On October 21, The Wall Street Journal ran an article titled, “Be Prepared for the Unexpected”. The article outlined a variety of steps that business should take to keep an unexpected event from turning into a disaster.
A few days later, Hurricane Sandy struck the East Coast with fury that we have not seen in a long time, leaving a path of death, injury, and destruction in its wake. For many business owners, the difference between rebuilding and closing is often decided based on recovery plans made long before calamity strikes. Is the data backed up on a regular basis, and stored remotely (or “on the cloud”)? Is there proper business interruption insurance in place? Have you thought through contingency plans?
Disasters come in many forms. There are the great big natural ones, like hurricanes and tornadoes. And there are the more business specific ones, like losing your computer records without having backed them up properly. Or a fire. Or employee theft. Either way, it can cause your business irreparable harm, and be something from which you do not recover.
Roughly 25% of small businesses fail to reopen after a major disaster, according to the Institute for Business & Home Safety.
But protecting your business from the unexpected does not necessarily require a great deal of time, money, or effort. It starts with written instructions describing how you business functions, who does what, a list of all your security passwords, and who your contacts are at key vendors. Throw in a robust program for backing up all your important data and computer records (and storing it offsite), and you are well on the way to recovery should the worst occur.
Business interruption insurance is another important feature of any disaster recovery plan. What happens if you can not reopen for days, or weeks?
In addition, you should thing about having enough cash on had to keep the business running for two to three months. While some new businesses may view this as a luxury, you need to have access to cash should sales dry up because of some unplanned problem.
Internal Control – Segregation of Duties
One of the basic objectives of good fiscal management is internal control. This is key in both the for-profit and not-for-profit world, where the board of directors has a fiduciary responsibly to ensure that the organization is run with proper controls and checks in place.
The proper segregation of duties, though basic, is by far the most potent tool that leadership has to prevent fraud and mistakes, as it ensure that errors or irregularities are prevented or detected on a timely basis by employees in the normal course of business.
Segregation of duties provides two benefits:
- A deliberate fraud is more difficult because it requires collusion of two or more persons; and
- It is much more likely that innocent errors will be found.
At the most basic level, segregation of duties means that no single individual should have control over two or more phases of a transaction or operation. Management should assign responsibilities to ensure a crosscheck of duties.
If a single person can carry out and conceal errors and/or irregularities in the course of performing their day-to-day activities, they have generally been assigned or allowed access to incompatible duties or responsibilities. Some examples of incompatible duties include:
|An Employee who…||Should not…|
|Opens mail and endorses checks||Handle cash receipts|
|Prepares a document||Approve that same document|
|Handles cash receipts||Endorse checks;
Maintain petty cash funds;
Receive deposit slips or corrections from bank
|Prepares bank deposits||Receive deposit slips or corrections from bank;
Verify cash receipts;
Maintain petty cash fund;
Perform audit function
|Distributes payroll checks||Prepare payroll input|
Segregation of duties can be broadly classified it into the four categories:
- Recordkeeping; and
In an ideal system, different employees would perform each of these four major functions. In other words, no one person should have control of two or more of these responsibilities. The more negotiable an asset, the greater the need for proper segregation of duties. This is especially true when dealing with cash, checks, and inventories.
Authorization is the process of reviewing and approving transactions or operations.
Some examples include:
- Verifying cash collections and daily balancing reports;
- Approving purchase requisitions or purchase orders;
- Approving time sheets, payroll certifications, leave requests, and cumulative leave records; and
- Approving change orders, computer system design, or programming changes.
Custody is the process of having access to, or control over, any physical asset such as cash, checks, equipment, supplies, or materials.
Some examples are:
- Access to any funds through the collection of funds or processing of payments;
- Access to safes, lock boxes, file cabinets, or other places where money, checks or other assets are stored;
- Custodian of a petty cash fund;
- Receiving any goods or services;
- Maintaining inventories; and
- Handling or distributing paychecks, limited purchase checks, or credit cards.
Recordkeeping is the process of creating and maintaining records of revenues, expenditures, inventories, and personnel transactions. These may be manual records or records maintained in computer systems.
Some examples are:
- Preparing cash receipt back-ups or billings, purchase requisitions, payroll certifications, and leave records;
- Entering charges or posting payments to accounts receivable system; and
- Maintaining inventory records.
Reconciliation is verifying the processing or recording of transactions to ensure that all transactions are valid, properly authorized and properly recorded on a timely basis. This includes following up on any differences or discrepancies identified.
Some examples are:
- Comparing billing documents to billing summaries;
- Comparing funds collected to accounts receivable postings;
- Comparing collections to deposits;
- Performing surprise counts of funds;
- Comparing payroll certifications to payroll summaries;
- Performing physical inventory counts;
- Comparing inventory changes to amounts purchased and sold; and
- Reconciling departmental records of revenue, expenditures and payroll transactions to management reports