WHAT ARE YOUR FEARS AS BUSINESS OWNERS?
- Inefficient and unreliable operations?
- Unsure of the applicable laws and regulations?
- Violation of laws or regulations resulting in large fines or lawsuits?
- Financial records and managerial reports being questioned by business partners and stakeholders like investors?
- Lack of ability to track performance against forecasts and budgets?
- Lack of attention to information security leads to privacy concerns?
- Security breaches due to unauthorized access to financial data and customer records?
- Misappropriation of assets or falsification of records?
Life is full of risks, all day every day we do things that can go wrong, but thankfully there are protections in place to make things go right. In business, we call those protections – “Internal Controls”. Some may call them bottlenecks, but to protect your business and achieve your goals, Internal Controls are critical.
WHAT DO THEY DO BASICALLY?
- Detect errors
- Avoid delays
- Prevent Negative financial and reputational impact
REMEMBER: Internal Controls are designed to reduce and manage, rather than eliminate the risk of failure to achieve the Organization’s Objectives.
All are responsible for Internal Control, but let’s see how it looks when we assign the levels of Internal Controls:
Senior Management – sets the control environment.
VPs and Directors – Oversee and allocate resources and monitor.
Managers – Create strong controls in their processes and teams.
Staff – executes the controls and communicates the issues to their managers.
INTERNAL CONTROL STRUCTURE
The internal control structure is derived from the way management runs an operation or function and is integrated with the management process. There are a few inter-related components:
- Control Environment – The control environment sets the tone of an organization, influencing the control consciousness of its people.
- Risk assessment – Risk assessment is the identification and analysis of relevant risks to the achievement of the objectives, forming a basis for determining how the risks should be managed.
- Control activities – They include a range of activities as diverse as approvals, authorizations, verifications, reconciliations, reviews of operating performance, security of assets, and segregation of duties.
- Information and communication – Pertinent information must be identified, captured, and communicated in a form and timeframe that enable people to carry out their responsibilities. Effective communication also must occur in a broader sense, flowing down, across, and up the organization.
- Monitoring – Internal control systems need to be monitored, a process that assesses the quality of the system’s performance over time. This is accomplished through ongoing monitoring activities, separate evaluations, or a combination of the two.
REMEMBER: Internal control is a process. It is a means to an end, not an end in itself.
INTERNAL CONTROL WEAKNESSES:
Internal control weaknesses are failures in the implementation or performance of internal controls. Even the strongest security measures can be circumvented if a malicious actor identifies an internal control weakness.
ORGANISING WEAKNESSES INTO CATEGORIES:
- Operational Internal Control Weaknesses
- Technical Internal Control Weaknesses
- Administrative Internal Control Weaknesses
- Architectural Internal Control Weaknesses
REMEMBER: Internal control is affected by people. It is not merely policy manuals and forms, but also people at every level of an organization.
WHEN DOES IT BECOME A MATERIAL WEAKNESS?
A material weakness occurs when one or more internal controls are ineffective, in a way that can lead to a material misstatement of financial activity. This includes all rules, processes, and activities designed to improve operational efficiency and prevent financial statement irregularities.
NOW LET’S DIG DEEP INTO INTERNAL CONTROLS
Internal control is a process, effected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance:
- That information is reliable, accurate, and timely
- Of compliance with applicable laws, regulations, contracts, policies, and procedures
- Of the reliability of financial reporting
Internal controls are intended to prevent errors and irregularities, identify problems and ensure that corrective action is taken.
REMEMBER: Internal control can be expected to provide only reasonable, not absolute, assurance to an entity’s management and board.
HOW YOU MAY SET UP INTERNAL CONTROL IN YOUR DEPARTMENT?
- Implementing segregation of duties where duties are divided (segregated) among different people, to reduce the risk of error or inappropriate actions. No one person has control over all aspects of any financial transaction.
- Making sure transactions are authorized by a person delegated approval authority when the transactions are consistent with policy and funds are available.
- Ensuring records are routinely reviewed and reconciled, by someone other than the preparer to determine that transactions have been properly processed.
- Making certain that equipment, inventories, cash, and other property are secured physically, counted periodically, and compared with item descriptions shown on control records.
- Providing employees with appropriate training and guidance to ensure that they (1) know necessary to carry out their job duties, (2) are provided with an appropriate level of direction and supervision and (3) are aware of the proper channels for reporting suspected improprieties.
- Making sure the departmental-level policies and operating procedures are formalized and communicated to employees.
- Documenting policies and procedures and making them accessible to employees helps provide day-to-day guidance to staff and promotes continuity of activities in the event of prolonged employee absences or turnover.
REMEMBER: Everyone in your department has responsibility for internal controls.
