5 Internal Control Gaps Common in Ghanaian SMEs

When we begin an internal audit engagement with a Ghanaian SME, a handful of control gaps appear with surprising regularity. Here are the five most common — and what to do about each.

1. No segregation between bank reconciliation and bank approvals

The same person who initiates a payment often reconciles the bank statement. Result: errors and irregularities go undetected for months.

Fix: assign the reconciliation to someone outside the payments team — even a part-time accountant on retainer is enough.

2. Vendor master file with no approval workflow

Anyone in finance can add a new vendor with new bank details. This is the most common avenue for payment fraud we see.

Fix: introduce a four-eyes process for vendor onboarding and changes to bank details.

3. Cash handling without rotation

The same cashier handles petty cash for years, with no rotation, no surprise counts, and no leave cover.

Fix: mandatory two-week consecutive leave per year for anyone handling cash, with a stand-in.

4. No formal credit policy

Sales are extended on goodwill. Aged debtor balances grow. Eventually a write-off looks unavoidable.

Fix: a written credit policy with limits per customer, ageing reports reviewed monthly, and clear escalation triggers.

5. IT access not removed when staff leave

Ex-employees retain email and ERP access weeks after departure. We have seen this exploited.

Fix: an HR-IT joint checklist triggered by every termination, completed within 24 hours.

Bottom line

These are the five we see most often, but every business has its own. A risk-based internal audit walks the gap from "we think we are fine" to "we have evidence we are fine."