How to Connect Internal Control Processes to a Client’s Objectives
Internal control consulting clients want to know the opportunity costs of developing and implementing internal control processes. They want to be convinced why their hard-earned money should be diverted to processes instead of business expansion. In addition, they want to know the prolific value they will earn from making such an investment.
A client needs to know how the internal control process affects their value creation. And connecting the internal control process to their company’s mission and objective is a great way to help them see the benefits of strong internal control processes.
Don’t assume that every executive you meet knows what internal control process is. COSO’s Internal Control — Integrated Framework has an executive summary that you can use to better educate your clients. But, for the sake of this blog, internal control is an ongoing process effected by those charged in governance to ensure that:
- Operations are efficient and effective
- Financial reports are reliable
- Entities are complying with laws and regulations
These three fundamental objectives can be broken down further to ensure that your clients understand the importance of developing internal control systems. For example, the first objective, operations effectiveness and efficiency, is more connected to your client’s basic business objective. It includes their profitability, operations performance and safeguarding of company resources.
Help them understand that strong internal control systems are fundamental in creating value and for the bottom line. Weak controls create opportunities for asset misappropriation, theft, fraud and corruption.
Let me explain how a weak internal control can affect the profitability of a client’s business.
The following example is a true story of asset misappropriation, but the names of the company and the perpetrator are withheld for privacy and legal reasons.
Jim was the operations director in company A. He was responsible for all company purchases related to operations and administration. He was also a member of senior management and reported directly to the company’s president. Jim was not only loyal, but also a trusted executive. His corporate-issued card had a large spending limit. And to prevent raising any red flags, he turned in his receipts and expense reports to the accounting department on time.
As director of operations, Jim was responsible for procuring operations goods and services, making payments using the corporate credit card and approving his credit card transactions. The company’s lack of adequate control policies enabled him to charge personal expenses to the corporate card. He stole about $50,000 in a span of five years.
Two issues arise from this example: One, the amount Jim stole from the company could have improved the company’s profitability, had the company developed, implemented and monitored strong internal controls such as segregation of duties and proper oversight. Two, the odd truth was that the auditors did not discover this fraud for the five years they audited the company’s books. Surprisingly, it would have continued if not for a staff member who tipped off the accounting department.
The fraud triangle, as explained by the Association of Certified Fraud Examiners, names the three factors that makes someone like Jim commit fraud. These factors are pressure, perceived opportunity and rationalization.
Lack of control policies, one of the five components of internal control, created an opportunity for Jim to steal from his employer. He was also able to rationalize that he would not be caught because no one had oversight over his credit card expenses. Jim was also able to maintain a great working relationship with the accounting department: He turned his expense reports in on time and volunteered to help his boss to do the same. In his defense, Jim said he stole because he was the least paid member of senior management, and he did it to make him feel even.
Let your clients understand that cases like Jim’s are not rare, but rather, very common. Lack of strong internal control and a proper monitoring mechanism creates the opportunity for fraud and/or error to occur. If no one, or a group of people, is assessing risks and opportunities, their company’s mission and objective might be at risk.
To learn more about NjengaCPA’s internal control consulting services, visit our website at www.mercynjengacpa.com.