See if your information has been exposed in a data breach with our latest free tool Check Now
Processes

5 Reasons Why Internal Controls Fail

Niek Dekker
3 Min

Internal controls are absolutely critical for all Accounts Payable (AP) departments. Without them, AP departments face a much greater risk of financial losses, whether due to fraud or error. However, the fact is that no set of controls is foolproof.

In this blog we explore 5 reasons why internal controls fail, and why you need another layer of security to ensure you are not exposed when that occurs.

1.      Incorrect Assessment of Risk

Whenever an organisation begins the process of developing its internal controls, it must begin with an assessment of the risks it is seeking to mitigate through their controls. However, many organisations fail to take into consideration the fact that risk is dynamic. Risk levels are constantly evolving due to changes taking place both within the organisation, as well as outside it. As risk levels evolve, so too must the controls you have in place that are designed to mitigate those risks.

Organisations should develop a process whereby risk levels are assessed on a regular basis in order to determine whether the internal controls need calibration.

2.      Inadequate Policies

Not every conceivable scenario will be covered by internal controls. Situations will arise that require judgement calls to be made. It is therefore necessary to ensure that you have a principles based approach to internal controls, rather than an overly prescriptive approach.

AP management and staff should have a strong understanding of the principles that underpin the internal controls you have in place. This will help ensure they have the ability to know how to respond to novel situations that may not be explicitly covered by your policy manuals.

3.      Collusion

This is among the hardest internal risks to detect and stop. AP officers may collude with suppliers to inflate invoices, or submit false invoices. It is essential that you have a range of internal controls to mitigate the risk of collusion, including regular audits, segregation of duties (ensuring multiple people need to approve outgoing payments), and rotation of duties (rotating staff between different functions) wherever possible.

4.      Prioritising Means Over Ends

When it comes to internal controls, remember that the policies you have in place are a means to serve an end goal – which is protection of your organisation from losses due to fraud or error. If the means are not achieving the desired end, then the means must change. Sticking rigidly to internal controls and policies that are not fit-for-purpose is pointless. Make sure a system is in place that allows internal controls to be adjusted if required.

5.      Efficiency vs Controls

Internal controls can be an impediment to efficiency. They can result in additional layers of red tape that slow down staff and make delivering business outcomes more cumbersome. It is critical that you have the balance right between internal controls and efficiency. AP staff should not take it upon themselves to override internal controls simply because they are inconvenient or annoying. If, for whatever reason, it is widely believed that internal control settings are too strict, have a system in place where management can make adjustments to the controls so that they don’t impose too much of a burden on staff and don’t impact efficiency too significantly.

How can Eftsure help?

Getting your internal controls right is a major challenge. If they are too rigid, they can undermine your team’s efficiency and productivity. If they are too weak, they can expose you to losses through fraud or error.

It is also true that no system of internal controls is foolproof. A determined adversary, whether external or internal, will always find a way to circumvent them.

That’s why you need a multi-layered approach to protecting your organisation. A technical security layer that ensures only authorised transfers are sent to authorised beneficiaries is essential.

Eftsure sits on top of your accounting processes and verifies outgoing payments in real-time, ensuring only approved funds are being sent to the intended recipient. When internal controls fail, Eftsure is in place to ensure you don’t suffer major financial losses.

Speak with Eftsure today for a full demonstration of how we can protect your organisation.

Procure-to-Pay Checklist
Preventing losses due to fraud and error requires securing your entire Procure-to-Pay process.

Download our free guide to ensure you're following best AP practices.

Related articles

Processes

Pros and cons of faster payments

Faster payments are part of our every day – but cybercriminals are exploiting the system. Discover how you can reduce the risks in your business.

Read more

The new security standard for business payments

Eftsure provides continuous control monitoring to protect your eft payments. Our multi-factor verification approach protects your organisation from financial loss due to cybercrime, fraud and error.