Most business owners would agree there are few things more important for a business than keeping its finances in order.
While owners juggle multiple responsibilities in running a business, it’s ultimately really all about the bottom line, isn’t it? Maintaining a profit is vital to your business, and management of your books is essential to the survival of the company. What is equally essential is taking steps to make sure you have the right controls in place to protect your business.
At Sassetti, our accountants and auditors are constantly examining the accounting records of both businesses and not-for-profits. We find that many accountants do a great job maintaining the books and helping to create budgets and forecasts. However, even in those cases, business owners, boards and management should still be cautious and aware of controls that can help reduce the risk of errors and fraud. The best CPAs can make mistakes. And dishonest accountants can cause serious harm to a business. Controls help mitigate both those risks.
Even the smallest organizations can take steps to ensure that there are checks and balances on the finances. Of particular concern should be the situation where you have one person managing all of your cash and bookkeeping, since there is little oversight. That person is likely to know those systems better than you do, and be able to conceal fraud if needed.
In these situations, we recommend implementing segregation of duties, if possible. The person accounting for customer payments should not be the same person recording vendor invoices. We also recommend that the person issuing vendor checks does not have check signing authority. Duties should be separated among employees who receive the cash, record the receipts, take the deposits to the bank and authorize write-offs. An employee should not perform more than one of these functions. Monthly bank reconciliations should be performed timely. We also recommend having the business owner, board member, or a member of management other than the accounting professional, obtain the bank statement with copies of cancelled checks in order to review and identify unusual vendors or transactions.
Reviewing key metrics, revenues, expense accounts, cash flows, variance reports, payroll summaries, and other data on a monthly basis may also help you identify problems and ask the right questions in a timely manner.
But what if you have good basic controls in place already? The next step would be to conduct a formal risk assessment. Think of all the ways your business or organization is, or can be, made vulnerable and identify ways that you can monitor and mitigate those risks. The analysis can start with fraud-related risks but should go beyond that and address matters like revenue concentrations, legal requirements, and changing social trends, among others. The task may seem daunting, but it is an integral part of creating a sound control environment.
As an additional benefit, having your finger on the pulse of your organization’s performance and related risks will also provide you with valuable information that you can use in key decision-making.