Ten top tips : Keeping things under control

A board’s role is to ensure its organisation has an effective framework for corporate governance. Management controls are key part of this framework and the board turns to management for the effective operation of these controls. Therefore management needs to be in control of the business – and be able to prove it to directors! Here are 10 tips to help:

1) Report to the top Prove to the board that you have the business under control. An effective board will want evidence the controls exist and are effective without them having to stray into the operations of the business. Timely, regular and effective communication on the status of internal control in the business will provide the board the comfort it should be demanding.

2) Insist on formality and numbers In many companies controls are informal. As consequence, controls may not be known or adhered to, or may not be accomplishing their objectives. ‘gut feel’ that your business is okay should not cut it.
In governance framework I implemented in Fortune 500 company, the CFO and CEO had to attest to the board that the group’s financial statements could be replied upon and provide the metrics to justify their position. So metrics and attestations were obtained from the smallest business units across the world and amalgamated with other business units up the organisational chart. The data was assessed at group level and decision on the integrity and accuracy of the general ledger could be made. What’s more, the information collected helped inform future decision-making.

3) Set the tone The ‘tone from the top’ must be clear and communicated. If it is not, then internal controls will be given little respect. In addition, management should ‘walk the talk’ and be conscientious in adhering to policies.

4) Identify hot spots Analyse your business to identify risks. These risks may be financial or operational and failure to act could result in monetary or reputational damage.

5) Document your processes Management should ensure the key processes are identified from an inherent risk perspective, and documented. vital part of this will include description of the controls bolted into the process, as well as evidence kept as to the effectiveness of their operation. Process and control documentation should be incorporated into the operational manual for the business. This can also serve as an effective means of training new staff and ensuring succession within job roles. Documenting who and when someone can circumvent the process – and capturing the information when this happens, regardless of who it is – is also important. Most major fraud is committed by someone in position of trust.

6) Protect don’t just detect An effective governance framework ensures controls are in place with the aim of preventing things from going wrong, as well as detecting when they have.

7) Put controls around your electronic information Adequate controls over IT systems, both hardware and software, are key to safeguarding company assets and the integrity of business information. Ensure that those spreadsheets you rely on are checked to ensure they are doing what they should be. Make sure that any changes are made in controlled and authorised environment. Put security measures in place so that the appropriate people are seeing, changing and copying the appropriate information.
PricewaterhouseCoopers’ investigations and forensic services team says 90 to 95 percent of all records are now originated and stored on computers and the theft of intellectual property is becoming easier and more widespread. They advise having forensic plan that details what you would do in the situation of fraud or theft perpetrated by electronic means. Failure to have such plan could result in damage to the ability of the business to successfully prove wrongdoing.

8) Identify the change triggers All businesses are subject to changing environment, from changing financial reporting standards, to new packaging information requirements or information on currency exposures. Identify sources or triggers of change and put in place system to monitor them and keep abreast of developments. Ensure all changes are evaluated for impact and signed off prior to implementation.

9) Listen to your staff Staff see the detail and often pick up on irregularities sometimes without knowing exactly what they might mean. Have an established procedure for any control issues, or better yet, an independent third party where ‘whistle-blowers’ can turn and where action is guaranteed to result.

10) Stitch the governance framework into the company fabric Finally, but probably most importantly, controls can’t simply be something tacked onto company’s operations. They must be stitched or interwoven into the fabric of the business. By doing so, controls will be more effective, the business will avoid harmful consequences, and the value of the business will appreciate. Failure to do so will mean that benefit is limited, reliability decreases and control is potentially lost.

Mark Kingsford is director in the private client services division of PricewaterhouseCoopers (www.pwc.co.nz specialising in corporate governance and general accounting and business advice.

Visited 27 times, 1 visit(s) today

A focus on culture

Rabobank’s 520-plus New Zealand employees work from 27 locations – places like Ashburton, Pukekohe and Feilding and from a purpose-built head office in Hamilton. Its employees are proud of the

Read More »
Close Search Window