Establishing and Maintaining Effective Internal Controls
Posted on Monday, January 15, 2018 Share
Your company needs an effective internal control environment to prevent losses from mismanagement, theft, fraud, corruption, and embezzlement. Establishing a good atmosphere starts at the top by making sure the leaders of your organization demonstrate integrity through their actions, follow ethical business practices, manage proactively, and pay attention to details.
Here are some questions to ask in four key areas when evaluating your company's current internal control environment:
1. Basic Internal Control
Are the duties of your company's management and rank-and-file employees segregated to prevent financial fraud and cover ups? For example, does the person who handles revenue or opens the mail also handle disbursements?
Are the members of the board of directors independent from management?
Is the audit committee independent from management?
Is your company's computer system adequately protected against unauthorized access by employees and outsiders?
Does your company have a written conflict-of-interest policy that prohibits employees from accepting gifts from customers and vendors?
2. Risk Assessment Procedures
Are there mechanisms in place to identify potential business risks such as employee theft of inventory or trade secrets, kickbacks, bank or insurance fraud and embezzlement? Do the identification mechanisms keep pace with inevitable changes?
Are both internal risk factors (involving management and employees) and external risk factors taken into account? (External fraud involves theft or the improper use of resources by those outside the firm including vendors and customers.)
Are risk management objectives and procedures appropriately communicated to owners, managers, and rank-and-file employees?
Are objectives and procedures updated often?
3. Information Gathering and Monitoring
Are your employees encouraged to communicate with management - both orally and in writing -- about perceived internal control inadequacies? Is there a way to report suspicious activity anonymously?
Is there a formal procedure for employees to raise red flags about suspected serious improprieties?
Have vendors and suppliers been given a written policy statement regarding prohibited gifts and kickbacks, as well as a company contact to notify if an employee indicates a willingness to break the rules?
Are employees regularly trained and tested on internal control procedures?
Does your company's board of directors and its audit committee regularly address internal control issues as part of their duties?
4. Follow-Through Questions
Does your company have procedures in place to ensure appropriate management follow-up when perceived internal control deficiencies are identified by employees, vendors, or customers?
Does your company have policies, rules and procedures that let employees know in no uncertain terms that fraud or other unethical behavior will not be tolerated?
When fraud occurs, does your company deal with it immediately by terminating the offender and, if appropriate, turning the incident over to law enforcement authorities? Or do you try to "keep it quiet," which can send a message that crime pays at your company?
These are just some of the questions to ask in assessing your company's current internal controls environment. You will need professional assistance to address some of these issues. Naturally, there's always room for improvement because the factors that affect internal controls change constantly.
Posted in Fraud & Forensics Group
Disclaimer: The information contained in Dulin, Ward & DeWald’s blog is provided for general educational purposes only and should not be construed as financial or legal advice on any subject matter. Before taking any action based on this information, we strongly encourage you to consult competent legal, accounting or other professional advice about your specific situation. Questions on blog posts may be submitted to your DWD representative.