When launching and managing a business, there are various priorities for entrepreneurs to balance – and of course, business survival is the first. Providing a suitable bank account is set up and a decent small business banking team is in place to manage it (usually at the bank itself rather than within the enterprise), it is easy to overlook the process of creating internal control procedures for finances, instead leaving the oversight to the experts.
However, even if a business doesn’t have a designated accounting specialist in-house, the use of internal controls is imperative for safe, competent and ethical financial management.
A popular misconception around internal controls and procedures managing business finances is that they don’t need to be implemented and managed until a company is publicly listed – but in fact, it is beneficial for businesses of all sizes to ensure their in-house finances are in ship-shape without relying on external parties (i.e. the bank) to do this for them. In several high-profile cases, this has proven to be not just beneficial, but business critical.
Internal controls of business finances can be as extensive or basic as a company wants or needs, but there are some foundation areas that all should cover. These include (but are by no means limited to):
Ensuring that responsibility is separated amongst individuals to protect all parties, as well as to prevent and detect errors, irregularities or issues.
Making sure that every transaction made is properly verified and authorised by the correct party in-house, in keeping with internal guidelines.
Ensuring that every financial activity has a paper trail and can be audited. This protects the business’ assets and gives clear indication of how and why activities are undertaken.
Procedures and policies are followed to best meet business objectives. This avoids invalid, unnecessary and excessive transactions or purchases and can provide legal and governance compliance.
Checking the validity of financial records; balancing the books before they’re transferred externally and giving a good overview of business performance.
The finances of a business can cover everything from staff expenses and petty cash right through to large procurement, reinsurance, and credit agreements both in and out of the company. While of course there are third-parties and external software providers that can make such everyday financial management easier for all involved, there must also be an internal onus on such management as a security measure.
Arguably, SMEs are more at risk of fraud as those looking to commit fraud know they can be targeted easier than larger corporations. Indeed, experts warn that not implementing at least basic internal controls for finances is like ‘leaving the door open’ for fraudsters to enter, putting businesses at risk of not just crime from external sources but also employees. What’s more, a lack of decent internal control procedures could mean that should the business fall victim to crime, it may not be recognised right away.
The lack of oversight that a lack of internal controls creates also puts the business at risk of ignorance as to their own finances. A business owner will be unable to identify issues and will never know if their financial information is complete, accurate or reliable. Efficient and optimised internal controls around finances can help prevent errors occurring, but also can aid in the early detection of any potential problems to minimise their impact.
One high-profile example of internal control procedures’ critical nature to business security is at one of the world’s largest banks, RBS. RBS were fined £450,000 by authorities in 2014 when it emerged that their lack of careful internal control procedures allowed one of their own staff to hide losses worth tens of millions of pounds. An employee within the Emerging Markets team was able to enter and amend records within the internal controls system to cover up numerous failings. It’s unlikely that many small businesses would able to field a hit of £450,000 as RBS did, but this pales in comparison to a similar fraud just 7 years prior, when a rogue trader at Société General walked away with the equivalent of £3.6bn, covering his tracks easily due to the outdated internal controls for finance that the bank had in place.
It is noticeable that both of the above examples involve employee fraud and, of course, no business hires a workforce expecting such betrayal. The implementation of internal control procedures safeguards employees as well as employers – creating a transparent environment of operations and clearly outlining roles, responsibilities, and actions.
There are numerous reasons why businesses don’t have internal controls for their financial activity in place. In a busy and ever-changing social, political and financial climate, small and medium businesses certainly have a lot on their plates. With senior management working constantly on strategic issues, tactical market approaches and business development; all alongside ‘business as usual’ work; time is often scarce. Indeed, anyone working on, in or for an SME will understand that a lack of resources is commonplace; business survival and often ‘just getting by’ takes priority. Yet the risks of not having adequate protection in place from internal control procedures are clearly not understood, as it is obvious to those who are ‘in the know’ that the implementation of controls are business critical.
Even if the inordinate risks of not having internal control procedures in place are recognised by the business, it is understandable that the time, complexity and resources involved in setting up such systems is the stalling point for many.
It is easy to lay blame on one area of a business or another for not having set up internal financial controls from the company’s inception, but it is no glaring abnormality in the world of smaller enterprise – but rather, sadly, a norm that must be challenged and overcome.
With rumours of the UK legal requirements surrounding internal controls and assessments having long circled, even industry giants Grant Thornton now agree that theDepartment for Business, Energy and Industry Standards (BEIS) are likely to propose further audit reform; and this could see some businesses err on the side of caution; avoiding implementing proper controls until they are sure of the implications and new requirements.
Implementing internal controls is no small job and should be carried out with a meticulous – and well qualified – eye. Where policies are already in place, they should be reviewed regularly, and once policies and procedures are created, they must be implemented and all relevant parties trained on them. As part of this, management needs to be able to ensure that the necessary controls are being followed at all times.
All current accounts, outgoings and incomings, financial management systems and credit options must be understood, as well as forecasts for expected and hoped business growth. Unless a company is planning to operate stagnantly, the financial picture will change over time, and so systems and protocol implemented must allow for adaptation to developments and pivots, whilst still remaining legally compliant (and ideally, compliant with best practice measures too).
Yet of course, as above, it is well known that many business owners simply don’t have the time, resources, expertise or inclination to implement proper internal controls, so it simply doesn’t get done. While a business may be able to survive short-term without such internal protocol in place, it is absolutely imperative for its wellbeing and growth opportunities that these are set up and managed properly as soon as possible.
Realistically, unless a business has an existing member of staff with a great degree of financial expertise and a lot of time on their hands, the creation and implementation of internal control procedures may be something they have to hire a new employee externally for. However, financial experts of this gravitas and level don’t come cheap, and realistically, an SME may simply not require the full-time services of a financial manager.
This is where Finance Equation Ltd bridges the gap between specialist staff and small enterprise. Offering their pool of the UK’s leading Financial Directors as part-time hires allows smaller businesses to reap the benefits of a competent and experienced financially-aware mind to join their team and shape their firm without the associated excessive wage bill.
Having already worked in and for businesses of all shapes and sizes, a part-time Financial Director will not just be able to guide and advise on internal controls for business finances, but also to create and implement them alongside consistent and efficient reviewing measures. Their varied experience allows for internal controls to be moulded to fit a business’ idiosyncrasies, goals and ongoing development, whilst ensuring all safeguards and necessary legal requirements are in place.
What’s more, the external hire of a fresh mind to the firm can bring it with new perspectives, ideas and networking opportunities – allowing existing business leaders to focus on the survival and growth that so desperately needs their ongoing attention. With the financial foundations laid, protected and reinforced, the business can go on to build and flourish upon them.