The Importance of Internal Controls in Organizations
Fraud is familiar to organizations large and small. Undetected, it grows quickly in confidence and in size. It is like leaving the cookie jar open and never asking “Who stole the cookies from the cookie jar?” The cookies start disappearing at a faster rate. Business leaders and management need to be vigilant. Internal controls must be in place at all times. Publilius Syrus, the Roman writer famously said, “He is most free from danger, who, even when safe, is on his guard”.
The danger to organizations is not from fraud alone. Inaccurate financial reporting can lead to costly errors in decision making, or inefficiencies in operations. Worse, a lack of internal controls can lead to a serious breach of law and compliance issues. The harm done to the financial health, vitality and reputation of the organization is not easy to repair.
To succeed in an ever-changing environment, it is imperative for companies to gain and sustain its competitive advantage and one of the ways in which competitive advantage can be gained and sustained is through the effectiveness of its Internal Control framework which includes primary (such as Sales, Marketing, Distribution, Procurement etc.)
Primary material internal control weakness that leads to fraud/mistake
- Lack of independent checks/audits
- Lack of reporting mechanism
- Lack of segregation of duties
- Inefficient internal controls
- Override of existing internal controls
- Insufficient management review
- Lack of competent persons in managerial roles
- Lack of well-defined internal controls
- No clear and uniform accounting procedures
- Lack of external audit of policies and controls
A material weakness is a deficiency, or combination of deficiencies, in internal control, such that there is reasonable possibility that a material misstatement of the entity’s financials statement will not be prevented, or detected and corrected on a timely basis.”
The most vulnerable business processes
There are many business processes that are vulnerable to frauds. Experience shows that some processes are the favorite hunting grounds of most fraudsters. Some of these include. Extra care should be taken in designing internal controls for these business processes. An explanation of some of the controls is detailed below. The list is general and by no means exhaustive and must be reviewed and expanded to suit the organization’s specific needs.
Internal Controls Outsourcing
Internal control is usually done by the organization’s own audit department. Organizations have recently started outsourcing their internal control function to independent, external vendors. Many consultants and advisories are offering a full suite of high quality and highly specialized solutions that include risk advisory, regulatory compliance, IT automation and forensic investigative solutions.
Apart from outsourcing the entire internal control system, organizations can outsource individual processes such as the accounts payable process, payroll process; employee claims process or even thematic audits such as data privacy, foreign exchange management, compliance, and security and IP protection. Risks can be analyzed in areas such as investments, credit, and currency fluctuations.