Question

Though companies might do their best to enact internal control procedures, it doesn't mean it will always work. Discuss 1-2 reasons why internal control might not work, despite best efforts. In addition, discuss how employers should enact procedures for internal control for the most risky activities.

Answer 1

Reasons why internal controls might not work despite best efforts are as follows:

1. Lack of judgement while taking decisions: Internal controls might fail due to the fact that individuals taking the decision might not be equiped adequately with the complete information required for the purpose of decision making or the individuals responsible for the decision making are not backed with the experience required for this purpose.
2. Attitude of the Management of the organization with respect to the internal controls: Many a times management themselves override the internal controls because they feel that these controls are inconvenient or inappropriate and therefore don’t apply to them.
3. Occurrence of unexpected events: The reason why internal controls don’t work is that the internal control systems are designed to tackle certain situations or a certain range of variables and when the actual events or situations happen beyond the expected range then the internal control systems may not be able to tackle them effectively.

Employers should enact the following procedures for internal control for risky projects:

1. Separation of duties: Employer organizations should work towards separation or segregation of duties and responsibilities so that no one person has complete responsibility for any activity or job and thereby reduces the probability of frauds happening. In case of organization which have risky activities , it becomes essential that no single employee has complete control over the risky activity and so the organization doesn’t suffer adversely. Even in case when organizations are small in size with lesser number of employees this can be implemented by making 2 or more employees share their responsibilities or in case of risky activities it should be reviewed by co-employees which serves the same purpose.
2. Standardization of documentation: This is a very effective procedure adopted by the employers so that there is consistency and standardization in the documentation formats so that it becomes easier to review the past records in the process of identifying the root cause of the discrepancies.
3. Approval of authority: Employers should have managers who are responsible for authorizing the specific transactions so that it puts in an additional layer of responsibility accounting in the organization so that it is clear that all important and risky activities have been analyzed and approved by the appropriate and responsible designated authorities.
4. Physical audits: Physical audits as a part of internal control systems in organizations handling risky activities is extremely important as it highlights and brings out the discrepancies that are hidden or any bypassing of the designated authorities that have happened, In case of risky activities these physical audits should be frequently carried out.