What is segregation of duties and why is it important?

Segregation of duties (SoD) ensures that no single individual has control over all phases of a transaction - authorisation, recording, and custody. This reduces the risk of fraud and errors by requiring collusion between multiple people to circumvent controls. For example, the person who approves invoices should not be the same person who processes payments.

How often should internal controls be reviewed?

Internal controls should be reviewed at least annually as part of the audit process, but ongoing monitoring is recommended. Key controls should be tested regularly throughout the year. Reviews should also occur when there are significant changes to processes, systems, or organisational structure.

Do small businesses need formal internal controls?

Yes, though the formality and complexity should be proportionate to the business size and risk profile. Even small businesses benefit from basic controls like segregation of duties, authorisation limits, regular bank reconciliations, and documented procedures. As businesses grow, controls should be formalised and strengthened.

Book Free Assessment Calculator

Internal Controls

Also known as:business controlsfinancial controlsorganisational controls

The processes, policies, and procedures implemented by an organisation to ensure the integrity of financial and accounting information, promote accountability, and prevent fraud.

In-Depth Explanation

Internal controls are the mechanisms that organisations use to safeguard assets, ensure accurate financial reporting, promote operational efficiency, and encourage compliance with laws and regulations. They form a critical layer of business governance and risk management.

Categories of internal controls:

Preventive controls: Stop errors or irregularities before they occur (approvals, segregation of duties, access controls)
Detective controls: Identify errors or irregularities after they occur (reconciliations, audits, exception reports)
Corrective controls: Fix issues once detected (error correction procedures, policy updates)

The COSO Internal Control Framework components:

Control environment: Organisation's culture and attitude toward controls
Risk assessment: Identifying and analysing risks to objectives
Control activities: Policies and procedures that address risks
Information and communication: Ensuring relevant information flows appropriately
Monitoring: Ongoing evaluation of control effectiveness

Common internal control activities:

Segregation of duties: No single person controls all aspects of a transaction
Authorisation levels: Defined approval thresholds for expenditure and commitments
Reconciliations: Regular matching of records to identify discrepancies
Physical controls: Securing assets, inventory counts, and access restrictions
IT controls: System access management, change management, and backup procedures
Documentation: Maintaining policies, procedures, and transaction records

Business Context

Effective internal controls reduce the risk of fraud, errors, and compliance failures while providing management and stakeholders with confidence in financial reporting and operational integrity.

How Clever Ops Uses This

Clever Ops implements automated internal control systems for Australian businesses, including approval workflows with defined authority levels, automated reconciliation processes, segregation of duties enforcement, and real-time exception monitoring that alerts management to control breaches.

Example Use Case

"A business implements automated three-way matching for purchase orders, goods receipts, and invoices, with exception alerts for discrepancies above tolerance thresholds."