São Paulo, January 2019.
Who pays the burden of poor internal controls?
I can easily remember the first times I came across bank statements, credit card receipts (back in the days when they were carbon-copied slips), checkbooks which took up 60% of one’s wallet, a world of completely disconnected information, but which somehow needed to be controlled in order to avoid double payments and even the customer lack of financial control.
Memories aside, technology is ubiquitous nowadays, literally available at our fingertips. The number of operations and transactions nowadays hits millions per hour – possibly even billions! The world is no longer in the hands of credit card imprinters; though the widespread development of technology and the internet of things may bring comfort and access, it also increases the risk of lack of control, whether caused by lack of knowledge on the increasing complexity of transactions, or by lack of time – in other words, by lack of investment.
Internal control-related issues pop up in all areas of present-day companies, and every business needs internal control to project its financial or physical assets. Resistance is nevertheless one of the greatest challenges on the implementation of efficient internal control systems. Many claim such systems are bureaucratic processes holding back business, though scandals and multi-million dollar losses are increasingly featured on the news.
Once duly structured, controls immediately reveal any anomalies, and provide management and other interested parties with indications on the existence of frauds, misuse or losses, irrespective if still minor.
Having worked as an auditor and consultant in different fields, organizational structures and corporate governance levels for over twenty years, I have often run into outdated, forgotten or even inexistent versions of one of the main controls all companies should implement: reconciliation.
Management’s failure to immediately reconcile transactions is truly a huge mistake; this control is often left aside and one does not realize how it is the doorway to confusion, a hideout for any progress-related problems in business and even for the perpetration of frauds.
The purpose of having a strong internal controls system is to mitigate the risks to which organizations are exposed in the course of their activities, thereby offering extensive protection for the shareholder’s investments. Much like technology has increased risk exposure, considering the volumes and transactions connected to the complexity thereof, it has also allowed for reconciliation, which was once a manual and time-consuming function, to have become a smart and automatic, high added value internal control.