Here are 7 ways to build smart internal controls to contain economic crime

are 7 ways to build smart internal controls to contain economic crimeManagement and stakeholders of different organizations are coming up with many smart programmes to deal with economic crime, which still remains a major concern. There are internal controls to safeguard the interest of investors and other stakeholders who rely on published financial statements.

To check frauds, there is a business process internal control, which is broadly defined as a process implemented by an entity's board of trustees, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives of reliability of financial reporting and preventing any frauds.

The stakeholders are not only responsible for maintaining internal controls systems but also have to put in intelligent controls, which can greatly help in identifying, reducing and preventing any process inefficiencies and financial frauds.

But, investors are paying a heavy price for the systems and control failures.

Here are some smart internal controls through which you can build up an efficient system


Surprise elements
The internal control has to have a surprise element built in it, right from designing to execution to coverage. The regular verification methods are to be done away with. For example, changing the control checkers at frequent intervals, direct exception reporting to management, and taking up new areas which may have been overlooked previously for controls testing.

Risk based approach
The designing and implementation of controls should be on the basis of risk analysis. If the risk is high, more extensive controls have to be put in. For example, if the value of stock is high, the stock verification should be done more frequently and extensively and insurance of stock should be made mandatory against any losses from natural calamities, theft etc.

Pattern analysis
As the businesses grow in size, the volume of data becomes tougher to manage. The traditional sampling methods are neither scientific nor logical for performing internal controls. With the development of the new IT tools, business intelligence, data analytics it becomes easier to study the patterns and unusual relationships between the current and past data. This can help in focusing on the relevant transactions instead of wasting time and resources on irrelevant things.

Process efficiency/ Improvement
The internal controls should be aimed at streamlining the business processes. Process re-engineering will help the organization to do the business in a better way by eliminating non-value added activities and will optimize end- to-end processes. Hence, the process owners should be informed of the deficiencies in the current process and the focus should always be on the process improvements.

The internal controls will become outdated and irrelevant in the wake of technological changes and changes in the business process. The controls should be validated at regular intervals so that it becomes relevant and valid. For example, if the Purchase Order approval process is manually checked earlier, but due to process change it is now taken care of by the release strategy, the focus will be on to find out the approval workflow concepts and authorizations of the persons releasing the Purchase Orders. It can be presumed that there is no Purchase orders released to suppliers without Approvals.

Cost Benefit Analysis
The benefits of implementing controls should justify cost. This means that the elimination of unnecessary controls is very much required. The materiality of the transaction has to be understood. There is no need to control extensively for some transactions, expenses or assets if the value of such expense/assets/transaction is immaterial or negligible.

Follow up action
As seen in many instances, the focus is to only identify issues, report and leave it. And the issue is again opened and reported in the next period. But once any inconsistencies/issues have been identified, there should be a responsible person, who will take action to correct it within a given deadline. The status of the same should be reported to the management on a regular basis.

(The author of this article is Suchith Bose, an accredited Chartered Accountant, Robert Bosch Engineering and Business Solutions)

(Image: Thinkstock)