How to Organize Financial Documents Before Your Audit
A practical checklist for sorting invoices, receipts, bank statements, and ledger records. Get your documentation in order before auditors arrive.
Read ArticleBuilding Internal Controls That Actually Work
Step-by-step guide to setting up approval processes, segregation of duties, and regular reconciliations. You don’t need complex systems — clear procedures are what auditors look for.
Why Internal Controls Matter More Than You Think
Internal controls aren’t bureaucracy. They’re your company’s immune system. When an auditor walks through your door, they’re not looking for perfection — they’re looking for evidence that you’ve got systems in place to catch problems before they become disasters.
The good news? You don’t need fancy software or a compliance department. You need clear thinking, documented procedures, and consistent execution. We’ve seen companies with 5 people implement controls that pass audits with flying colors. We’ve also seen larger organizations stumble because nobody actually followed the procedures they’d written.
What This Guide Covers
The three pillars: approval processes that prevent fraud, separation of duties that catches errors, and reconciliations that prove everything matches.
Approval Processes: The First Line of Defense
Every payment that leaves your company should go through an approval process. That doesn’t mean every $50 invoice needs sign-off from the CEO — it means you’ve got clear rules about who can approve what amount.
Here’s what actually works: Set spending limits by role. Your accountant might approve invoices up to $1,000. Your operations manager approves up to $5,000. Anything larger goes to the director. Document this in writing — one page is enough. Then stick to it.
1
Create a simple approval matrix with spending limits
2
Require two signatures on cheques over a set amount
3
Keep supporting documents (invoices, receipts, contracts)
4
Review and approve the bank reconciliation monthly
Segregation of Duties: Making Sure One Person Can’t Do Everything
The second control is separation of duties. One person shouldn’t be able to request a payment, approve it, and record it in the books without someone else checking their work. It’s not about mistrust — it’s about catching human error.
If you’re a small team, you can’t separate every function. That’s okay. But you need compensating controls. If the same person enters invoices and posts them to the ledger, then someone else (ideally the owner or a manager) reviews the ledger monthly and spots anything odd. That’s your safety net.
The most common issue we see: The bookkeeper writes cheques, signs them, and reconciles the bank statement. Three critical functions, one person. Even if they’re completely honest, mistakes happen. Add a second person to review and sign cheques. That’s it. One change, huge impact.
Related Resources
Reconciliations: Your Monthly Reality Check
The third control is reconciliation. Every month, you should reconcile your bank statement to your accounting records. Not “eventually.” Not “when we have time.” Monthly. Non-negotiable.
Here’s why this matters: It’s the control that catches fraud, prevents errors from compounding, and gives you confidence in your numbers. When your bank statement doesn’t match your books, you’ve got a problem. Reconciliation finds it in month one, not month six.
Monthly Reconciliation Checklist
- Print the bank statement from your online banking
- List all outstanding cheques (issued but not yet cleared)
- List all deposits in transit (recorded but not yet in bank)
- Adjust your book balance for any bank charges or interest
- Compare adjusted balances — they should match
- Document the reconciliation (keep it with your records)
- Have someone other than the preparer review it
Documentation: Making It Real
Controls only work if people know about them. You need documentation. But here’s the secret: It doesn’t need to be a 50-page manual. A one-page procedure document for each key process is plenty.
Your approval matrix, segregation of duties policy, and reconciliation procedure can each fit on one page. Include who does what, spending limits, timing, and who reviews the work. That’s it. Make it clear enough that a new employee could follow it without asking questions.
Then actually follow it. The biggest gap we see isn’t between documented procedures and reality — it’s between procedures that exist and people who don’t know about them. Spend 15 minutes in your next team meeting walking through the approval process. It changes everything.
Putting It Together
You don’t need a revolution. You need three things: clear approval processes that limit who can spend what, separation of duties so one person can’t do everything without review, and monthly bank reconciliations that catch problems early.
When an auditor reviews your company, they’re looking for evidence of these three controls. Document them. Implement them. Do them consistently. That’s what “effective internal controls” means in the real world.
Start with your biggest risk: cash. Who can request payments? Who approves them? Who has access to the bank account? Who reconciles? If you can answer those four questions clearly, you’re already ahead of most companies.
Disclaimer
This article is provided for informational purposes only and should not be considered professional advice. Internal control requirements vary based on company size, industry, and regulatory environment. While the principles outlined here reflect general audit standards, your specific situation may require additional or different controls.
Before implementing any control procedures, consult with your auditor, accountant, or compliance advisor to ensure they’re appropriate for your organization. Companies Ordinance requirements and audit standards may change, so review current regulations before finalizing your procedures.