January 12, 2020 par Sylvain Félix

An internal control system?

The internal control system (ICS) designates all of the control measures contributing to the monitoring of the main business processes. The primary purpose of the ICS is to provide reasonable assurance regarding the achievement of the business objectives. Among other things, it meets the following objectives:

  • Optimizing the processes and activities of a service in order to provide efficient work at a minimum cost, while minimizing errors and irregularities, whether voluntary or not;
  • ensure the reliability of financial and management information;
  • comply with applicable laws and regulations.

An ICS includes various elements such as the control environment, risk assessment and control activities. When setting up an ICS, it is a matter of harmoniously combining the various regulatory (instructions and directives), organizational (organization charts and processes) and technical (IT and communication) measures. Internal control is not an end in itself. He is there to support the conduct of a service and to ensure correct, law-abiding, economical and efficient activity. The question of how these benefits relate to the cost of the measures should not be overlooked.

Since resources are always limited, departments should compare the relative costs and benefits of controls before implementing them. When trying to assess the advisability of a new control, it is necessary to study not only the risk of a failure and the possible impact on the service, but also the costs that would entail the implementation of this control. A decision on the implementation of a control will always remain partially based on subjective criteria. The whole difficulty of analyzing the cost / benefit ratio consists in defining the tolerable residual risk. Some controls are necessary and essential, but excessive controls go against the intended purpose and can become very costly. In general, it is recommended to give priority to controls that cover the most significant risks

Internal control is not just a collection of manuals, procedures and documents. It is provided by people at all levels of the hierarchy, namely the management, executives and staff of a service. It is the individuals who set the goals, put the controls in place and keep it going. Internal control procedures are particularly effective when they are integrated into the infrastructure and are part of the service culture. They must be integrated and not added.

Indeed, the culture of a service is a very important element of the control environment, since it determines the level of staff awareness of the need for controls. It forms the basis of all the other elements of internal control, by imposing discipline and organization.

Many changes in the environment can make certain aspects of IBS unsuitable. This is why an internal control system must be alive and evolving

Limitations of the internal control system

It should always be borne in mind that any ICS, however well designed and applied, can provide at most only reasonable assurance to management as to the achievement of objectives. Indeed, since it is essentially based on the human factor, ICS can be affected by

  • a design problem;
  • an error in judgment or interpretation, such as when the employees interpret the instructions incorrectly;
  • dysfunctions, such as collusion, the use of forgeries or “overstepped” or bypassed controls;

It is also necessary to take into account the loss of effectiveness of controls over time when employees give in to routine.

In conclusion

The internal control system is therefore not a project with a start and an end, but a living system. And the whole challenge lies in maintaining the quality and added value of the system over the long term.

An ICS, even set up with the greatest possible care, will quickly become ineffective if it remains immobile and static while the environment is constantly in motion

This is why we offer a dedicated cockpit which allows

  • define your objectives and assess the risks of not achieving them
  • establish a good management of information and communication,
  • integrate the control actions intended to minimize these risks into the processes.
  • create a healthy, living and scalable control environment

To find out more, do not hesitate to contact us.