Small and medium enterprise (SME) have limited resources to focus on internal controls, it is important to weigh the cost versus benefit of each control the company is putting into place.
Internal control is an integral part of a business and decisionmakers should prioritise monitoring and making it as efficient as possible. Effective internal controls are designed to prevent and detect fraud as well as provide reasonable assurance of achieving the company’s objectives, limitations do exist.
Financial crises in most organisations is mainly due to a lack of proper risk-management and internal control, and the business leaders did not understand the risks they would face. Effective internal control is one of the best preventative measures companies can take to avoid business failure. In addition, because it allows organisations to manage risk and production value, internal control systems are important sources of business performance.
Correct implementation allows firms to invest in opportunities while minimising risk, saving time and money, therefore generating a competitive edge over other competitors.
Here are insights on efficient internal control.
1. the big picture.
Firms should view internal control as an integrated part of governance and risk management, rather than a separate entity. Risk management should focus on identifying threats and opportunities, while controls should counter threats and take advantage of opportunities. Integration creates a system that supports efficient, ethical and profitable movement forward.
2. Build relationships and open communication.
It is possible to maintain an attitude of professional skepticism and, at the same time, build relationships on a foundation of trust.
First, adopt open-book management practices and explaining not just how but why particular processes are needed from a business perspective. Address issues of noncompliance first by identifying the behaviour you observed, then giving the employee an opportunity to voice his/her concerns.
Second, acknowledge the employee’s viewpoint and then explain the business reason for the change. Finally, clearly state your expectations going forward.
Use “I” instead of “you” in communication.
Example: “I noticed that your supervisor did not preapprove this transaction” is better than “You didn’t get proper approval from your supervisor.”
Keep interactions professional, not personal.
By establishing controls and processes that did not exist previously, you may cause an internal power struggle.
An employee may perceive a new process, such as a new process for authorising transactions, for example, as a sign of distrust.
Give employees a chance to express concerns before implementation, and be sure to explain the business rationale.
3. Align company goals with laws and policies.
Effective internal controls should allow organisations to achieve their objectives by managing risks while complying with Company Act, as well as with county or regulator laws and generally accepted IFRS standards. These regulations should not conflict with business goals.
Organisations should educate employees on all applicable laws and standards, and vigilantly monitor application.
It is important to encourage staff to abide by risk management policies and incorporate respect for rules and regulations into corporate culture.
As a business link each individual performance to the achievements of the internal control system to foster a sense of personal accountability.
4. Consistently enforce policies fairly.
Periodic, one-on-one discussions with individuals about policies can be enlightening.
Training new employees is a given, but some organisations fail to apprise employees of the acceptable use of company property, including confidential and sensitive information.
Check references and conduct pre-hire and periodic background checks, particularly for employees involved with the finance or accounting function and those who have access to sensitive information.
As much as possible, separate duties so that no single individual has control of all aspects of a transaction, and separate authorisation from recordkeeping.
5. Set a strong internal tone.
Internal controls are processes affected by people and the actions they take every day. Provide a formal system for individuals to raise concerns without fear of retaliation.
The best thing decisionmakers can do is create a mechanism by which satff can report concerns. Even the smallest organisation can adopt a whistle-blower policy.
6. Plant the seeds of progress
As an SME or corporate determine the roles of responsible board, management, employees and internal and external assurance providers.
Cooperation between all should be fluid and effective.
Each employee at every level should fully understand the need for internal control, communication between managers and employees is crucial.
Companies should also consider the value of thorough documentation.