Safeguarding Assets With Internal Controls

Safeguarding a company’s assets involves implementing policies and procedures known as internal controls, designed to prevent loss, theft, or misuse. This framework focuses on ensuring the accuracy of financial records and maintaining operational stability. A well-designed system of internal controls provides reasonable assurance that a company’s resources are protected. The goal is to create an environment where assets are secure, financial information is reliable, and the business operates efficiently.

Core Principles of Internal Control

Effective asset protection is built on several principles that are applicable across all types of assets and business operations. These principles form a cohesive system that, when implemented together, reduces the risk of financial loss and operational disruption.

A principle is the segregation of duties, which involves dividing the responsibilities for a single process among different individuals. The objective is to ensure that no single person has control over an entire transaction from initiation to conclusion. For instance, the employee who approves purchase orders should not be the same person who receives the ordered goods or processes the payment. This separation of tasks creates a system of checks and balances, making it more difficult for fraudulent activities to occur undetected.

Another principle is the establishment of clear authorization and approval policies. This involves creating rules that dictate who has the authority to perform certain actions or approve transactions. These policies include setting defined spending limits for different levels of management and specifying who can grant access to sensitive assets. A common example is requiring a manager’s signature for any employee expense reimbursement exceeding a predetermined amount, which ensures that significant expenditures receive appropriate oversight.

Comprehensive documentation and record-keeping are also part of a strong internal control system. This principle emphasizes creating and maintaining a clear record of all business transactions and asset movements. Using pre-numbered documents, such as invoices and purchase orders, is a technique to ensure that all transactions are accounted for. This practice creates a verifiable audit trail, allowing for the review and verification of financial activities.

Implementing Controls for Monetary Assets

The principles of internal control are applied to the management of a company’s most liquid assets: cash, checks, and bank balances. For cash receipts, controls begin when a payment is received. Utilizing a cash register that produces a receipt for every transaction provides an initial record. Requiring that two employees are present to count and verify the daily cash totals before preparing a bank deposit slip adds another layer of security, and daily deposits limit the amount of cash held on-site.

For payments, or disbursements, strict controls prevent unauthorized use of funds. A common control is requiring dual signatures on checks exceeding a specific threshold, such as $5,000, to ensure large expenditures are reviewed by two authorized individuals. All vendor invoices should be approved to confirm goods or services were received before payment, and the use of pre-signed blank checks should be prohibited.

The bank reconciliation process is a detective control performed monthly. This procedure involves comparing the company’s internal cash records with the monthly bank statement to identify discrepancies, such as outstanding checks or bank errors. To maintain the integrity of this control, the reconciliation is performed by an employee who has no responsibilities related to cash handling, which is an application of the segregation of duties principle.

A petty cash fund requires formal controls. The fund should be kept in a locked box with access restricted to a designated custodian. To withdraw funds, an employee must submit an approved petty cash voucher detailing the expense. The remaining cash plus the sum of the vouchers should always equal the initial fund balance, and surprise counts can deter misuse.

Securing Inventory and Fixed Assets

Internal control principles extend beyond monetary assets to protect a company’s physical property, including inventory and fixed assets like equipment and vehicles. For inventory, a control is the implementation of a management system. A perpetual inventory system continuously updates inventory records for every purchase and sale, while a periodic system relies on physical counts to determine the inventory on hand.

Regardless of the inventory system used, conducting regular physical counts is a standard procedure. These counts involve physically counting every item in stock and comparing the results to the quantities listed in the accounting records. This reconciliation process helps identify discrepancies that could indicate theft or damage. The frequency of these counts can vary, with some companies performing them annually, while others with high-value inventory may conduct them quarterly or monthly.

For significant fixed assets, such as computers and company vehicles, asset tagging is a common control. This practice involves affixing a unique identification number or barcode to each asset and maintaining a detailed fixed asset register. This register should include information such as the asset’s description, purchase date, cost, and location. This creates a clear record of all company-owned assets, facilitating tracking and periodic verification.

Restricting physical access to areas where assets are stored is another control. Warehouses, supply closets, and server rooms should be kept locked, with access limited to authorized personnel only. In addition to physical security, establishing clear policies regarding the proper use of company assets is also important. These policies should outline the acceptable use of company equipment and vehicles, helping to prevent misuse and unauthorized personal use.

Protecting Digital and Intangible Assets

Safeguarding digital and intangible assets, such as customer data and intellectual property, is as important as securing physical assets. Access control and user permission settings are applied to protect this information. This involves creating individual user accounts and configuring systems so that each person can only access the data and applications necessary to perform their job. For example, a salesperson would have access to the customer relationship management (CRM) system but be restricted from accessing sensitive payroll systems.

A control for protecting digital information is a comprehensive data backup and recovery plan. This plan should include regular, automated backups of all important data, with copies stored in a secure, off-site location to protect against physical disasters. The recovery process must also be tested periodically to ensure that the backups are viable and that data can be restored in a timely manner after a system failure, cyberattack, or accidental deletion.

Implementing strong cybersecurity protocols is an aspect of protecting digital assets. These protocols include:

• Enforcing the use of complex passwords that are changed regularly.
• Implementing multi-factor authentication, which requires a second form of verification.
• Using firewalls to monitor and control incoming and outgoing network traffic.
• Providing regular security awareness training to help employees recognize threats like phishing and malware.