Back to Resources

Financial Controls Implementation Checklist

Raymond Shuai December 2025 28 items · 5 sections

Finance Fundamentals

Share

A structured list of the financial controls every growth-stage company should have — from payment authorisation to journal approval, expense policies and bank mandate controls.

1. Payment & Bank Controls

  • Dual authorisation: payments above £5,000 require two authorisers Threshold documented in the authorisation matrix; exceptions require CFO written approval.
  • Payment limits by role: authorisation matrix in place Document communicated to all budget holders; matrix reviewed annually or on role changes.
  • Bank mandate review: all authorised signatories reviewed Ex-employees removed promptly; current mandate list agreed to HR records at least annually.
  • New payee verification: callback procedure for new beneficiaries Independent callback to a verified number before the first payment to any new payee.
  • Bank reconciliation completed independently Performed by someone not involved in payment processing; segregation of duties enforced.
  • Online banking: individual logins only, MFA enabled No shared credentials; MFA enforced for all users; access reviewed on any role change.
  • Wire fraud controls: internal communication policy in place Payment instruction changes by email are never actioned without verbal confirmation from a known contact.

2. Expense & Procurement Controls

  • Expense policy documented and communicated Covers per-item limits, eligible categories, receipt requirements, and the approval chain by seniority.
  • Purchase order process: PO raised before commitment PO approved before any expenditure commitment above the threshold; threshold defined in the policy.
  • Three-way match: PO, goods receipt, and invoice matched before payment Payment system enforces the three-way match; exceptions logged and reviewed by finance.
  • Supplier onboarding: new suppliers approved by finance and legal Bank details verified independently; anti-bribery and sanctions checks completed before onboarding.
  • Credit card programme: individual cards with monthly statement review Each cardholder’s monthly statement reviewed and approved by their line manager.
  • Travel and entertainment: separate policy with pre-approval for international travel International trips require CFO or CEO approval before booking; policy reviewed annually.

3. Payroll Controls

  • New starter authorisation: HR and finance sign-off before first payroll Starter form completed, countersigned, and filed; confirmed by finance before payroll cut-off.
  • Payroll changes: dual approval required Salary increases and bank detail changes require independent approval; changes logged with dates.
  • Leavers: payroll removed in the month of termination Leaver date confirmed from HR; no overpayments; recovery process documented if overpayment occurs.
  • Payroll reconciliation: gross pay and PAYE liability agreed Gross pay per payroll system agrees to P&L; PAYE liability agrees to HMRC; variances investigated monthly.
  • Ghost employee check: annual audit of payroll against HR records Every payroll record cross-referenced against active HR file; unmatched records escalated immediately.

4. Journal & Month-End Controls

  • Journal policy: all journals require preparer and approver No self-approval permitted; system enforces two-person rule for all journal postings.
  • Manual journal log: all non-routine journals documented Business reason recorded; supporting documentation attached; reviewed by CFO at month-end.
  • Period close lock: accounting periods locked after accounts approved Prior periods cannot be reopened without CFO approval; all changes documented.
  • Reversing journal controls: accruals set to auto-reverse All accrual postings configured to reverse automatically in the following period; manual reversals flagged.
  • Chart of accounts changes: Finance Director or CFO sign-off required No new account codes created without approval; annual review of inactive codes for deletion.

5. Access & IT Financial Controls

  • Accounting system access reviewed quarterly Starters and leavers updated promptly; access levels matched to current role responsibilities.
  • Role-based access: segregation of duties enforced No single user can both create and approve transactions; system configuration reviewed annually.
  • ERP backups: daily backup confirmed and annual recovery test conducted Backup log reviewed monthly; recovery test result documented and signed off by IT and finance.
  • Audit log: system audit trail enabled and reviewed periodically Audit log cannot be disabled by standard users; periodic review identifies unusual activity.
  • Year-end archive: accounting data backed up and retained per statutory requirements Data retained for minimum 6 years; storage location documented; access restricted to authorised users.

Work Together

Ready to action this checklist?
Book a discovery call.

CrunchSpark implements financial control frameworks that satisfy investors, auditors, and regulators — built for growth-stage companies that need to move fast without losing control.

Book a Free Discovery Call →