Risk Management on a Budget (Part 2)

Blog
September 4, 2012

Internal financial management threats can be difficult to predict since it is employees who could be be presenting a risk to the company.  Job rotation, flexible work schedule, and mandatory vacations can also reduce the cost of risk for employee-based losses.

Internal controls and processes can fill in gaps that could have been circumvented by employees.  Dual controls and separation of duties, when possible, should be a part of every accounting/finance function. These controls add marginal time to processing but increase data quality and reduce potential for loss.  Internal controls and procedures should be reviewed by all members of the finance department to ensure all team members buy-in and are aware of why the controls are in place.  Employees are more likely to follow procedures if they know why they exist.  With internal controls in place, management should perform random audits of the system to ensure procedures are being followed.

Business systems should be locked down in a similar manner.  An employee should only have access to system modules or screens that they need to perform their job duties.  There can be some flexibility here in environments with job rotation, but system accessibility should be enabled on a need-to-know  basis.  For those with full access, additional care should be taken to log off of the system when it is not in use, and to ensure the users lock their screens when leaving their desk (a practice all employees should have).  Financial reports should not be left in areas where others can see, especially in areas where visitors may frequent.  Check stock and banking information should also be kept in safes or other locked areas, and inventory should be kept to ensure no gaps in check number sequence.

A company can never be too safe keeping financial data private and secure.

See our posting on May 10, 2012 for Part 1.

Aaron Solar is a Senior Technical Consultant for Aronson Systems, and has served as VP of Technology for the Armed Forces Communications & Electronics Association (AFCEA), Central Maryland chapter, for three years.