Who pays the burden of poor internal controls?
Internal controls related issues pop up in all areas of present-day companies.
I can easily remember the first times I came across bank statements, credit card receipts (back in the days when they were carbon-copied slips). A world of disconnected information, but which somehow needed to be controlled in order to avoid double payments or even customer lack of financial control.
Memories aside, technology is ubiquitous nowadays, literally available at our fingertips. The number of operations and transactions nowadays hits millions per hour – possibly even billions! The world is no longer in the hands of credit card imprinters; though the widespread development of technology and the internet of things may bring comfort and access, it also increases the risk of lack of control, whether caused by lack of knowledge on the increasing complexity of transactions, or by lack of time – in other words, by lack of investment.
Every business needs internal control to project its financial or physical assets. Resistance is nevertheless one of the greatest challenges on the implementation of efficient internal control systems. Many claim such systems are bureaucratic processes holding back business, though scandals and multi-million dollar losses are increasingly featured on the news.
Once duly structured, controls immediately reveal any anomalies, and provide management and interested parties with indications on the existence of frauds, misuse or losses.
Having worked as an auditor and consultant in different fields, organizational structures and corporate governance levels for over twenty years, I have often run into outdated, forgotten or even inexistent versions of one of the main controls all companies should implement: reconciliation.
Management’s failure to immediately reconcile transactions is truly a huge mistake; this control is often left aside and one does not realize how it is the doorway to confusion, business progress-related problems or perpetration of frauds.
The purpose of having a strong internal controls system is to mitigate the risks to which organizations are exposed in the course of their activities, thereby offering extensive protection for the shareholder’s investments. Much like technology has increased risk exposure, considering the volumes and transactions connected to the complexity thereof, it has also allowed for reconciliation, which was once a manual and time-consuming function, to have become a smart and automatic, high added value internal control.
São Paulo, January 2019.