The Importance of Internal Controls & Risk Management for Cannabis Companies

The importance and relevance of internal controls and the need for risk management solutions continue to be a priority for privately and publicly traded cannabis companies, as the industry faces increased regulatory and financial reporting requirements with limited resources. This can feel overwhelming, and a challenge made even more difficult by the increased complexity of financial reporting and the highly adaptable, ever-evolving business models.

Consequently, cannabis companies tend to look at internal controls and risk management through a compliance lens, where regulatory compliance drives a “we have to do it” attitude. As a result, companies find themselves being reactive rather than proactive to issues, which leads to lack of management buy-in, poorly designed internal controls, and uncertainty on how to prioritize risks. This is not sustainable and can result in significant and material issues which could impact a company’s ability to raise capital and deter potential investors.

Why Is Risk Management Essential?

Risk management involves understanding company objectives, identifying risks that can impede those objectives, and protecting against them; a system of internal controls is one of the fundamental methods by which risk is managed. Both are essential for all companies, regardless of size, to proactively help identify and manage threats and vulnerabilities, and reduce the likelihood that company objectives will be jeopardized by unforeseen events.

Risks can affect many areas of a company, such as strategy, operations, finance, technology, and the environment. Particularly, risks that a cannabis company may face stem from a variety of sources and include:

• High cost of capital
• Poorly executed merger or acquisition
• Unreliable accounting records (e.g., high volume of cash-based transactions, limited access to traditional banking, inventory tracking, etc.)
• Penetration and attack of IT systems by hackers (e.g., Cybersecurity vulnerabilities)
• System vulnerabilities and disruption to seed-to-sale platforms, point of sale systems, and accounting and ERP systems
• Breach of regulations and laws (e.g., HIPPA, SOX, etc.)
• Tax problems (e.g., 280E)
• Litigation risks
• Inventory and quality control issues
• Substantial reduction in financial and other resources (e.g., skills shortage)
• Physical disasters leading to interruptions of business and/or loss of records

Cannabis companies need to establish a risk-based internal control and risk management framework, which improves performance and drives a “we should do it” attitude. Being proactive and managing risks-to-objectives helps establish the right motives, including management buy-in, better-designed controls, and sustainable processes.

How Centri Can Help

A commitment to internal controls and risk management, which permeate across an organization, is how cannabis companies improve the quality of financial reporting and manage risk. If you have questions about or need assistance with establishing an internal control and risk management framework, identifying risks, or addressing potential vulnerabilities before they are exploited, contact Centri’s risk and cybersecurity experts to learn more about how we can help you.

About Centri Business Consulting, LLC

Centri Business Consulting provides the highest quality advisory consulting services to its clients by being reliable and responsive to their needs. Centri provides companies with the expertise they need to meet their reporting demands. Centri specializes in financial reporting, internal controls, technical accounting research, valuation, mergers & acquisitions, and CFO and HR advisory services for companies of various sizes and industries. From complex technical accounting transactions to monthly financial reporting, our professionals can offer any organization the specialized expertise and multilayered skillsets to ensure the project is completed timely and accurately.

For more information, please visit www.CentriConsulting.com