10 Indispensable Internal Controls for Every Business

Since at least the 16th century, English speakers have repeated the proverb, “When the cat’s away, the mice will play.” It’s a concept that school children readily understand, especially when their regular teacher is absent and they’re treated to a substitute. Yet, the simple lesson seems to elude many business leaders whose companies are riddled with internal fraud. Of course, you can’t stand over your employees every moment of the day, but you need to have guardrails in place to keep them on the straight and narrow. In this article we’ll present a recent case where the rodents ran wild, and our list of 10 controls you must implement to be an effective feline.

The Wells Fargo Fake Accounts Scandal

Uncovered in 2016, the Wells Fargo Fake Accounts Scandal ranks among the most significant banking frauds in recent U.S. history. From 2002 to 2016, Wells Fargo employees, under the pressure of aggressive sales targets, decided to meet their quotas by opening unauthorized bank accounts, credit cards, and other financial products for customers. By the time their widespread misconduct was discovered, bogus accounts numbered about 3.5 million.

The first problem was Wells Fargo’s high-pressure sales culture, which imposed unrealistic quotas. The bank put forth a “Gr-eight” initiative, which demanded representatives sell eight products per customer. The company then tied bonuses to these unrealistic expectations, and threatened employees with termination for falling short. It was all too reminiscent of Alec Baldwin in Glengarry Glen Ross, “First prize is a Cadillac, second prize is a set of steak knives. Third prize is you’re fired.” Having struck fear into its workforce, WF turned a blind eye to employee conduct. Thus:

• Employees could open accounts without independent verification, even by forging signatures or executing unauthorized transfers of funds.
• Whistleblower complaints went nowhere
• Red flags indicating unusual activity were ignored

The fraud only surfaced after frustrated whistleblowers went to the press. The Los Angeles Times published a 2013 exposé, which prompted regulatory investigations. The Consumer Financial Protection Bureau and Office of the Comptroller of the Currency investigated, confirming the fraud in 2016.

Wells Fargo was forced to pay $3 billion in settlements, including a $1.7 billion CFPB fine in 2022 and $185 million in 2016 to the CFPB, OCC, and Los Angeles. Refunds to affected customers totaled $50 million.

Accountability reached the highest level, as CEO John Stumpf resigned in 2016, forfeiting $41 million in bonuses. More than 5,300 employees were fired, primarily low-level staff. Moreover, the scandal eroded customer trust, costing billions in lost business and legal fees, with stock value dropping significantly in 2016.

Whatever short-term gains WF realized were lost as the bank became toxic in the public mind.

The 10 Controls Your Business Needs to Eliminate Fraud

WF could have detected its internal fraud in the early stages, if leadership had only implemented proper controls on its business processes. Strong internal controls are vital for large corporations, running huge operations where the focus on details is easily lost. But they are just as important for smaller businesses that want to prevent fraud, maintain accurate records, and operate profitably. A lack of a proper control framework leaves businesses vulnerable to internal theft, mismanagement, and financial misstatements.

Here then are the top internal controls every business should implement:

1. Segregation of duties — No single person should have control over all aspects of a financial transaction. Divide responsibilities among employees for authorizing transactions, recording them, and handling the related assets. For example, the person who writes checks should not be the same person who reconciles the bank statement.
2. Bank reconciliations — Reconcile all bank accounts at least monthly. This helps identify discrepancies, unauthorized transactions, and errors. Ideally, someone not involved in daily cash handling should perform this task.
3. Approval processes for expenditures — All payments and purchases should require documented approval from a manager or business owner. Set thresholds for different levels of approval to avoid unnecessary delays.
4. Inventory controls — If your business handles physical inventory, implement procedures to track inventory movement. Use periodic counts and compare them with records to catch shrinkage, theft, or errors.
5. Payroll oversight — Ensure payroll is reviewed and approved before processing. Verify hours, rates, and classifications. Watch for ghost employees or unauthorized wage changes.
6. Physical security of assets — Limit access to sensitive areas, lock up cash and high-value items, and use surveillance where practical. Require keys, fobs, or passwords for controlled access.
7. Vendor and expense monitoring — Review vendor lists periodically to detect fictitious vendors. Scrutinize expense reports and implement standardized reimbursement procedures.
8. Use of accounting software with audit trails — Choose software that records changes to data and tracks user activity. This ensures transparency and helps identify irregularities.
9. Regular financial reviews — Conduct monthly reviews of financial reports, including profit and loss statements, balance sheets, and cash flow. These reviews help identify trends, flag concerns, and improve decision-making.
10. Fraud reporting mechanism — Create a confidential method for employees to report unethical behavior or suspected fraud. An anonymous tip line or open-door policy can be effective deterrents.

Implementing strong internal controls doesn’t have to be expensive or time-consuming. Even modest steps can go a long way in reducing risk and improving business operations. In addition to saving company resources, you’ll find that your workers become more productive. Office morale might noticeably improve, since the presence of fraud is a major source of dissension within an organization.

If you’re unsure where to start, ask NAFA about a fraud risk assessment or schedule a consultation with one of our knowledgeable forensic accountants.