Immunising Your Internal Control Environment

Immunisation needle up close held by doctor with purple gloves on backgroud blurred
immunise your business needle being held by hands with purple cloves on. background of dr blurred

Immunise by ongoing analysis

Organisations need to continually analyse the design and operating effectiveness of controls in each relevant financial period. The impact of COVID-19 has necessitated organisations to revise existing internal controls or implement new ones.  For example, has there been:

  • A breakdown in review and oversight controls;
  • Key individuals with responsibility to undertake control duties have been unable to do so due to illness or suspension of operations or workplace closure; or
  • A necessity to automate or “computerise” existing manual or paper-based controls.

Whose role is it?

Whether you are a Board, Committee, or member of management, you have a responsibility to participate in the functioning of an effective internal control environment. Accordingly you should reflect on and consider redesigning controls and processes to compensate for the challenges presented by COVID-19. This includes:

  • Prompt, accurate and secure methods to transmit data and supporting documentation to facilitate review and authorisation;
  • Where possible, utilising existing IT-capability to demonstrate a segregation of duties between key business-processes (i.e. initiation, authorisation, review, approval and disbursement).
  • Exploiting inbuilt capabilities of off-the-shelf and cloud software to restrict modification as well as demonstrate a clear audit trail.
  • Adhering to IT best-practice, including regularly changing passwords and being “cyber-aware”.

Organisations should also consider financial reporting processes and fraud risk exposures arising from COVID-19. This includes:

  • Management’s ability to promptly complete its management and financial reporting processes. For example, delays in “closing-off” each month or the year-end may increase the potential for error. Likewise, it may also highlight a deficiency in the operation of an existing control or absence of a key control.
  • Controls related to the selection and application of key accounting policies and requisite disclosure in the financial report. This also includes other necessary compliance-related documents, such as BASs.
  • Security and access to physical assets. For example, ensuring premises are locked, alarmed and patrolled; unused motor vehicles are secured or are offsite in possession of a responsible person.
  • Regular review of transactions relating to debit and credit cards, as well as monitoring the increase (or resurgence) in online transactions. This includes the provision of supporting documentation for all transactions as well as following appropriate initiation, review and approval protocols.

Ask for help

If you feel you may be facing any issues with your internal control environment in the future, or you are aware that you need to make changes now, we encourage you to speak with our team.  We can help you review your current practices, identify the areas which need the focus of your attention and make insightful recommendations. We are here to help!

Contact us via the form below if this article raises any questions or you would like to take up the offer of a complimentary phone conversation to discuss how we can help you.

 

This publication contains general information only and is not, by means of this publication, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services.   Before making any decision or taking any action that may affect your business, you should consult with your Bishop Collins Group relationship manager or your qualified professional advisor.