Retired Major Silibaziso Zhou
In today’s dynamic and fiercely competitive business environment, it’s impossible to overstate the critical role of robust internal controls.
Be it a burgeoning start-up or a well-established corporate powerhouse, organisations at every level face a myriad of risks, including fraud, financial misstatements and operational inefficiencies.
Safeguarding against such risks requires the commitment to implementing comprehensive internal controls. Serving as the guardians of integrity, reliability and security, these controls ensure the protection of assets, facilitate accurate financial reporting and mitigate risks.
Whether it’s a local enterprise or a global corporation, the establishment of sound internal controls is fundamental to fostering sustainable success and building trust with stakeholders.
In this article, we will outline the definition of internal controls, unpack the key elements of an effective internal control system and underscore the pivotal role of controls in shaping the destiny of businesses, regardless of their size and scope.
Definition of internal controls
Internal controls refer to all the processes, policies and procedures instituted by management in order to provide reasonable assurance towards the achievement of their objectives in the areas of operations, financial reporting and compliance. These controls assist the organisation to safeguard assets, ensure the accuracy and reliability of financial information, promote operational efficiency and encourage adherence to laws and regulations. They also serve to mitigate risks, prevent fraud and support the overall integrity and ethical conduct of the organisation.
Elements of an effective internal control system
The Committee of Sponsoring Organisations of the Treadway Commission (COSO) defines an effective internal control system as having five (5) interrelated components, and they are Control Environment, Risk Assessment, Accounting Information system, Management Controls and Control Procedures.
Every organisation must have the following elements in its system. The five components work together to form a comprehensive internal control framework designed to provide reasonable assurance regarding the achievement of an organisation’s objectives related to operations, reporting and compliance.
Each of these elements is essential and contributes to a robust internal control environment.
Control Environment: The control environment refers to managers or board of directors or leaders, those charged with corporate governance or what is known as the tone at the top. Good leaders must set the example.
Good managers set the tone of an organisation, they influence the consciousness of their workers regarding the importance of internal control.
Managers set the overall attitude or culture, awareness, and actions of all employees regarding the significance of control and its role in the organisation.
A strong control environment is characterised by a commitment to integrity and ethical values, management’s philosophy and operating style, the organisational structure, the assignment of authority and responsibility and the human resource policies and practices.
Successful business do not sit and relax. They assess and react to risks before they are attacked. Risk assessment involves the identification and analysis of relevant risks to the achievement of the organisation’s objectives. It includes considering the potential impact of risks on the organisation’s goals and the likelihood of their occurrence.
An effective risk assessment process helps an organisation to prioritise and respond to risks in a manner that is consistent with its risk appetite and tolerance levels. It is a critical component in ensuring that a company is adequately prepared to manage potential challenges.
Accounting Information System:
Every business should have a computer to collect, process and summaries financial information for management decision making and other authorised individuals. Every organisation should have an accounting information system that includes information technology infrastructure, data quality and the procedures used to initiate, record, process and report the organisation’s transactions and maintaining accountability for related assets. An effective accounting information system facilitates quick decision making.
It involves ongoing management and supervisory activities, separate evaluations, or a combination of both. Management and the board have an ongoing responsibility to ensure that each of the other components of internal control is present and functioning properly. Management controls also ensures that necessary corrective actions are taken.
Control procedures are the policies and procedures established and executed to ensure that management directives are carried out. They include a range of activities such as approvals, authorisations, verifications, reconciliations, reviews of operating performance, security of assets and segregation of duties.
These procedures are designed to provide reasonable assurance that the control objectives are met and that the organisation’s operations are effective and efficient. These control procedures are summarised by the word SPAMSOAP
Segregation of Duties: Segregation of duties is a fundamental concept in internal control that helps prevent fraud and errors. It involves dividing key tasks and responsibilities among different individuals or departments to prevent any single person from having too much control over any one aspect of a process. This control helps ensure that no single individual has the ability to perpetrate and conceal fraudulent or erroneous activities.
Physical Access Control: Physical access control refers to measures put in place to restrict or monitor access to physical areas and assets within an organisation. This can include measures such as locked doors, access badges, security guards, biometric scanners and surveillance systems to ensure that only authorised individuals have access to specific areas or resources.
Monitoring Controls: Monitoring controls are put in place to oversee and review the operations and activities of an organisation. This can include regular reviews, audits and surveillance mechanisms to identify any irregularities, deviations from expected standards, or policy violations.
Supervisory Controls: Supervisory controls are designed to provide oversight and guidance to employees as they carry out their duties. They involve mechanisms such as approvals, reviews and checkpoints to ensure that tasks are carried out in accordance with established procedures and policies.
Accounting Controls: Accounting controls are procedures and policies established to ensure the accuracy, completeness and reliability of an organisation’s financial and accounting information. This can include measures such as reconciliation processes, approval authorities and controls to prevent and detect fraud.
Organisational Controls: Organisational controls encompass the broader framework of policies, procedures and structures that guide and regulate the conduct of individuals and processes within an organisation. They set the tone for the organisation’s ethical and operational standards, and help ensure that everyone is working towards common goals.
Personnel Controls: Personnel controls relate to the management and oversight of the individuals within an organisation. This can include measures such as background checks, training programmes, and performance evaluations to ensure that employees are qualified, competent and adhere to organisational standards.
NB Please note that all the above noted controls work together to create a comprehensive system that helps safeguard an organisation’s assets, ensure the accuracy and reliability of its financial information, and promote operational efficiency and ethical conduct. Different types of controls may be more or less important depending on the specific requirements and risks of an organisation’s operations.
The internal controls play five important roles within a business
Fraud Prevention and Detection: Internal controls act as a shield against fraudulent activities within an organisation. By implementing segregation of duties, regular audits, and effective monitoring mechanisms, businesses can deter and detect fraudulent behaviour. These controls reduce the opportunities and temptations for employees to engage in dishonest practices, thereby safeguarding the company’s reputation and financial well-being.
Accurate Financial Reporting: Accurate financial reporting is crucial for organisations, shareholders, and stakeholders. Internal controls play a vital role in ensuring the reliability and integrity of financial reporting processes. By implementing sound internal controls, such as reconciliations, documentation, and verification procedures, businesses can minimise the risk of errors, misstatements, and omissions.
This, in turn, enhances the confidence of investors, lenders, and the general public in the company’s financial statements.
Operational Efficiency: Efficient operations are the backbone of any successful business. Internal controls streamline processes, minimise redundancies, and enhance productivity. By clearly defining roles and responsibilities, establishing standardised procedures, and leveraging technological tools, businesses can optimise their operations, reduce operational risks, and improve overall efficiency. Internal controls empower organisations to identify bottlenecks, optimise resource allocation, and make informed decisions to achieve their strategic goals.
Compliance with Laws and Regulations: In today’s increasingly complex regulatory environment, businesses must ensure compliance with numerous laws and regulations, such as data protection, anti-money laundering, and tax regulations. Internal controls help organisations establish checks and balances to comply with applicable laws, reducing the risk of penalties, legal disputes and reputational damage. By constantly monitoring and modifying internal controls, businesses can adapt swiftly to regulatory changes, ensuring ongoing compliance.
Safeguarding Assets: Efficient internal controls assist the company to protect its tangible and intangible assets from theft, misuse, or damage. By implementing measures such as access controls, asset tracking and regular physical inventories, businesses can safeguard their resources. This protection not only preserves the company’s financial stability but also promotes trust among investors, creditors and clients.
All businesses of whatever size should not overlook the role of internal controls. From fraud prevention and accurate financial reporting to operational efficiency and compliance, internal controls form the foundation of a resilient and well-governed organisation. By prioritising and continually evaluating the effectiveness of internal controls, businesses can minimise risks, enhance stakeholder trust, and enable sustainable growth in an ever-evolving business landscape.
Retired Major Silibaziso Zhou is a senior lecturer at Great Zimbabwe University and has the following academic accolades; (PAAB, FACCA, FCGI, MBA, MCOM ACC.B.TECH ACC and FORENSIC AUDITOR).