top of page

Internal controls


These are the policies and procedures companies use to protect assets, improve operating efficiency and ensure reliable financial statements. A strong system of internal controls, including fraud training programs and whistleblower hotlines, is a company's first line of defense against fraud. Other examples of internal controls that minimize fraud risks include:

  • Restricted access to physical assets, including locks, passwords,   electronic   surveillance   and  security systems. 

  • Formal job descriptions,  codes of conduct and employee manuals

  • Mandatory vacation and job rotation policies

  • Segregation   of duties,   such   as   record  keeping, authorization and custody over assets

  • Duplicate signatures on checks above a preset dollar amount

  • Monthly bank reconciliations and physical inventory counts


  • Background and reference checks on prospective job candidates

  • Have bank and credit card statements mailed or emailed to owner.  Owner then provides statements to bookkeeper (if bookkeeper reconciles the statements) 

  • Annual (or surprise) audits conducted by owners, internal auditors or a CPA firm.


Internal controls can be intentionally circumvented and thus are less effective if managers override the system or become lax in supervising subordinates. These loopholes undermine a company's efforts to detect and prevent fraud

bottom of page