Each such byte focuses on a functional issue startups need to solve as they build their company, from idea to scale. In this edition, we speak about internal controls.
Having observed a number of companies across the financial services spectrum, and also diverse SMEs cutting through industries and business models (manufacturing / services / hybrid), we present here a Quick Five on the sine qua non of Internal Controls and Systems – irrespective of your scale or vintage (in fact, all the more reason for you to get about putting these in order the younger or smaller you are… wet clay is easiest to mould!):
The key to sustaining and growing your business is to successfully transition from people-driven processes to principles-oriented functioning. And the cog in this wheel is physically or virtually recording every transaction, every process converting into a revenue or cost item. However small the value of such transactions be, being about recording all matters concerning elements like cash, sales & receivables, vendor functions and human resources is critical. This not only drives responsible behaviour across all levels of employees, but also pushes you to standardise the record-taking action through creation of SOPs and the ilk – in turn, helping to manage change faster.
You can, of course, follow the 80:20 rule to determine which aspects to start documenting first (and to what detail) based on your identification of productivity drivers. But the general idea is you reach a stage where a close-to 100% coverage is achieved around the recording as well as the instructions on recording. And do not forget to give access to these expectations to the people responsible for action – supplemented with necessary coaching – so that the loop of responsible behaviour is closed.
If you operate out of several branches or have multiple touchpoints on transaction closure despite centralised operations, this one is for you. You can never err on the side of caution having at least two pairs of eyes validating every record – preferably, independently. Throw in different reporting lines and incentive structures into this mechanism, and you have the perfect potpourri to ensure a well-oiled control over your business. Not only does this minimise chances of error or fraud at place of incidence, but also facilitates fungibility of duties within a process. And yes, the principle is equally valid even if you are using technology to capture data or record transactions – with the Checker probably taking recourse to sample checks but doing it nonetheless! This way, you know how accurately and intuitively your automation is working.
If you keep an eye on things, you know when they go wrong – before the world discovers it. If you keep two pairs of eyes on things, you know how reliable things are – before a stakeholder (read, potential funder) flags it for you.
You are only as good as your recourse to free cash. And the first check to plug leakages is to ensure minimal lags between a transaction taking place, and it is reflecting in your accounting software. The longer this gap, be sure that the Scythe of the Fraudster is soon going to cause the death of your operations; perhaps, of your business too in the long run. As a small or young institution, it is fine to not have a core ERP coalescing your operations and accounting seamlessly. As any institution, it is not fine to have weeks go by without being able to comprehensively push your company’s income statement and balance sheet of the previous month to your stakeholders. Why the balance sheet too? Because that is what determines the sustenance of the operating numbers you report… the funding sources and assets you are using for your core business.
Be unable to churn this basic output for your stakeholders, and lose precious brownie points you could have accrued out of enhanced transparency and improved confidence they could have had in the integrity of your systems.
If you have ever had to make a 5-minute sales pitch, you know the value of presenting in a coherent, sequential yet crisp manner every possible important data! Easy to wrap up the ask in a few words here, but what it implies is you must invest in some form of MIS to not only assist the data-cleaning and sorting job, but also go a step further in helping with presentable tools. Based on the complexity or scale of your business, you may choose to start with the versatile MS-Excel or jump right into more networked resources, but what each of these tools does is provide means to disseminate data in context! Do not underestimate its worth; see that user access and authorisation rules are well thought through, to retain the relevance of data access and minimise errors / frauds. Dedicate some resources to meaningfully – and periodically – share snippets of performance (across business, audit, risk, supply chain and every other function) with the management and Board.
If you have gotten into the habit of synopsizing your data for internal consumption, sales pitches are a catwalk.
Now that you have made data capture and presentation your DNA, you have your internal control framework fitted to a T! But if you want to be able to separate the weeds of inefficiency from the crop of rigour, regularly harvest your system and allow it to ‘lie fallow’. While regulation and competitive landscapes do force a company to work towards process efficiencies, such reactive measures often fructify too late in the day to really contribute to cutting-edge, secure business. Let the introspection element be built into your system: simple acts like process/transaction walk-throughs, review of audit journal entries, etc. can work beautifully in monitoring the effectiveness of control measures.
In addition, if there are annual or biennial pauses that you can plan in your functional domains, you may just come up with trajectory-changing revelations. Agreed, everyone may not be game for stopping entire chains of business from running. But small taskforces focused on playing the devil’s advocate and dissecting existing norms on an ongoing basis do not harm operations! Try it out.
Internal Controls are only as strong as you want them to be. They are only as responsive as you structure them to be. And they always require a tough stand to be taken by the management to effectively transpire. Decide what are the arteries of your business; start with building your internal controls framework to support them. This itself will be half the battle won.
Start early is the key lesson here. Let us know if you have questions or feedback. Reach out to us on info@caspian.in.