One underutilized accounting function that small businesses usually have never heard of is the internal audit function. While this article certainly will not be an scholarly treatise on the internal audit subject, we hope to provide a base of information for our small business audience to help them utilize these tools in their business practices.
What is internal audit?
According to the Institute of Internal Auditors, internal audit is a system geared to "provide independent assurance that an organisation's risk management, governance and internal control processes are operating effectively." The internal audit process involves businesses examining their internal operations in order to ensure operations are operating in an efficient manner, the risk of fraud and theft is limited to a very low degree, and functions are properly segmented in a business.
Typically, a small business will perform the internal audit function in the scope of three different performers:
1) The owner/owners performing internal audit processes. This may be the most practical option for most small businesses. Internal audit is a method of best management practices for owners to ensure their processes are operating efficiently and the opportunity for theft and fraud are kept to a low threshold.
2) Small business hiring an employee internal auditor. An internal auditor, properly speaking, would not be a member of the accounting department and would report directly to the owner/owners or an audit committee (of a larger business) if appropriate.
3) Contracting the internal audit function from an external firm. Accounting firms generally have CPAs (Certified Public Accountants) or CIAs (Certified Internal Auditors) on staff to assist clients with setting up an internal audit function or performing internal audit processes for a client.
5 Internal Audit Basics for the Small Business Owners
The following five items are some tips for small business owners to increase the optimization of their business practices:
1) Segregation of Duties: In its most basic form, the segregation of duties in a business should include the following three functions being performed by different employees: custody of assets (inventory, raw materials, etc.), approval of transactions affecting those assets (sales of inventory), and recording/reporting these transactions. If a business owner is not able to hire enough people to separate these functions, they should take a larger supervisory role in these processes to lower the chance of theft or fraud by an employee.
2) As your business grows, so should the amount of your written policies and procedures. As a part of the risk assessment for your business, you should discern which functions would benefit from written policies and procedures to reduce the risk of negative outcomes to the business. One of the first departments that should have written policies and procedures is the human resources department if your business is hiring employees.
3) Identify the risks to information and data loss. No matter what industry a small business is operating in, information and data are vital to its core operations. A business should have an ongoing assessment of the potential threats to their information and data. These threats could be the information being stolen or the data being lost. Investing in data security software and data backup systems are crucial to minimizing this potential loss.
4) Review your compliance policies and practices towards legal and tax laws and regulations. If a business is uncertain of all of its compliance requirements, it would be wise to contact an attorney or CPA to ensure they are meeting all of their requirements.
5) At a minimum, conduct an annual internal audit of all of your most important business and compliance objectives.
Cloonan & Associates, PC is widely versed in internal control development and effective internal audit performance. Please contact us if you are looking for more information on this business optimization process.