputation.
Internal controls are a way to avoid all of that.
Internal Controls: What are They, Anyway?
Think of internal controls as a system of checks and balances. No one individual, account, or entity should hold the keys to the kingdom with zero oversight.
The purpose of internal controls can be broken down into three categories, intending to:
- Prevent problems, crushing the snowball before it gets rolling
- Detect errors or fraudulent activity ASAP
- Correct the issue before it gets worse or happens again
Prevention: Stopping the Problem Before it Starts
Given the time, expense, and headache that fraud and error can cause, the very best practice is to keep both from occurring in the first place.
To do that, ensure your business employs:
- Segregation of duties – Fancy talk for: “Make sure no single person has too much control.” If one person writes the check, someone else should sign it. (Although you shouldn’t even be writing checks in the first place—there’s software for that now. But you get the idea.)
- Access control – Just like you limit access to certain parts of a physical office, the digital age demands even more stringent security. Certain files, folders, and programs should be access-protected so only authorized accounts can see and modify data.
- Cybersecurity awareness – Some 68% of data breaches result from human error, like an employee falling victim to social engineering attacks. Multi-factor authentication, encryption, and a strong training program can keep everyone on guard against digital threats.
Partnering with fractional accounting teams and financial leadership is another ideal way to deliver a fresh layer of prevention.
For example, as part of Quadrant’s fractional controllership service, we liaise with a third-party quality control team for a fully agnostic, non-biased review of your financial statements. Checks and balances—for you, and for us.
Detection: Identifying Fraud and Errors
Likely, you trust your team (and you should, that’s not the point of internal controls). But again, negligent errors are just as painful for stakeholders as nefarious fraud. So aim to catch both early with detection systems like:
- Proper paper-trailing – From leveraging accrual accounting methods to ensuring you leave a digital breadcrumb with every dollar, all money that goes in and out should be reconcilable on a financial statement.
- Modernized methods – Relying on petty cash and paper checks is like playing with fire. Save yourself the burns by leveraging digital platforms such as Bill.com and Stripe for built-in monitoring and tracking tools.
- Reconciliation procedures – Your financial statements are only as good as the eyes you have on them. Reconcile early and often to catch discrepancies and unusual activity as soon as possible.
Going digital is the real key here. Auto-syncing AP/AR with your general ledger, using e-checks and ACH electronic funds transfers… Not only do these steps save you time and expense, they leave an immutable trail that’s much easier to track.
Correction: Mitigating the Damage
So your prevention methods are staving off fraud. And your detection systems caught the errors early. But how do you move forward if an incident occurs?
Your response depends on the situation:
- Identify the cause – A post-mortem is needed to gather the facts. What happened? How did it happen? While you want to move quickly, you also need to address the core problem, not slap on a band-aid solution.
- Update policies and processes – With the data you’ve gathered, close the loophole. Redesign workflows, change software solutions, or implement new safeguards as needed to prevent the problem from ever happening again.
- Pursue legal recourse – If there’s evidence of fraudulent activity, seek legal assistance. It might hurt in the short term, but a transparent approach is the best way to rebuild trust and capital.
I can’t say it enough: Whether the issue was intentional or not, the damage done is the same. The goal is to prevent fraud and errors entirely; detection and correction are the backup plans.
Minimize Your Margin of Error: Bring in a Fractional Accounting Team
The idea behind internal controls isn’t to sow distrust amongst your team. As the Don would say, “It’s not personal, Sonny… it’s strictly business.”
In all seriousness though, here’s the unpleasant truth: a single mistake can wipe out a quarter of your company’s net worth. Mitigating that risk (along with the legal fees and stress that comes with it) hinges on your internal controls.
If you’re unsure whether those controls are up to snuff, Quadrant Advisory’s fractional financial leadership can help. Our CFOs and controllers offer tailored guidance and a “bird’s eye view” of your financial workflows so you can spot any loopholes—before fraud and error find their way in.
Curious how it works? Go ahead and ask me about our fractional services.
I might just make you an offer you can’t refuse.