Internal Control
Essay by 24 • April 26, 2011 • 1,408 Words (6 Pages) • 1,769 Views
"No matter how sophisticated a system of internal control is, its success ultimately requires that you place your trust in certain key personnel"
Introduction
Within any organisation a high level of trust has traditionally been placed in management and key personnel. This has led to some quite public failures in corporate governance and internal controls - Enron, WorldCom, HIH insurance etc... A lack of effective personnel controls can lead to a multitude of organisation problems such as fraud, theft, excessive costs and poor management decisions. The solution therefore is not to trust the key personnel but instead to trust the controls. This in turn means that organisations need to develop more sophisticated more 'water-tight' control policies and plans. Truly effective internal controls establish a framework whereby only honest, trustworthy, competent, qualified employees are hired and business objectives are continuously met or surpassed. Sophisticated controls have the ability to eliminate the need to place high levels of trust in key personnel but it can never be a case of develop the control and trust it implicitly with no evaluation or adjustment. These new controls plans need more than just development, they need to be treated as living objects continually reviewed, monitored, assessed and redeveloped in order to move with both society and technology creating a business environment where the trust is on the controls, not the people.
1.0 Personnel Controls
In reducing or eliminating the need to heavily trust key personnel and instead trust the internal controls, the particular control that needs to be addressed is personnel control, more commonly referred to as 'Human Resource Management'. It is this control in itself which needs to be the most sophisticated of all particularly within the accounting or information systems environment. Why in particular in these environments? Mainly because of the level of access associated with these roles, many accounting staff have access to highly confidential information and AIS, IS & IT staff usually have high levels of access into the computer systems themselves, meaning a multitude of problems could happen if the right staff aren't in place i.e. data deletion, information transmitted to wrong people, incorrect or misleading journals posted, the list could be virtually endless. Personnel controls address not only the recruitment of the 'right' employees but also the retention, development and termination of employees.
1.1 Recruitment
Recruitment controls are vital in ensuring an organisation is employing, honest, trustworthy and competent people into the roles in which they will provide the most value to the organisation. This goes further than ensuring credit, criminal, reference and qualification checks are performed on potential candidates but also key duties and requirements of the role must be specified. This ensures that the candidate is suited to the role they are given.
1.2 Development
An organisation should always encourage employees to further develop those qualities and skills which made them suitable employees in the first place. Training schedules should also be provided to ensure any deficiencies in an employee's skills are identified and corrected. Development is always a significant expense for an organisation but continual development provides many benefits to an organisation, especially in AIS, IS & IT where the developments and new technologies rapidly improve and change.
1.3 Retention
Retaining quality employees is always a challenge for any organisation, large or small. Often a large expense to an organisation is the development and training of employees therefore to ensure an organisation receives a benefit from their investment they need to have effective retention plans. Organisations need to ensure that their employees are enjoying their role a lack of job satisfaction has often been cited as a reason an employee has committed fraud. An organisation therefore needs to build into its personnel plans a review stage, where all roles are reviewed and to check that skills and responsibilities required still reflect the person within the role. Varied roles often provide good challenges for employees as well as offering an effective control for organisations. Programmes like job rotations and forced vacations if run effectively benefit both employee and employer. It is also important that employees have access to management opportunities. A major reason given for an employee to leave an organisation is if they feel they have nowhere else to go within the organisation other than sideways.
1.4 Termination
Termination practises can potentially leave an organisation highly unguarded. As mentioned earlier accounting, IS, AIS & IT roles all usually have significant levels of access to information and security rights. Disgruntled employees therefore if given opportunity can potentially cause significant levels of damage if some key guidelines aren't developed. Organisations should ensure that clearance passes, and access to systems are taken from the employee upon termination and where appropriate escorted from the premises. It is common practise for an organisation to require employees to sign, confidentiality agreements or declarations of secrecy to ensure that any information obtained while employed by the organisation cannot be used or disseminated by the employee even after the employment engagement has concluded.
...
...