Establishing internal controls in your accounting department is one of the most important aspects of running a business.

What exactly are internal controls?

Essentially, these are policies and procedures that ensure the accuracy and reliability of your accounting process. Without internal bookkeeping controls, you won’t be able to make sound financial decisions and your reports may have errors.

However, a large percentage of small business owners don’t have proper internal controls in place. They wait until the process becomes inefficient or they find themselves in a financial crisis before making any changes. That’s a big mistake.

The idea here is to set up internal controls that are scalable from the beginning. So as your business grows, you won’t be overwhelmed if you stick to the system.

Regardless of the age of your business or your current financial situation, I’ll explain how you can establish internal bookkeeping controls.

We can break these down into seven steps. Following this guide will help you prevent fraud. You’ll also be able to limit and identify accounting errors quickly and efficiently.

1. Prepare an Official Manual

The first thing you need to do is create a written accounting policy that outlines all your internal controls.

One of the most important sections of this manual will be the separation of duties. In short, this explains everyone’s roles and responsibilities for things like deposits, reports, audits, and bookkeeping.

Even if you have a startup or a small business, tasks still must be divided in a way that limits each employee from committing fraudulent acts.

For example, the employee who is responsible for accounts receivable statements shouldn’t be able to make changes to the sales log.

If you’re not sure how to delegate tasks, you can contact us for help. The CFOs here at Navitance write these policies for our clients.

2. Prepare a WISP

WISP stands for “Written Information Security Program.”

It’s required in the state of Massachusetts under 201 CMR 17.00, which was enacted back in 2009. The purpose of a WISP is to protect the identities and personal information of both customers and employees.

To be compliant your plan must meet the minimum standards of 201 CMR 17.

Make sure you review all the computer system requirements for your WISP as well. You can use the 201 CMR 17.00 Compliance Checklist issued by the Commonwealth of Massachusetts to help you with this process.

Some of the wording can be a little tricky. If you’re having any trouble or need some help, writing WISPs one of the services we offer our clients.

3. Perform Regular Audits

Don’t let the word audit intimidate you. I’m not talking about a bank or IRS audit for the last three years of your financial records.

I’m referring to a checks and balances system, which would be outlined in the official policy that we talked about earlier.

If you’re using an in-house bookkeeper, you should have an outside accountant review all your bank statements. They will look for any anomalies and inconsistencies.

Furthermore, you can conduct a physical audit of assets in your accounting system like cash, inventory, and materials.

Cash audits can be done daily, or even multiple times per day, depending on the type of business you have. On the other hand, inventory audits wouldn’t be as frequent. You could do this on a quarterly or annual basis.

4. Restrict Bank Access

Whether you’re using an internal bookkeeper or outside accountant, you need to make sure that they have limited access to your bank accounts.

Small business owners put a lot of trust in their employees. But I’ve seen so many instances where this trust gets abused.

There is no reason for you to take any chances when it comes to your finances. You might have an employee that makes deposits for you at the bank. This person cannot have full access to your account or make any withdrawals.

Set your bank access to read-only so funds cannot be moved.

5. Standardize Your Financial Documents and Procedures

It’s imperative that you have a standardized procedure for all your transactions. Set a process for invoicing, inventory receipts, travel expense reports, and everything else.

Establishing these standards now will keep your records consistent as you scale. This makes it less likely for things to be overlooked. It will be glaringly obvious if something is missing or done incorrectly.

For example, you should always obtain signed W9s from all new vendors PRIOR to the first payment being sent.

Months down the road you don’t want to ask, “Did we ever get a W9 from that vendor?” If you have a standardized procedure, you know the answer would be yes, since you wouldn’t issue payment without it.

6. Set Signature Authority Guidelines

I highly recommend setting a policy for certain amounts requiring dual signatures.

This will be for checks, wires and ACH transfers.

Implementing this policy will reduce the chances of fraud. You don’t necessarily need to require this for all checks, but you have the right to set this up for any amount.

With that said, the standard dual signature authority is usually $10,000 or more.

7. Protect Your Information

Earlier we discussed a WISP, which is put in place to protect the personal information of your customers and employees. You also need to make sure that your own information is secure.

Never share your logins for personal or company bank accounts with anyone. This ties back to restricting bank access; another one of our previous talking points.

Everything you do for online banking should be kept to yourself.

For digital accounting systems and POS software, each employee should have their own individual login. This will keep everyone accountable for their actions, and activities will appear on an audit log.

Make sure you stress the importance of keeping their passwords private. If everyone is using the same login, there is no accountability, which could lead to theft or fraud.


Every business needs to set up internal bookkeeping controls. As your business grows, your processes and principles will stay in place.

So, follow the steps that I’ve outlined above to ensure that your accounting controls are scalable.

For those of you who don’t have the time or resources to manage your accounting department, you might want to consider our outsourced bookkeeping services.

We can help you prepare a policy and make sure you’re compliant with state regulations as well.