Internal controls are an important yet very much challenging part of an organisation. In a recent post by Diligent, the company outlined five key components of internal controls.
A previous survey by the Association of Chartered Certified Accountants found that 41% of respondents said technological advances made it difficult to maintain existing controls, while 32% reported the lack of emphasis on internal controls made internal controls management more difficult.
The first key component of internal controls is the control environment. According to Diligent, the control environment refers to the overall culture of compliance.
The firm said, “If executive and management teams disregard existing controls, employees will likely follow suit. Over time, this can create vulnerabilities across the system. Compliance can also happen from the bottom up since audit teams can use their data to make a business case for cyber risk management.”
Risk assessments were the second key component highlighted. Diligent remarked, “To effectively manage risk, organizations need to identify their potential risks, then implement internal controls to mitigate them. Accounting teams should have an always-on approach to monitoring since new risks can surface without warning. The teams should then deliver audit reports to the board to surface any new risks.”
Control activities were the third component, with Diligent defining control activities as ensuring proper controls are in place and using accounting systems and automation to verify controls as functioning as intended. This the company claims, can include regular controls testing or inventory audits, all of which should follow an internal audit strategy.
The fourth component is that of information and communication. Diligent explained, “Knowledge is power. Communicating with management about any lapses in internal controls is the best way to mitigate risks quickly. Though audit teams likely have hundreds or even thousands of data points, taking a proactive approach to enterprise risk management is essential.”
The last cited component is that of monitoring. Audit teams, Diligent states, should monitor controls on an ongoing basis. Doing so ensures they’ll be able to identify when controls are functioning properly and when there are potential lapses in the internal controls system.
Diligent concluded, “The five components of internal controls may seem like they’re the business of only the accounting and audit teams. In reality, every member of an organization should understand and support the internal controls system. Without internal controls and the teams supporting them, organizations could face major breaches, compromising their reputation and bottom line.”
Read the full post here.
Copyright © 2023 RegTech Analyst
Copyright © 2018 RegTech Analyst