16 January, 2019 / IN Audit & assurance / by Paul Quealey
Understanding the importance of control frameworks is key to protecting your business. What are they & how can you implement one that protects your money?
“I never thought it would happen to me!” “They were the nicest person!”
During my 16-year career as an auditor, it’s frightening the number of times that these are the first words out of a client’s mouth after fraud is detected.
Invariably, a little digging into the control frameworks in place in the business highlights a few reasons why the fraud occurred.
But what are control frameworks, why are they so important and, if you have a framework in place in your business, is it sufficient to protect you down the line?
What are control frameworks?
Does fraud occur because too much trust is placed in one person or because of a lack of understanding from the business owner?
The simple answer is that it is both. It all comes down to individuals and the opportunities that present themselves.
For too long, the concept of control frameworks was something that only the big end of town should worry about.
However, every business owner who relies upon another person to manage their finances must ensure their control framework is working appropriately and protecting them.
A control framework is essentially a set of tasks, procedures or check points (whichever one you relate to best) to make sure that right amount of money is going to where it should at the right times and in the most efficient manner.
Why are control frameworks important?
Control frameworks are important for all small and medium business owners because they:
- Reduce the risk of loss through theft;
- Promote efficiency and remove duplications;
- Increase the accuracy in reporting for key decision making; and
- Ensure a business is leveraging all the technology available to it.
The effectiveness of a control environment shouldn’t be considered based upon your current finance staff. While you have full trust in your current staff, what happens if they should leave your business? Would you have the same level of trust in someone unknown? The likely answer is no. As such, an effective control environment ensures that you can have the same level of trust in anyone completing your key finance tasks, as the framework ensures the right checks and balances are being done no matter who is completing them.
A cautionary tale about control frameworks
Controls must be focused on all key risk areas.
A recent control review I completed for a client identified a strong focus on sales and the tightening of controls at the front line. However, there was little attention paid to the amount of credit notes, stock write-offs and returns being processed below the line.
They couldn’t understand why their business continued to struggle with such tight sales controls.
A review of the controls framework identified where controls could be tightened. This resulted in an immediate improvement in financial results for the business.
Looking beyond fraud to recommend business improvements
As an auditor, I unfortunately need to think like someone who wants to defraud my clients. It is the only pragmatic way of identifying the true risks and opportunities for fraud.
Fortunately, or maybe unfortunately, the amount of fraud and control weaknesses I have seen in my career helps me identify where fraud could occur in a control environment and, more importantly, recommend ways to reduce the risk and improve controls.
Of course, auditors don’t just look for fraud. It’s just as important to ensure that employees are not completing redundant tasks or being inefficient, and are utilising the full potential of their technology or software.
Too often, when I complete control framework reviews, asking questions of an internal accountant or accounts assistant as to why something is being done, I get the response: “I don’t know why, we have just always done it that way”.
Given that some businesses have been operating for 10 or even 20 years, technology has come so far that surely the way things were done 10 or 20 years ago would be considered inefficient with today’s technology?
The failure to embrace technology or the existence of double handling or completing redundant tasks may also assist in identifying why a business needs so many finance staff.
Such a review isn’t about making employees redundant. However, could resources be better utilised somewhere else in your business to add more value to front line staff or decision making?
My role as an auditor is never a witch hunt or a blame game. I see it as a way to ensure that even though business owners are focused on the day-to-day operations and have limited understanding of the finances, they can sleep well at night knowing that the controls, checks and balances are in place and no-one is taking more than they should.