Internal controls are absolutely critical for all Accounts Payable (AP) departments. Without them, AP departments face a much greater risk of financial losses, whether due to fraud or error. However, the fact is that no set of controls is foolproof.
In this blog we explore 5 reasons why internal controls fail, and why you need another layer of security to ensure you are not exposed when that occurs.
Whenever an organisation begins the process of developing its internal controls, it must begin with an assessment of the risks it is seeking to mitigate through their controls. However, many organisations fail to take into consideration the fact that risk is dynamic. Risk levels are constantly evolving due to changes taking place both within the organisation, as well as outside it. As risk levels evolve, so too must the controls you have in place that are designed to mitigate those risks.
Organisations should develop a process whereby risk levels are assessed on a regular basis in order to determine whether the internal controls need calibration.
Not every conceivable scenario will be covered by internal controls. Situations will arise that require judgement calls to be made. It is therefore necessary to ensure that you have a principles based approach to internal controls, rather than an overly prescriptive approach.
AP management and staff should have a strong understanding of the principles that underpin the internal controls you have in place. This will help ensure they have the ability to know how to respond to novel situations that may not be explicitly covered by your policy manuals.
This is among the hardest internal risks to detect and stop. AP officers may collude with suppliers to inflate invoices, or submit false invoices. It is essential that you have a range of internal controls to mitigate the risk of collusion, including regular audits, segregation of duties (ensuring multiple people need to approve outgoing payments), and rotation of duties (rotating staff between different functions) wherever possible.
When it comes to internal controls, remember that the policies you have in place are a means to serve an end goal – which is protection of your organisation from losses due to fraud or error. If the means are not achieving the desired end, then the means must change. Sticking rigidly to internal controls and policies that are not fit-for-purpose is pointless. Make sure a system is in place that allows internal controls to be adjusted if required.
Internal controls can be an impediment to efficiency. They can result in additional layers of red tape that slow down staff and make delivering business outcomes more cumbersome. It is critical that you have the balance right between internal controls and efficiency. AP staff should not take it upon themselves to override internal controls simply because they are inconvenient or annoying. If, for whatever reason, it is widely believed that internal control settings are too strict, have a system in place where management can make adjustments to the controls so that they don’t impose too much of a burden on staff and don’t impact efficiency too significantly.
Getting your internal controls right is a major challenge. If they are too rigid, they can undermine your team’s efficiency and productivity. If they are too weak, they can expose you to losses through fraud or error.
It is also true that no system of internal controls is foolproof. A determined adversary, whether external or internal, will always find a way to circumvent them.
That’s why you need a multi-layered approach to protecting your organisation. A technical security layer that ensures only authorised transfers are sent to authorised beneficiaries is essential.
Eftsure sits on top of your accounting processes and verifies outgoing payments in real-time, ensuring only approved funds are being sent to the intended recipient. When internal controls fail, Eftsure is in place to ensure you don’t suffer major financial losses.
Speak with Eftsure today for a full demonstration of how we can protect your organisation.
Faster payments are part of our every day – but cybercriminals are exploiting the system. Discover how you can reduce the risks in your business.
Tired of yet another unwanted message in your inbox? Here’s how to reduce spam emails and text messages.
Find out what biometric verification is and why it’s important – especially in a new AI-powered era.
End-to-end B2B payment protection software to mitigate the risk of payment error, fraud and cyber-crime.
