Effective internal controls: A vital enabler for private companies

Photo from Canva

By Business World – Kristopher S. Catalan and Dwayne G. Ignacio

Change is inevitable, and we know this now more than ever. The technological disruptions that were hastened by the exigencies of the pandemic have now become widely accepted and mainstream, with such changes continuing to grow more rapidly each day.

The pace of change in organizations has also accelerated. As a response to risk events such as cybersecurity breaches and fraud, especially during the pandemic, organizations had to quickly reinforce controls to protect their assets and manage compliance, reputational and legal risks. Regulatory activities have increased over the last several years in response to these events, and recently, as a result of corporate failures from previous decades, have become a race to adopt a compliance-focused mindset.

With the pandemic slowing down, some companies are now re-aligning risk management with changes in business models and emerging risks in the face of disruption and technological advancements. This is challenging for private companies, especially for small- and medium-sized enterprises (SMEs), which are recovering lost growth and managing transitions to more resilient business and operating models while simultaneously meeting new demands from internal and external stakeholders.

Private companies have an opportunity to clarify or reinforce the roles and responsibilities within their internal control environment, stressing that management is responsible for internal controls. Enhancing internal controls by formalizing ad hoc practices, creating units or departments that will complement the monitoring functions of existing business units (such as the compliance department or risk management unit) or strengthening internal audit are some ways to respond to the emerging risks. Controls need to respond to the challenges of ever-changing business and regulatory landscapes. Private companies cannot just focus on growth today; they need to level up to ensure they protect their future.

Clear reporting lines and a strong governance structure play important roles in any organization’s internal control environment. A well-defined governance structure provides an end-to-end view of stakeholder involvement by clearly assigning process ownership and accountabilities, identifying the roles and those responsible for responding to risks, and ensuring that controls are working. It also describes how performance ratings of the control owners are linked to the effectiveness of the controls for which they are responsible.

Since maintaining a strong internal control environment normally involves people who work in various functions within the organization, the governance structure of a private company should be designed such that it enables effective coordination and communication across various business units. Having a well-defined governance structure in place also facilitates the timely reporting and analysis of any observations and findings on the effectiveness of controls. This in turn helps ensure that any weaknesses and deficiencies are identified, appropriate risk and impact assessments are performed, and remedial action is taken and implemented.

READ the full feature HERE.