Every company is built on a foundation of internal controls. Companies witheffective and efficient internal controls are able to do more with fewer resources, obtain financing and build and maintain credibility with their partners easier. Businesses with poor internal controls open themselves up to numerous risks, including the unnecessary loss of resources, inaccurate financial statements, limited financing opportunities and even regulatory penalties.
At Smolin Lupin, we’ve helped businesses review, improve and maintain their internal controls for more than 60 years. We have an experienced and knowledgeable team of experts who are well versed in a wide variety of industries. That diverse set of knowledge allows us to speak your language and understand how your controls need to operate to meet your unique needs.
Contact us today to learn more about our services for internal controls evaluations. We would be happy to consult with you about your internal controls, their possible strengths and where you think they may need to be improved.
What are internal controls?
Simply put, internal controls are procedures and tools that your company puts in place to safeguard your resources and your business. They could be controls based on process, such as how duties are segregated or how documentation must be reviewed. They could also be physical controls, like video cameras or password-protected computers.
Ideally, controls should be part of a larger comprehensive strategy. Starting at the very top of the company, potential threats should be identified and controls should be implemented to protect against those threats. Each department should be given control objectives and those departments may need to come up with their own micro-level controls to meet those overarching goals.
Often, we find that companies don’t have comprehensive strategies. Rather, they have a series of one-off controls that have been put in place as a reaction to an earlier threat. There may have been a question about facility security, so cameras were installed. There could have been an incident involving work-hour manipulations, so time-in/time-out clocks were installed.
These kinds of reactive steps are good and it’s important to respond to threats. However, the point of internal controls is to proactively prevent threats from even occurring. That’s tough to do if you’re only retroactively implementing controls in response to a threat.
Our internal controls evaluations aim to identify threats before they happen. Once we’ve identified all possible threats, we recommend a series of controls to implement to manage or eliminate those threats. We review your internal controls to see where you’re sufficient and where you could benefit from improvement. We then help you implement the controls that have been identified as priority items.
How do we evaluate internal controls?
Our internal controls evaluations are meant to test the potential gaps in your system. We look for areas where the controls may be insufficient or are nonexistent. We sometimes fabricate a potential threat to see what would happen with your current system in place.
Some of the areas we may test include:
Segregation of Duties
This is especially important in your bookkeeping department and in any departments that handle cash, receivables and payables. It’s important to spread these functions out across multiple employees. If one individual employee owns this entire process, it’s possible that they could commit fraud and hide their own actions. When you segregate duties, that kind of threat lessens. We look to see how you segregate duties among various employees.
We look at how you rotate these functions through employees so they can spot-check each other’s work. We try to identify areas where individual employees have too much control or have the ability to hide their own mistakes or deception.
You probably authorize your employees to make purchases on things like office supplies, travel costs and other necessary business expenses. How do you authorize those expenditures? What verification process is in place to make sure the money was actually spent in the manner in which it’s presented?
We review your authorization and reimbursement processes to identify gaps. Perhaps you need another layer of review. Maybe you need better documentation of big-ticket items. Maybe an upgrade in software would close the loop. We recommend the best solutions and then help you implement them.
Where do your invoices, receipts, purchase orders and other important documents go once you’re done working with them? Are they scanned and kept in digital form? Or are they in paper form, locked away in a filing cabinet? If you needed to investigate a past transaction, would you be able to easily find the information you need?
Perhaps the most basic of all controls, physical security is also often the most important. Physical controls can include everything from security cameras to computer passwords to locks on your inventory closet.
We inspect these controls by digging into your process. We learn how you and your employees operate by watching security footage and even shadowing employees on the job. We then use that information to determine where there may be gaps in your system.
Do you keep a skeleton crew on third shift that can’t effectively monitor your inventory? Do employees leave their computers unprotected when they go on break? Are you missing cameras in key areas of your facility? These are the questions we seek to answer in our internal controls evaluations.
These four areas are just a sampling of some of the controls that we evaluate. Our goal in the evaluation is to make your business stronger, more secure and more successful. We’re more than just analysts; we’re your trusted partner, working hand-in-hand with you to grow your business.