This is the last in an 8-part series especially for new subscribers to the Creative Finance & Management email newsletter. Every week we are sending you an article aimed at helping you to think about a different aspect of the financial management of your business. This is in addition to the normal bi-weekly newsletter. We are doing it to give all new subscribers the same orientation to the way that Charis FD thinks about small business performance management. That way we can have confidence that all our subscribers have been given the benefit of foundational advice in all aspects of business performance management.

If you missed any of these articles, don't worry. They are on the Creative Finance & Management blog. Just look for the "New_Subscribers" tag.

These are the articles in the New Subscribers series:

1. The ingredients for success in Finance
2. Strategy and Planning
3. Business Change - implementing your strategic plans
4. Measurement and Management go together
5. Paralysis without analysis
6. Your Finance team - a valued asset
7. Stakeholder management - the importance of keeping people happy
8. Internal Control - 3 fallacies that add risk to your business

Here we go again: ...

---

Internal Control - 3 fallacies that add risk to your business

Fallacy number one - internal control is boring. Ok, so that's not a fallacy! Internal control IS boring in my opinion. Some of you may even be saying, "What is internal control anyway? Certainly sounds like something boring. Sounds like something that big companies with big auditors might be interested in. But not me!"

No! Please don't switch off, don't close this window and read no further!

Saying that internal control is boring is a bit like a train driver saying that railway tracks, signals and points are boring! He's right, they ARE boring! But if someone doesn't provide those key controls then the train's going to crash. In fact it won't even get going very far.

The same is true in business with internal control. Without controls, your business is going to crash unless it is unfeasibly lucky. So listen up, this will save you much pain.

Fallacy number two - internal control is technical and complex. It certainly can be, but for a smaller business it doesn't have to be.

Internal control is really all about safeguarding the assets of the business, including its cash. And just like safeguarding the assets of your home, mostly it's common sense.

So you could have physical controls, like locks on the premises, access control systems, putting your money in a safe at the end of the day, keeping confidential documents in a locked cupboard, etc.

Authorisation controls are another type of controls. Particularly important when you have employees, these controls just ensure that people get permission from another more senior person (maybe yourself) before they go ahead with something. It may be signing a contract, making an offer to a prospective customer, buying things, or paying for things. Like I said, common sense.

But have you considered that there are certain things that the same person should not be responsible for? These controls are referred to as "segregation of duties", and are mainly geared to avoiding the opportunity for fraud. For instance, if your bookkeeper opens the post in the morning, banks the money received in the post from customers, records the receipt in the accounting system and performs the bank reconciliation, then they have opportunity to make all the right entries in the accounting system but pocket the money themselves. It would take you months to uncover it.

Or another common example: A purchase ledger clerk who is able to set up new suppliers on the accounting system, record purchase invoices and make payments to suppliers, could easily set up a fictitious supplier, record a fictitious invoice and get them paid. Similarly with payroll - don't let someone set up new employees if they are the ones running the calculations and/or making the payments.

There are also review controls and reconciliation controls. These are very important too. Review controls just mean you, or someone senior, looks over something (like a bank statement) to see if they see anything unusual or suspicious. Then they sign it to evidence that they looked at it. Reconciliation controls are really accounting controls. They give comfort that the entries in the accounting system are grounded in facts verifiable from external evidence. Proper reconciliation and review controls make fraud very difficult.

So the simplest reconciliation control is the bank reconciliation. Any person with any experience in finance, from your bookkeeper to your FD, will tell you that this is the most fundamental. In it you are showing that the bank balance showing in your accounts reconciles to your actual bank statement balance. It probably won't agree to your statement, because you may have written a cheque that has been recorded as a payment but not presented by the payee yet. That's why we say that it "reconciles". Reconciling items are adjustments that need to be made to show that the accounts reconcile to the external evidence. If those reconciling items don't make sense, perhaps because they are too old, then something may be going wrong and further investigation is required.

You can do a reconciliation wherever you have external evidence. So the bank reconciliation relates to the bank statement. You can also do supplier statement reconciliations to give comfort that all purchase invoice entries and supplier payment entries in your accounting system are correct.

Fallacy number 3 - it's something to leave to my FD and my auditor. Your auditor may check up on internal control once a year in order to get comfort that they can sign off their audit opinion on your accounts. Your FD (if you have one) is probably the one to whom you have delegated the worry about it.

But internal control, legally, is the responsibility of all directors - with joint and several liability. So it is something to work together on, supporting each other.

The thing about internal control is that it is restrictive. It says to your employees that they have to go through certain hoops before they are allowed to do things, or they have to put a signature on something to say they've done something, or they have to do things a certain way. In a lot of cases, though, employees just want to fulfil their main objective - to make the sale, to finish the batch quickly, to stock the shelves, or whatever. They heave a huge sigh, knowing that Finance has said they have to count, sign, go and get a manager, etc. They may rebel because they can't see the purpose.

I have seen businesses lose lots of money because the directors left Finance isolated in those situations. They didn't see control as a collective responsibility, and they shunted the control issues to the bottom of the management team agenda (which they hardly ever got to).

Conclusion: Internal control is important. I would encourage you to think about what procedures you need to put in place to protect your business assets and cash, and to make sure that all your information is accurate. Listen to the advice of your auditor, accountant and bookkeeper. As the business gets bigger and you delegate more and more authority, the more structured you will need to be.

But please don't write off the issue as boring, otherwise your business will pay eventually.

---

If you want to talk to us, we're quite happy to give you a call to talk more about your business and the challenges you face. And you may be eligible for a free Finance Strategy Review session. To set that up either email us at enquiries@charisfd.com, remembering to leave your phone number and email address; or go to our website and complete the contact form.

Thanks again for subscribing to Creative Finance & Management. We hope you find it helpful.

© Charis Business Consulting Limited 2009