Internal controls are a key way for businesses to prevent fraud. In recent years there have been a number of high-profile cases of companies and charities being targeted by fraudsters, both internal and external to those organisations. However, what is less well publicised is the value of wealth that is lost simply as a result of poor internal controls and badly designed systems.
Internal controls are the methods by which management aims to protect the assets of the business and ensure that systems for processing transactions are effective and efficient.
Who is responsible for internal controls?
Many companies see a review of their internal controls and systems as simply being a part of the function performed by their external auditor. They therefore assume this will be achieved simply by meeting their statutory obligation to appoint an external auditor. However, this displays a fundamental misunderstanding of the role of the external auditor. The business itself is responsible for its internal controls and therefore ensuring a thorough review takes place.
External auditors are responsible for reporting on the financial statements, which includes assessing the risk of material misstatement of the financial statements as a result of fraud or error.
The external auditor is not responsible for identifying all fraud that may have occurred during the year or finding every inefficiency or ineffectiveness prevalent in internal controls. Given that the audit process is retrospective and does not entail the testing of all transactions in the period, this would be impossible.
How a review of internal controls can help a business
We live in an age in which technology allows us access to numerous methods of decreasing financial costs, reducing time cost, and providing added peace of mind. Directors and trustees have a responsibility to ensure that they are utilising all tools available to them to maximise income and profit, whilst safeguarding their assets.
A review of internal controls and systems can help to ensure that this is being achieved. Furthermore, a rolling review of internal controls and systems can ensure that opportunities are identified and issues resolved before significant problems arise.
In our experience of advising small and medium sized entities (SMEs), management often consider that their small finance teams and a history free of fraud is an indication that they are at low risk of being defrauded. Unfortunately, it can be precisely these elements that make entities particularly susceptible to fraud.
How Thomas Westcott can help
Here at Thomas Westcott, we offer a range of services that can assist businesses in both providing a review of the internal controls and systems in place, and giving advice based on the latest developments to help improve these.
Our Audit and Assurance Department provides a detailed and tailored approach to assessing and advising on internal controls based on management’s own assessment of risk. This can range from a one-off assurance engagement based on a single system, such as employee expense claims, to a full internal audit function capable of performing fully comprehensive recurring reviews on all systems and incorporating the latest technological developments.
Alan Sanders, Audit and Assurance Manager