lisa-sherman-doeren-mayhew-cpas

Lisa Sherman, CPA – Director of Accounting Outsourcing Services

As you scale your business, your focus is primarily on new growth opportunities, building your brand and executing your business strategy. After a while, keeping track of all the day-to-day business operations gets tedious. Without a system of checks and balances in place, there could be significant losses for your business financials. 

According to the Association of Certified Fraud Examiners (ACFE) 2020 Report to the Nations, a lack of internal controls is the primary weakness contributing to fraud. The report also states small businesses are at the highest risk because they generally have fewer anti-fraud controls in place, making them more vulnerable (to losses as great as $200,000 annually). 

Internal controls allow for more risk management and accuracy in your financial reports, preventing various fraud attempts and encouraging accountability. 

Sage Intacct, a cloud-based financial management solution, uses the following five elements to strengthen internal controls and increase their effectiveness:

1. Login Security

With airtight data security, your business is protected from data breaches and unauthorized access to sensitive financial information. Sage Intacct’s login process is secure, with the measures in place to protect your business. To name a few, they include: 

  • IP Address Restrictions 
  • Session Timeouts 
  • Minimum Password Length 
  • Password Expirations 
  • Single Sign-On 

2. User Permissions

Create role-based and user-based permissions within Sage Intacct to give employees access to only the resources they need. User permissions allow businesses to build out their system and implement more efficient workflows and custom dashboards. User permissions help to increase your operational efficiency and limit the access of certain modules to specific users.

3. Segregate Duties

Segregating financial duties is a key principle of good internal controls and a requirement of SOX compliance. Designating steps of your workflow to different employees (maintained by user permissions) will prevent the same employee from completing an entire multi-step process on their own —substantially minimizing fraud.

4. Approvals Processes

An approvals process is needed for routine data maintenance and to prevent internal fraud or inaccuracies in your financial data. An administrator can set custom thresholds for approvals, and once a transaction meets that threshold, it’s flagged. This also promotes segregation of duties by requiring users with higher-level permissions to approve transactions. 

5. Audit Trails

Used as a comprehensive record to track user activity, audit trails note who accessed certain records, made changes and when those changes occurred. This careful documentation is embedded into Sage Intacct and provides financial managers an internal log of key information needed for audits. This log includes: 

  • User Login History. This list delivers important login security information for auditors to review who are accessing the system — successfully and unsuccessfully. 
  • Database Records. Logging all actions of users including when a record is created, edited or deleted. 
  • System-Level Audit Trails. Tracking each time there is a change in the system or a user selects a new configuration that affects other users. 
  • Application Integration Audit Trails. Useful for identifying the applications that can access your data and protect against security breaches. 

Putting a proper internal controls system in place will help safeguard your business and prevent your business from organizational fraud. 

Are you in need of more secure internal controls? Contact Doeren Mayhew, a Sage Intacct partner, today to learn more.