Internal control and the management agenda
Internal Control is a topic which always is on the agenda of (senior) management. It is common sense that addressing this topic effectively facilitates organizational performance and gives room to focus more on clients and value creation. However, in many cases organizing this effectively is a challenge and opportunity. This is reinforced by the current changing way how digital transformation has evolved in many industries, business models and how this has been embedded in organizational processes, risks and controls that support organizational goals.
While in the past static processes and controls were sufficient, current business and organizational environments demand a different approach and role.
What is Internal Control?
Internal Control can relate to financial and non-financial related areas. In all cases below attributes apply. Internal Control:
- Is a structured process
- Supports in realizing organization objectives
- Assures reliable reporting and related compliance
- Addresses Risks
- Applies to every organization!
For illustration purposes, a typical example of areas in scope for internal control when focusing on financial reporting which apply to almost every organization are:
- Sales and accounts receivable
- Cash management and banking
- Inventory and supply chain
- Purchases and accounts payable
- Payroll and human resources
- Financial statement closing and reporting
These are dictated by systems in use, related general IT and application controls, organization structure, roles, responsibilities, processes, analytics focusing on risks/opportunities etc.
Requirement for effective internal control
A main requirement to organize Internal Control is to address below building blocks:
When addressing above building blocks, aligning with the organizational strategy is a main driver. No value is created by implementing structures and processing related attributes when not fully linking this with strategy, management commitment and systems/automation used.
To secure alignment with the organizational strategy, Internal control typically can play a key role as presented in below overview:
Purpose of this governance model is not minimizing risk which would hinder business activities but an optimized risk/return.
Internal control can be the key player in the ‘second line of defense’ and can take the position to lead efficient and effective management focus on risks in realizing organization objectives with focus on reliable financial reporting and related compliance.
A recent study in the Journal of Accounting Literature (Volume 42, June 2019, Pages 80-103) also provides broad insight in the high relevance of internal control to stakeholders including investors, creditors, managers, auditors and financial analysts. Also evidence concerning the positive association between audit committee characteristics and internal control quality, supports the call for organizing this effectively with clear focus on organizational objectives and faster changing business models.
Future focus and priorities
Focus for organizing effective internal control should be securing continuous streamlined business processes, clear link to data and their (digital) origin, integration with compliance areas to prevent duplication. This will lead to transparency and visibility.
The 3 main priorities for organizing internal control are:
- Embed digital in organizational processes, risks and controls that support organizational goals.
- Take the lead in aligning the frameworks to the organizational/business objectives
- Organize a standardized approach for both financial as non-financial internal control clearly defining empowering roles.
Always with focus on supporting organizational and business goals!
Managing Consultant Risk and Compliance