Are Your Internal Controls Working For You?

You have worked long and hard at building your business. You know the risks you face, and you want to protect yourself, your company and your employees against it. You are aware that you need to actively manage business, process, financial and fraud risks that may prevent you from achieving your objectives. You have heard about the red flags of fraud, the need for a code of conduct, why governance, risk management and compliance (GRC) are important.

Depending on your type of business, you may have to answer to your Board of Directors and Audit Committee, who are tasked with exercising oversight, to ensure greater levels of informed decision making. You have taken steps to implement the necessary safeguards, but are they working for you?

Back to basics

Take some time to reflect on your business and how far you have come. Then, consider whether you still have the basics in place:

  1. Do you have formal documented policies, procedures and processes in place that supports your business in creating value over time? Have these been updated for changes in the business landscape?
  2. Have you communicated these to your employees – are they engaged in following these? Do they know why internal controls are important and that each person has a role to play?
  3. Have you assessed or (re-assessed) the risks faced in your various business processes and by the organization as a whole?
  4. Have you designed and implemented controls to mitigate against these risks? Do you have basic controls such as segregation of duties, verifications, reconciliations, and authorisations in place? What are you doing to safeguard your assets? Do you have sufficient management review over transactions and business activities? As risks change, so your internal controls should be adapted as well.
  5. If you have designed and implemented controls, how do you know that they are working? Do you get any independent assurance from your internal audit function? If so, what are they reporting?

How internal control weaknesses can contribute to fraud

Implementing controls to prevent and detect fraud, is a necessary part of managing fraud risk. In the Association of Certified Fraud Examiners’ (ACFE) 2020 Report to the Nations, it was noted that four anti-fraud controls were associated with a 50% or greater reduction in both fraud losses and the duration of the fraud. These included:

  • A code of conduct
  • An Internal Audit Department
  • Management’s certification of the Financial Statements and
  • Regular Management Review over processes, accounts, and transactions.

Despite having internal controls in place, weaknesses in such controls opened the gap for fraudsters to exploit them. The primary internal control weaknesses that exposed organizations to fraud were:

  • A lack of internal controls
  • Management override over existing controls
  • A lack of management review and
  • Poor tone at the top.

Other control weaknesses included lack of clear lines of authority, insufficient employee awareness and education on fraud, lack of independent audits and lack of competent personnel in oversight roles. It was further found that smaller organizations are more likely to lack internal controls while larger organizations are more prone to management overriding internal controls.

The value of Internal Auditing

While you know your business, your Internal Auditor can help you by providing you with a fresh perspective. Internal Auditors are partners to business owners and management, focussed on helping to increase the chances of your organization achieving its strategic and business objectives. We do this through independently assessing your systems of governance, risk management and internal controls.

Internal Auditing is not only there for big business. At GrowthSmiths, our aim is to bring internal auditing solutions within reach of all businesses, no matter their size. Providing you with bite-sized solutions, we have a team of professionals who are there to help you ensure that you have the basics in place, and that your internal controls are working for you.

This article was written by Tania Knoetze, Service Line Leader for Internal Audit.

Find Tania’s service here: