Internal audit work across security and logistics firms in Central and East Africa consistently reveals the same control weaknesses — weaknesses that create unnecessary fraud risk, cash leakage, and compliance exposure. Here are the five most common red flags, and what you can do about them.
Red Flag 1: No Segregation of Duties in Cash Handling
In many small-to-medium security firms, the same person who receives cash, records it, and prepares the bank reconciliation. This concentration of control is the single most common source of cash misappropriation.
- Fix:Separate the cashier function from the reconciliation function, even if it means assigning reconciliation to a line manager rather than another dedicated accountant.
Red Flag 2: Payroll Signed Off by the Same Person Who Processes It
When the HR officer who builds the payroll register also approves it and authorises the bank transfer, ghost employee schemes become trivially easy.
- Fix:Implement a mandatory second-level approval for payroll — ideally by the Finance Director or General Manager — before any transfer is made.
Red Flag 3: No Fuel and Vehicle Log Reconciliation
Security firms operate large vehicle fleets. Without a fuel log tied to odometer readings and reconciled monthly against fuel purchase receipts, fuel theft becomes an invisible "business expense."
- Fix:Mandate that fuel cards or receipts are only processed when accompanied by a vehicle log sheet entry. Use GPS tracking to verify mileage.
Red Flag 4: Petty Cash With No Float Limit and No Surprise Counts
Uncontrolled petty cash — particularly in remote zones — creates a culture where small amounts disappear because no one counts or the float limit is so high it obscures losses.
- Fix:Set a strict petty cash float limit by zone (e.g., USD 200–500 depending on zone size). Conduct random, unannounced cash counts at least monthly.
Red Flag 5: Client Billing Not Reconciled Against Contracts
In service-based security, billing should reflect the actual number of guards deployed. If billing is not reconciled monthly against client contracts and actual deployment sheets, the firm may be under-billing or failing to invoice for ad-hoc services.
- Fix:Perform a monthly reconciliation of "Billed Revenue" vs "Contract Value" vs "Actual Deployment."
Conclusion
Tightening internal controls doesn't require complex software; it requires discipline and clear segregation of duties. Valid Wave Consulting specialises in internal audit and control design for security firms across Africa. Book a consultation to assess your risk exposure today.