Back to Resources

Financial Controls Maturity Assessment

Raymond Shuai February 2026 Framework — 20 questions
Finance Fundamentals
Share
Evaluate your controls across segregation of duties, approvals, reconciliations and fraud prevention. Get a maturity score and a staged improvement roadmap.

How to Use This Framework

This assessment evaluates the maturity of your financial controls across five areas where control failures most commonly result in fraud, error or audit qualification: payment and bank controls, journal and ledger controls, expense and procurement controls, payroll controls, and access and IT controls.

Score each question: 2 = fully in place, 1 = partially in place, 0 = not in place. This assessment has 20 questions but two areas have different question counts: Area 1 has 5 questions (maximum 10 points) and Area 5 has 3 questions (maximum 6 points). The maximum total score is 40 points. Use the scoring table at the end to determine your maturity level and build a prioritised improvement roadmap.

Why controls matter beyond compliance: The majority of fraud losses at growth-stage companies are enabled by absent or bypassed controls — not sophisticated external attacks. Payment fraud, ghost employees and unauthorised journal adjustments are almost always preventable with basic, properly enforced controls. A controls gap is a fraud gap.

Assessment Areas

Area 1: Payment & Bank Controls

Q1. All payments above a documented threshold require two independent authorisers

Q2. Bank mandates are reviewed at least annually: leavers removed promptly, no shared credentials

Q3. New payee verification process in place: callback or secondary confirmation before first payment

Q4. Bank reconciliations are completed by someone independent of the payment initiation process

Q5. A wire fraud policy exists: payment instruction changes via email are never acted on without voice verification

Area 2: Journal & Ledger Controls

Q6. A journal policy requires preparer and approver: self-approval is not permitted in the accounting system

Q7. All manual journals have a business reason documented and are retained for audit review

Q8. Accounting periods are locked after management accounts are approved: no backdated posting

Q9. Segregation of duties is enforced in the accounting system: access roles prevent single-person end-to-end processing

Area 3: Expense & Procurement Controls

Q10. An expense policy exists, is communicated to all staff, and limits and categories are enforced

Q11. Purchase orders are raised before commitments are made for spend above a defined threshold

Q12. Corporate card statements are reviewed and approved by a manager before payment is processed

Q13. All new suppliers are approved by finance before the first purchase is made

Area 4: Payroll Controls

Q14. New starters are only added to payroll with signed HR authorisation — no self-authorised additions

Q15. Bank detail changes for payroll require dual authorisation: HR and finance sign-off

Q16. Leavers are removed from payroll in the same month as their last working day

Q17. An annual ghost employee check compares payroll records against HR headcount

Area 5: Access & IT Controls

Q18. Accounting system access is reviewed at least quarterly: leavers removed, excess access revoked

Q19. Multi-factor authentication is enabled for all financial system access

Q20. System audit trails are enabled and reviewed periodically for unusual activity

Your Score
0 / 40
0%
Answer questions above to see your result
Next step: Identify the area where your score is lowest. Questions scored 0 are your highest-priority actions. Book a discovery call to discuss your results with a fractional CFO and build a clear remediation plan.
Your Score
0 / 40
0%
Answer questions above to see your result
Building your improvement roadmap: Group your 0-score items into three stages. Stage 1 (first 30 days): payment controls and payroll — these carry the highest fraud risk. Stage 2 (days 31-60): journal controls and expense management. Stage 3 (days 61-90): IT access reviews and MFA. Each stage should have a named owner, a completion target and a board sign-off point.

Work Together

Discuss your results with a
fractional CFO.

Book a discovery call to walk through your framework scores, identify the highest-priority gaps and get a clear picture of what a CFO engagement would involve.

Book a Free Discovery Call →