If you’re a business owner, or even a manager, you’ve probably heard of internal controls. But do you really know how important internal control is to your organization? Are you aware of the risks your organization faces if these controls are ineffective or non-existent? Are you in a position to draw up an internal control process?
It’s vital for every company to have excellent controls in place, otherwise it will fall prey to a number of crooks. Attacks can come from both internal and external sources. They can be perpetrated by employees or senior executives, or even by suppliers or customers. For example, an employee who is dissatisfied with his salary may want to steal assets or even money, because he believes he deserves better remuneration. If the organization doesn’t have an effective control system, it will have the opportunity to do so. The unfortunate thing is that this fraud will probably never be detected.
Develop internal control processes
To counter this type of behavior, each company must develop
an internal control process
in accordance with the five components.
The aim of internal control is to reduce the risks assessed in step 2 of the process. Fraud is the risk most often associated with internal control. Although it is always present in organizations, there are other risks for which internal controls are implemented. We explained this in our article ” Ensuring your company’s long-term viability through risk management “.
Control activities are set up to prevent or detect fraudulent transactions.
Internal preventive controls will reduce the chances of the criminal carrying out fraudulent acts. If it manages to thwart them, there will be detection checks to reveal that a potentially fraudulent act has occurred.
Controls include segregation of duties. This prevents an individual or a team from being able to control all the key stages of a transaction. In this way, employees will have restricted and different access to the accounting software. There are also more computerized controls. For example, a password for each user that must be replaced after a fixed period, or data backup on an external hard drive to prevent data loss.
In addition, a very important element that needs to be implemented in an organization, but is sometimes not considered a control, is ” tone at the top“. An organization must put in place a code of conduct reflecting integrity and ethics. Its application by senior management will have a major impact. These individuals are the cornerstone of the organization, and if they behave with integrity and ethics, employees are bound to follow suit.
As you can see, there are a number of control activities, some of which are general and apply to most companies, while others are specific to the reality of your organization. So a personalized diagnosis is important in order to target the right controls for you. We can help. Write to us!
Quiz
Are you able to determine whether the following controls are preventive or detective?
A) Code of conduct
B) Confidential line
C) Employee training
D) Verification by a supervisor
E) Control access to assets
A) Prévention B) Détection C) Prévention D) Détection E) Prévention
