Why Strong Internal Controls Are Essential

For Preventing Fraud and Driving Business Growth

The importance of strong internal controls cannot be overstated. They form the foundation for financial integrity, operational efficiency, regulatory compliance, and, ultimately, long-term business success. This article explores how strong internal controls not only safeguard against fraud but also serve as a catalyst for business growth and sustainability.

In today’s fast-paced and evolving business environment, the importance of strong internal controls cannot be overstated. Most business owners and managers associate internal controls with fraud prevention and detection. However, effective internal controls serve a much broader purpose. They form the foundation for financial integrity, operational efficiency, regulatory compliance, and, ultimately, long-term business success. Businesses with internal control failures can suffer severe consequences, including fraud, regulatory violations, increased insurance premiums, and erosion of investor trust. This article explores how strong internal controls not only safeguard against fraud but also serve as a catalyst for business growth and sustainability.

Preventing Fraud and Misconduct

The most immediate and well-known benefit of internal controls is their ability to deter and detect fraud. By implementing checks and balances such as segregation of duties, approval processes, and reconciliations, companies reduce the risks of employees or external actors from misappropriating assets or manipulating financial information.

According to the Association of Certified Fraud Examiners (ACFE) Occupational Fraud: A Report to the Nations, organizations lose an estimated 5 percent of revenue to fraud annually. The median loss per fraud case is $145,000 while the average loss per case is $1,700,000.

The damage is not just financial; fraud incidents can severely damage a company’s reputation and result in costly legal ramifications. Effective internal controls reduce these risks by promoting transparency and accountability at all levels of the organization.

The Hidden Costs of Control Failures

When internal controls fail, the fallout is costly and pervasive. Beyond the immediate financial losses from fraud or error, there are often broader implications that can stifle business growth.

1. Wasted Time and Resources

Investigating fraud, correcting errors, and managing the fallout consumes significant time and energy. This diverts attention from core business activities and strategic initiatives.

Recently, I was engaged by a real estate management and investment company to conduct a fraud investigation and review their operating bank account activity for a multi-year period. The account had over a billion dollars of activity during the review period. We discovered that the company failed to implement effective monthly bank reconciliations. It had a staff member perform reconciliations. However, they were never reviewed by management. This led to many instances of accounting errors and even employee theft.

Along with interviewing various employees at the company, we performed an in-depth analysis of the company’s operating activity and identified corrective accounting entries valued at over a couple of hundred thousand dollars. Although issues were resolved, the investigation and analysis required several months of cooperation by the company’s finance and legal team; time that would not have been spent if the company had strong internal controls and procedures.

2. Increased Insurance Premiums

Insurers closely examine a company’s control environment and risk profile when underwriting policies. A weak internal control system or a history of control failures can lead to higher premiums for crime, liability, and business interruption coverage.

In another engagement, I was asked to investigate vendor fraud at a non-profit organization. Our client’s vendor was hacked and the fraudster asked our client’s executive team to change its wiring instructions to a new bank account. Due to poor internal controls, our client failed to confirm the change in wiring instructions with the vendor and unfortunately made a payment of over $300,000 to the bad actor. The organization made an insurance claim and recovered its loss, but the incident led to increased insurance premiums in the next policy period.

3. Loss of Investor and Lender Confidence

Investors and financial institutions view strong internal controls as indicators of sound management and low risk. Effective controls lead to maintained integrity and transparency in an organization’s business operations, making it trustworthy for investors and lenders. Control failures erode this trust, potentially resulting in reduced access to capital or less favorable loan terms.

I recently worked with a fund entity that solicited many individuals to invest in a business in the entertainment industry. However, both the fund entity and the underlying business lacked internal controls in its cash disbursement and financial reporting processes. The companies did not have a periodic financial statement review process, nor did they have a payment review process due to lack of segregation of duties; these led to a series of commingling of funds.

When two investors realized there was a severe lack of transparency in their investments, they demanded an immediate redemption of their membership interest and pursued legal action. The two investors received their funds through settlement. However, the remaining investors received their returns on investment at a loss. The fund entity intended to pursue other investments going forward, but due to the organization’s commingling of funds, it lost the trust of all its investors and later dissolved.

4. Regulatory and Legal Consequences

Many companies strive for a windfall of capital through initial public offerings (IPOs). Obtaining such capital enables companies to further invest in many resources to grow its business ventures. To become a publicly traded company in the United States, companies need to register with the U.S. Securities and Exchange Commission (SEC) and have audited financial statements prepared under U.S. GAAP.

To remain publicly traded, a company’s management is required to report the effectiveness of its disclosure controls and procedures as defined in Rule 13a-15(e) under the Exchange Act. These internal controls are designed to ensure that information reported in the company’s SEC filings, such as its annual Form 10-K, follow SEC’s rules and forms.

When publicly traded companies grow even larger, they are required to have their internal controls over financial reporting audited in accordance with Section 404(b) of the Sarbanes-Oxley Act (SOX).

Therefore, having strong internal controls is instrumental for companies striving for significant growth by seeking capital in the public markets. These companies are subject to strict compliance requirements and a breakdown in controls can lead to non-compliance, resulting in fines, sanctions, or legal action.

For example, in September 2021, Kraft Heinz paid $62 million after the SEC charged them for engaging in an expense management scheme that resulted in several years of financial restatements. Kraft Heinz failed to design and maintain effective internal controls over its procurement division. The company’s Chief Operating Officer and Chief Procurement Officer were also charged by the SEC for their misconduct.[1]

Overall, these above-mentioned issues create a ripple effect that ultimately hinders a company’s ability to scale, innovate, or compete effectively in the market.

Internal Controls as a Platform for Growth

Beyond fraud prevention, internal controls contribute directly to business growth and success in several ways.

1. Operational Efficiency

Strong internal controls streamline business processes, ensuring that resources are used effectively and that tasks are performed consistently. This reduces duplication of effort, minimizes errors, and fosters a culture of discipline and accountability. As a result, management can make better decisions, allocate resources and time more effectively, and respond more quickly to opportunities and challenges.

2. Reliable Financial Reporting

Complete and accurate financial statements are crucial for informed decision-making, strategic planning, and attracting investment. Internal controls over financial reporting ensure the integrity of the financial data, giving stakeholders confidence and trust in the company’s performance and potential. Companies with trustworthy reporting systems are better positioned to secure financing, negotiate partnerships, and pursue mergers or acquisitions.

3. Scalability and Sustainable Growth

As a business expands, its operations become more complex. Internal controls provide a scalable framework that supports growth while managing risk. Without proper controls, growth can outpace the company’s ability to manage it effectively, leading to breakdowns in communication, oversight, and execution. Scalable internal controls ensure that the organization maintains order and consistency, even as it grows.

4. Enhanced Strategic Focus

When internal controls are strong, management can focus on strategic initiatives rather than putting out fires when operations go awry. With confidence in the reliability of financial and operational data, leadership can pursue innovation, market expansion, and product development more aggressively.

5. Improved Stakeholder Relationships

Vendors, customers, and employees are more likely to engage with a company that operates with integrity and professionalism. Internal controls help demonstrate this integrity by fostering ethical behavior, maintaining data security, and ensuring that contractual obligations are met.

Building an Effective Internal Control System

Creating a robust internal control system involves establishing clear policies, leveraging technology, and promoting a culture of accountability. Below are key elements of a strong internal control environment.

• Segregation of Duties: No single employee should be responsible for both approving and recording transactions.
• Authorization Controls: Ensure that all transactions are authorized by the appropriate level of management.
• Regular Reconciliations: Periodic reconciliations of accounts to detect and correct discrepancies promptly.
• Audit Trails: Maintain comprehensive records that allow transaction tracing and accountability.
• Periodic Reviews: Regular internal or external audits to evaluate the effectiveness of controls.
• Training and Awareness: Employees should understand the importance of controls and their role in maintaining them.

Conclusion

Strong internal controls are not just a defense mechanism against fraud; they are a strategic asset that supports business success. Companies that invest in building a solid control environment position themselves for greater efficiency, scalability, and credibility. Businesses that overlook internal controls risk financial loss, reputational harm, and stunted growth. By prioritizing internal controls, organizations can build a foundation of trust, accountability, and resilience that fuels long-term growth and prosperity.

[1] https://www.sec.gov/newsroom/press-releases/2021-174

---

Andre Castillo, MBA, CPA, ABV, CFF, CFE, is a director at CBIZ Forensic Consulting Group located in New York City, serving clients since 2016. He is a national expert in forensic accounting, litigation consulting, economic damages calculations, business valuations, and fraud investigations. From 2022 to 2023, he provided financial and forensic domain expertise as an advisor to Hudson Labs (formerly Bedrock AI), a financial research software company. Prior to joining CBIZ, Mr. Castillo started his career at KPMG, LLP, where he provided audit services to publicly traded companies in the sports and entertainment industry and the consumer products industry. As an auditor, he spearheaded the assessments for his clients’ adoptions of new accounting standards, such as ASC Topic 606.

Mr. Castillo can be contacted at (914) 610-0621or by e-mail to AndreRonald.Castillo@CBIZ.com.