4 Critical Reasons Startups and Smaller Organizations Need Internal Control
I often hear from practitioners that many of their small business and startup clients lack an adequate and effective system of internal control. In fact, the Association of Certified Fraud Examiners’ recent Report of the Nations on Occupational Fraud and Abuse found that small organizations implemented anti-fraud controls much more sparingly than larger organizations. Additionally, the report found that the median loss incurred by small and large organizations due to fraud was the same, but that the impact on smaller organizations was much greater due to their smaller size. Since small companies such as startups are often hit hardest by fraud, it is critical that they develop adequate anti-fraud controls at their organizations. Outlined below are a few of the many significant benefits of a strong internal control system.
- Internal control can help prevent fraud. Of all the advantages, implementing anti-fraud measures is among the most important steps for startups and other small organizations. The typical organization is estimated to lose 5% of revenues annually to fraud, according to the Association of Certified Fraud Examiners’ Report of the Nations on Occupational Fraud and Abuse. The median loss for frauds covered in the study was $150,000. At the same time, undetected issues in processes can mean product losses or lead to product errors. Proper internal controls can prevent fraud from happening or raise red flags when it does. They can also help spot unintended errors that may have costly consequences down the line or simply reduce efficiency.
- Internal control can protect your reputation. Organizations with strong reputations that are known for quality operations and products or services benefit in many ways, including enhanced customer and employee loyalty and higher brand equity, to name just a few. Conversely, those that experience embarrassing internal thefts, recalls or legal or regulatory compliance issues can suffer from sales and market declines and other consequences. Preventive controls head off these and similar problems before they occur, while controls designed to detect issues can spotlight where problems are happening.
- Internal control is good for profits. Suitable internal control helps ensure that processes are performed correctly, and if they’re done right the first time, there’s no need to repeat them or address the problems caused when they failed initially. Greater efficiency and productivity inevitably lead to higher profits, as does the chance to spot and address quality issues throughout a company’s processes.
- Internal control helps business owners and managers understand where they stand. Internal control is a process that management uses to design and operate controls to provide reasonable assurance that their identified objectives will be met. When those objectives are met, the organizations have greater assurance that they can rely on their financial reporting for a fair picture of how their business is performing. Without that internal control process supporting their financial reporting, they will also be less likely to spot threats and weaknesses within their organizations, identify and harness opportunities and feel confident they have the information they need for successful strategic planning.
Internal control is at the center of the work of Committee of Sponsoring Organizations (COSO), an organization that, among other things, develops frameworks and guidance on enterprise risk management, internal control and fraud deterrence. You can find the COSO Internal Control—Integrated Framework and numerous other tools in the guidance section of COSO’s website. You may be interested in the COSO’s Fraud Risk Management Guide, that recommends ways governing boards, senior management, staff at all levels and internal auditors can deter fraud in their organizations. You can also review a free executive summary.
The AICPA Enhancing Audit Quality initiative also offers a variety of tools that can help improve audit performance, which includes a consideration of an organization’s internal control. In addition, the AICPA COSO Internal Control certificate program, consisting of self-paced learning and live interactive training, can help organizations and individuals reinforce their knowledge in this important area.
Chuck Landes, Vice President- Professional Standards and Services, American Institute of CPAs.
Employees at startup image courtesy of Shutterstock