Companies with ineffective internal controls face risks of embezzlement and self-dealing by employees, bribery, export control violations and other possible legal violations. The payment of foreign bribes often occurs in companies that have weak internal controls.
A company’s internal controls have to provide reasonable assurances regarding the reliability of the company’s financial reporting and its financial statements. The FCPA’s books and records requirement extends to an issuer’s subsidiaries and affiliates under its control, including foreign subsidiaries and joint venture partners.
The concept of “internal controls” is amorphous and refers to the company’s procedures and policies to ensure that transactions are carried out in compliance with management orders, transactions are accurately recorded, and access to assets is properly authorized. A company’s control environment encompasses the company’s ethical culture, risk assessments, and monitoring. A company’s anti-corruption compliance program is an important part of a company’s internal controls.
In order to meet these requirements, companies have to establish procedures for securing financial approvals, authorizations, and reconciliations. These usually consist of a set of global authorizations and standard financial policies.
There are four significant aspects to a company’s control environment:
Financial control systems: The most important aspect of a company’s internal controls is the use of a consistent ERP system. Companies run into major difficulties when they use different financial control systems, especially when they acquire companies and fail to integrate the new company into the company’s existing controls.
Financial authorizations define those positions in the company and the amount of authorized expenditures for that position. For example, a country manager may have the authority to spend a certain amount of money. Every company establishes a fixed amount for specific levels of officers, managers and employees.
Financial procedures are specific rules implemented by the company to ensure proper accounting and monitoring of financial expenditures. For global companies, these procedures are detailed and important to ensure proper monitoring of financial transactions.
Segregation of Duties: One of the most important principles for protecting the integrity of a company’s internal controls is segregation of duties. A conflict in segregation of duties increases a company’s risk for misuse of funds. Segregation of duties refers to the number of division of financial procedures into discrete parts and assigned to different individuals.
An example of segregation of duties is how fast food drive-thru lanes are organized. One person takes the order at one window takes the money; a second person hands the food to the customer at another window.
A company with segregation conflicts suffers increased risk for misuse of funds – which means that fraud, bribery, and other financial risks increase. The best protection against improper access to funds is to minimize segregation of duty conflicts.
A company that has a strong ethical culture, still needs to conduct risk assessments, adopt appropriate financial policies and procedures, and monitor and test its control system. These basic building blocks reinforce each other and are important components of an effective set of internal controls.