Accounting Internal Control Review

Accounting controls are designed to help ensure safeguarding of assets and reliability of financial records. Accounting controls also directly affect the transactions recorded in an accounting system. Accounting controls may be divided into two subcategories: general controls and application controls. Examples of general controls include computer access, backups, and security. Application controls are those that relate to a specific module of the accounting system. For example, when entering accounts payable invoices into an accounting software application, an application control would “validate” the invoice number field to help ensure that the invoice has not already been entered into the system. Many small businesses use off-the-shelf accounting software, such as Microsoft® Office Small Business Accounting 2006, which we will use for our examples of application controls.

Every small business owner should be constantly aware of important numbers that can be used to run their business. Many accounting solutions provide a digital dashboard as a one-stop snapshot of the business’s financial health. In Figure 1, Office Small Business Accounting 2006 provides summary reminders (things that need to get done) such as Vendors to Pay Today, Overdue Customer Accounts, and Cash Flow

While having strong internal controls procedures in place might be considered a requirement for medium and large businesses, it is no less important for small businesses. According to the 2004 Report to the Nation, issued by the Association of Certified Fraud Examiners (, 48 percent of theft and fraud occurred in small businesses with fewer than 100 employees. The median loss was US$98,000. Thirty-three percent of all fraud involved billing schemes, and 33 percent involved check tampering. Overall, nearly 93 percent of all frauds were related to asset misappropriation. With these kinds of numbers, don’t you think small business owners should begin thinking more about internal controls?

The greatest hindrance to small business owners around achieving effective internal controls includes limited resources and time pressures that often force owners and managers into “putting out the hottest fire” and leaving little time for planning. However, in the absence of clearly defined entity objectives, the effectiveness of internal controls will be greatly limited. Accordingly, as a prerequisite for effective internal controls, it is incumbent on small business owners and key managers to clearly identify those objectives that warrant investment of company resources. Only after these objectives have been defined and documented can effective internal controls be developed to mitigate risks.