Major mistakes ininternal control
The following article was written by our colleague Mirka Šimková from our office in Piešťany and it will focus on the biggest mistakes you can make in the internal control.
In the next article, we will cover the biggest mistakes we can make in internal control. Each company has a system of different activities in place and a large part of them are implemented in the business of the company for profit. Across all these activities, the company should put in place an internal control system to ensure the smooth running of individual activities and create a strong control environment where there are neither opportunities nor incentives for fraud.
Fraud may involve property damage such as theft, embezzlement, misconduct, resulting in damage to reputation of the company, misrepresentation of the financial results of the company presented to the public or towards the companies in the group. For this reason, it is very important to set up the internal control system correctly. Setting up requires time, optimization and adaptation over time. It is also a good tool for business owners to properly manage and direct a business, as they cannot control every activity in the company. These procedures need to be written into a system of internal directives to inform individual employees of their responsibilities. Even in companies where there are few employees it is possible to set up a quality system of controls that can prevent mistake or fraud in the company.
The biggest errors in internal controls are incorrectly defined internal controls. E. g. when the invoices received by the Head of Department are checked, the rules on the threshold are not clearly defined or something is left to the individual staff to assess. It is always important to establish clear ruler for each control – the value limits ir the division of competences, document this control and then evaluate any inconsistencies.
For controls where third-party controls are in place, e. g. when it is necessary to receive the confirmation of the customer that the delivery has been accepted and the price agrees, it is a frequent phenomenon that the carriers do not hand over all these, not all get to business cases. In case of incompleteness, internal control no longer works and may provide scope for fraud.
When the system checks are set up – the automatic checks that are most reliable, various incorrect settings may result. Properly, these automatic checks should be used, in particular, for re-ordering orders and receipts and invoices – thus avoiding discrepancies between these individual documents that affect accounting. In case of irregularity, the system evaluates them as s deviation and an analysis and evaluation of the problem is already needed.
Insufficient division of competences is a common problem. Where possible, it should be ensured to approve the invoice and at the same time to pay it by one person, i. e. to ensure a control of minimum of four eyes. Set at least two competent persons for the approval and singing of bank transfer.
Similarly, the recording and approval of accounting cases should be separate. This points to the need to set up multi-level approval of transactions, particularly in the area of buying and selling transactions – at least from the set threshold. The basic feature of the division of power is that no employee or group of employees has sole control over any transaction or group of transactions. Also, control over the processing of transactions should not be exercised by the person responsible for recording or reporting such transactions.
It is very important to properly secure the IT environment, correct access settings, password changes, backup, data protection against misuse from the external environment. Failure to set procedures incorrectly results in failure at the outset and is a source of error and fraud. It is important to allocate competences for individual areas in the IT area, to which only competent persons have access. Only executives who take responsibility for their actions, also contractually, should have access to all areas.
There is currently no control points to inspect the internal control system that can check and evaluate or fine for an incorrectly set up internal control system. Only the consequences of the failure of the internal control process, which will manifest themselves in individual areas of accounting and the functioning of the company, are evident in the controls by the tax authorities.
The audit of the company’s internal control system is mainly dealt with by the auditor in the performance of the audit, where this obligation arises from international auditing standards. Based on his/her evaluation, the auditor may rely on these controls as a part of his/her activities, or may suggest a company to optimize and improve the internal control system, which is of great benefit to these companies. Therefore, we will be happy to assist you in setting up or verifying the settings of your internal control system. You can contact us at one of our offices in Bratislava or Piešťany. More information can be found on our website and facebook page.