Companies are required to create internal control framework to ensure that things are working. Company while creating internal control framework want to have number of control as less as possible to ensure that they don’t get red flagged in reviews.
Auditors are required to certify that internal controls are working. Auditors while reviewing controls want to have as many as possible internal control to ensure that they don’t face the shareholders lawsuits or regulatory penal action in case of any incidents.
How to balance these two conflicting priorities?
Company can define top controls for every areas. Major areas are listed below:
- Governance: Essential policies, their communication and adherence, dual signatory, grandfather provisions, Ethics related policies and company’s standpoint.
- Contracts: Standard terms, Companies standpoint on clauses, Contract negotiation and contract monitoring
- Revenue, invoicing and collection related controls and monitoring
- Payroll related controls and monitoring
- Procurement related controls and monitoring
- Compliance related control and monitoring
- HSE (Health safety and environment) related controls and monitoring
- IT related control and monitoring
- Period end related controls and monitoring
- Risk management related controls and monitoring
- Leadership, Business continuity related controls and monitoring
This list is not comprehensive, but can be a good start.
It is very important to ensure that for every function (or every important function) to have
- Plan : Policies,
- Do : Procedures to follow policies
- Check : Records to ensure actions are recorded and
- Act : Review/ monitoring to ensure one is on the right path.
Remember that If, as a company, you are not defining controls then auditors would be defining controls for company.
I have added this link to help reader in implementing ICF.
http://www.slideshare.net/manojbagarwal/icai-dec-30-2012-internal-control-and-csa
Call for action:
Inputs/ comments/ suggestion: I welcome inputs/ comments / suggestions from readers on how to approach this issue. Feel free to correct me, educate me.
Share the Article: If you like it, share it. If you share it with others, and they comment, we all will get more learned.
(Disclaimer: The views expressed constitute the opinion of the author and the author alone; they do not represent the views and opinions of the author ’s employers, supervisors, nor do they represent the view of organizations, businesses or institutions the author is, or has been a part of.)