This post involves internal controls. Every business needs a system of controls that minimize the risk of financial loss from theft or carelessness. In addition, internal controls help prevent mistakes that result in inaccurate information. The CFO is instrumental in ensuring that the firm has a sufficient control system to avoid these pitfalls.

A good control system is based on several factors. First, monetary risk is addressed and controls are implemented where the risk of loss is material. The control system must also address financial statement risk. This entails a comprehensive, but not oppressive, system of controls over record keeping activities. This ensures reliable information is available for management and capital providers. Elaborate control systems should only be installed for recurring transactions. Otherwise, it is likely that the cost will outweigh the benefits of having an elaborate control system. In addition, it is acceptable to have weak controls in one part of the business if there are offsetting controls elsewhere in the business. Finally, the cost of controls must be balanced against the expected reduction in risk.

Examples of operating risks that can be reduced by controls includes: product failure leading to a product recall; a customer entering bankruptcy; or a key raw material price that rises rapidly. Fraud is likely to occur with: items that have high value relative to their size; items that are easily resold; and cash. Factors that can tempt one to commit fraud are workforce dissatisfaction; high expectations from third parties regarding profits or internal personnel regarding margins and thus bonuses; and guarantees provided by management. In the last case, a good example is where managers have guaranteed the firm’s debt and take actions to avoid triggering the guarantees. Accordingly, controls to minimize all of the foregoing risks must be developed.

When constructing a system of controls there are several principles to keep in mind:
• Management support for the control system
• Segregation of Duties: Different parts of a process are assigned
to different employees.
• Process Integration: Controls are thoroughly intertwined with
business transactions so that employees must perform the control
function as part of their job.
• Assign Responsibility: The relevant employee is held responsible
for ensuring that the control is properly exercised.
• Culture: The culture at the company should ensure that there is a
close examination of breaches in controls.
• Training: There should be continuous of employees regarding the
systems in which they are involved.
• Reporting: A system for reporting breaches of controls must be
installed and reporting breaches must be rapid.
• Staffing: There should be sufficient personnel in a process so
that employees do not feel pressured to avoid control procedures
that guard against a financial loss or incorrect information.
• Infrequent Issues: These rare occurrences must be examined to
determine if the risks merit additional controls.

Potential failures in a control system include conspiracy among multiple employees; the almost unavoidable reliance on the subjective judgement of people (i.e. a poor credit granting decision); and persistent overrides of controls by management.

Every business needs a system of controls that minimize the risk of financial loss from theft or carelessness. In addition, internal controls help prevent mistakes that result in inaccurate information. The CFO is instrumental in ensuring that the firm has a sufficient control system to avoid these pitfalls.

Capitol CFO Solutions serves clients in Washington, D.C., Maryland, and Virginia. Please contact us for a free consultation.