In a world consumed with data breaches, privacy policies and GDPR, it can be easy for you to feel slightly out of your depth when it comes to business risks and putting internal controls in place. While small businesses may face similar business risks to the big hitters, they tend to be a little bit more vulnerable as they don’t have the dedicated compliance personnel.
This is why you should get to grips with creating foolproof strategies, and putting controls in place to use throughout your business, mitigating potential risks. By doing so, you can deter, detect and prevent those pesky disasters from happening! So what controls have you got in place to protect you from risks? None? TBC? That’s okay, we’re here to give you the top 5 small business risks and how to mitigate them.
So What are Internal Controls?
They’re basically the policies you put in place to prevent risks!
Identifying the most appropriate controls for your business is paramount. The controls are put in place, firstly, in order to safeguard the assets of your business. Secondly, to prevent and detect fraud. And finally, to safeguard the investment of your shareholders or yourself as owner. As you can probably pick up on a key theme here – they are designed to minimise risk and tend to include procedures such as:
Segregating duties/tasks to specific employees
Storing key assets in a safe facility which is locked and protected.
Setting up passwords and protecting computer systems with security processes and security software.
Backing up your data regularly or using secure cloud storage.
Performing regular checks (reconciliations) on your petty cash, bank accounts and accounting records.
If you’re thinking, where do I even begin? Well, don’t worry, because we’re going to break down the steps your business can take to prevent any disasters. But first and foremost, to begin we need to properly decide which controls will be the most beneficial to your company. So get your notebook at the ready!
1.0. Segregation of Duties
Basically, this means that no one person has sole control over a transaction. You simply segregate…your duties. So get your team involved! Make sure that your employees all have separate tasks/responsibilities.
Because if you separate tasks and assign these to certain employees then this ensures that mistakes, intentional or unintentional, can be detected before it happens or can help identify the person responsible if it is fraud! Proper segregation of duties will ensure that different people will be responsible for creating payments, authorising payments, recording what’s coming in and out of your account, maintaining custody of assets and checking account balances. If a single person is responsible for all of these tasks, then they could be in a position to conceal fraud or even do a runner – and that’s something none of us would want, right?
It’s also important to segregate your accounts! If you learn anything from this post, it’s this: please keep your business and personal finances separate. Doing so will make all transactions super clear to HMRC and your accountants!
As a Limited Company this must be a business bank account. As a sole trader, it can just be another account to show the inflow and output of your transactions, saving you the trouble of having to explain a merged account to HMRC, where you’d then have to justify each individual transaction including the personal ones. Similarly, if your clients decide to pay you in cash instead of a card or bank transfer, make sure that you bank this on a daily basis or every few days so that it’s not lying around to get misplaced. Is your business insured to hold cash at your place of work or home? Should it be in a safe? Don’t put yourself in a position of risk.
2.0. Petty Cash
As you may already be aware, petty cash is a system that keeps track of all of your small and miscellaneous business purchases made with cash. Sometimes these can be forgotten and often go unrecorded in your bookkeeping software. So where do internal controls come in? Well, a proper functioning petty cash system includes internal controls to ensure that all of your receipts and expenses are recorded and that the total remaining balance match with the amount remaining in the fund!
It could be a good idea to think about your tracking process. Do you currently document and keep track of your petty cash? Keeping on top of your transactions and recording every sum of cash entering and leaving your pot will stop you from adding unnecessary money, doing it this way will allow you to see how much is left and you can simply replenish whenever it starts to get low. Remember to include the date of the transaction and the vendor, and then recalculate your petty cash total by adding or subtracting the relevant amount.
Lock the box (but don’t throw away the key!)
Petty cash is not a free-for-all. You need to know where, who, and for what purpose, the petty cash is being used for. You wouldn’t leave cash in a till unsupervised, and the same applies to your petty cash! So, ensure you have internal controls in place such as locking the cash away and only allowing access to a limited number of employees. Place the cash in a locked cabinet, drawer or even better yet, a safe! If you’re feeling extra vigilant then feel free to review who has access to this quarterly, and review your process. If you are spending lots in cash transactions maybe it’s time to introduce business credit cards to your staff.
It’s a good idea to get into the habit of tracking your petty cash too so that you can monitor your financial outgoings, you can do this by downloading our petty cash template. While it might seem obvious, it’s always a good idea to document and create backups so let’s breakdown how to start backing up your data, if you don’t do so already.
3.0. Backing up and Securing Data
There are a plethora of ways that data can be lost. Accidents do happen, laptops become damaged or lost, employees leave and sometimes they just stop working! Sometimes your data may also be stolen.
Is your data valuable? Does GDPR affect you – are you keeping your data secure? As a small business, backing up data can sometimes be pushed down the priority list due to a lack of time, or resources already being stretched thin. However, the amount of time needed to implement an effective backup plan is minimal in comparison to the time it would take to recover all of your lost data if that is even possible to do!
How would your business look if you lost your records – could you even keep trading? Could you be in breach of GDPR rules? Could you be fined for loss of data under GDPR rules? A data backup plan has to be part of the standard operating procedure for a business of any size.
What is a 3-2-1 Back up Plan?
A 3-2-1 strategy basically means having at least 3 separate copies of your stuff! For example, you could have 2 copies which are held locally but on different devices, and at least 1 master copy which is locked away offsite or stored securely in the cloud. Whether you are backing up a Mac or a PC, having an onsite backup means you have instant access to your data, if your computer crashes.
If this was to happen, then you would easily be able to get the majority of your data back. Or, would be able to link your external hard drive with a different device in the meantime, to access your data quickly. So long as your external hard drive is fairly up to date, the risk of data loss is pretty small.
Having an onsite backup is great, but having an offsite backup is the key to a full 3-2-1- strategy. The problem with only having onsite backups is that having a backup near the device that it’s ‘backing up’, makes both copies more susceptible to the same type of data loss. For example, if you have a backup on an external hard drive which is kept on the same desk then a big flood comes along… both are wiped out entirely. We know this is an extreme case, and we don’t wish to be so doom and gloom but these things do occur, and they definitely aren’t planned for!
Everything seems all well and good right? Well, times are changing and at a rapid pace. So, it could be a good idea to get to grips with using cloud software to store data more efficiently. In today’s digital world cloud software can yield significant benefits as it allows unlimited storage.
Most of the software available is completely affordable with DropBox and Google Drive being free of charge at a basic rate. You can literally drag and drop your files in the cloud and access them with a few clicks. You can also easily share access to a particular cloud area or to a particular document e.g. sharing your Self Assessment data with your accountant.
What about my backups?
One of the biggest issues that business owners face is creating solid backups and controlling these so that the daily operations of your business don’t get tampered with. Instead of dreading the tedious task of backing up, cloud software simplifies this for you through automation. You simply choose the files that you want to backup, schedule a time and a date, and the cloud will take care of the rest.
Try to think of your files as investment capital. You want to limit your exposure should anything happen, by diversifying them. By opting in to cloud software, you are removing any physical or manual handling of your assets. Meaning, less management is needed, giving you more time to spend on achieving your business goals.
4.0. User Access & Rights
Within your business, you may have different employees within different areas such as finance, marketing, sales, HR etc. Having effective access processes is one of the most reliable ways to protect your data, business information, and property.
By limiting employee access to specific areas, this makes it easier to limit error and to maintain data privacy.
Protecting your data should be a top priority for business owners of all sizes. However, this type of protection doesn’t get the attention that it really needs. The consequences that business owners face are serious; Fraud, data theft, financial penalties under GDPR rules and not forgetting, angry clients. In 2018, 43% of businesses in the UK had fallen victim to cyber attacks or security breaches, costing each thousand of pounds.
The most common attacks involved fraudulent emails, scamming, impersonating employees, viruses and malware. Scared yet? Don’t be. As long as you implement your controls and remain vigilant you can mitigate many of the risks. In the digital age, the number of controls that you can implement online to your employees are extensive. For now, let’s breakdown the basics to get you going:
Antivirus Software: research the different software available and the ones which are the most compatible with your computer systems. To all of the Apple users out there, while MacBooks are generally more secure than Windows PCs, they aren’t immune. Business Insider claims that Macs are now more vulnerable to viruses and attack than even Windows PCs. Fear not, there is a full directory of antivirus software available – all free of charge!
Firewall Software: a small business has a rather large and mixed bag of internal controls to choose from. Firewall software should be one of the basics. There is numerous free software available at your fingertips.
Ensuring your employees have this on their computer systems should be a top priority.
Doing so will protect you from being attacked by keyboard warriors, hackers, glitches and theft whilst also allowing you to set up online rules.
5.0. Financial Data Entry
Without accurate financial data, it will be harder to make fully informed decisions. Remember when we talked earlier about documenting your petty cash? Well, the same applies to your full finances.
Standardising documents for each of your transactions such as invoices, receipts, and expenses, will create consistency over your bookkeeping. It’s super important to record this data entry, but you should also make sure that you are using cloud accounting software.
Platforms such as Quickbooks, Xero or other accounting software, which automatically has passwords and backs up your information on the cloud are probably the easiest to use, to begin with. So you’re covered if your computer decides to spontaneously retire.
Get to grips with Reconciliations – Bank Accounts and Petty Cash
We know it sounds daunting, but a reconciliation simply compares your receipts and expenses against your bank statement. You may already do this personally on your own bank account so it could feel familiar to you.
Starting bank balance + receipts – expenses = closing bank balance.
Does that agree to the amount on your statement for the same date? If you have bank transactions that you have not matched to your accounting software then it won’t agree. These items, if they are prior to the dates you are reconciling to, will be on your bank statement but not in your accounts records yet.
The same applies to reconcile your petty cash:
Does the amount match with how much cash you have left in your petty cash fund? If it all agrees then you have reconciled your account!
Differences which prevent you from reconciling your account may identify errors or discrepancies in your records. If you can’t identify these yourself then we are here to help and resolve them with you. Most commonly they will be outstanding items in your bank feed but sometimes other errors occur.
As your business develops (yes, we believe you’ve got this), further internal controls can be added to protect your business and make sure you are set to keep on growing while protecting the cash, assets and data of the business
The best approach in reducing risks is to oversee and review your processes; in other words, review documentation, understand your employee tasks, back up your data and implement the applicable controls. As a business owner, you set the tone and the processes. By doing so, you’ll save yourself a lot of time when it comes to reviewing your financial reports, allowing you to focus on achieving your ultimate business goals!