lnternal Control:Control Framework Within An Organisation

One of the key requisites to successfully manage the risks associated with running a business is to have a sound and effective control framework. The existence of such a framework in an organisation encourages a sound control environment in which the business operates. With the increasing levels of corporate governance, the CFO and the CEO are being held accountable for the effectiveness and efficiency of their control environment.

In my forthcoming articles, I shall be suggesting some minimum controls that have to be in place to ensure that key strategic, operational and financial risks of the company are managed.
The areas for discussion are:
Control Environment
General Accounting
Revenue Cycle
Expenditure Cycle
Bank and Cash
Fixed Assets Management
Inventory, Logistic and Distribution
This article, today discuss on the minimum controls suggested to be in Control Environment of a company and is segregated into the following categories:

  • General,
  • Delegation of Duties,
  • Risk Management,
  • Management Information Systems.

Control Environment

(a) General

In the Control Environment, generally, certain minimum key salient features should at least be there:
there should be a champion at the director level within the organisation who strongly and clearly supports a strong control culture and environment,

  • a clear policy statement on controls should be issued to all staff,
  • there should be a company-wide framework of policies and procedures documented in a comprehensive manual,
  • there should be clear policies and procedures in place to ensure that staffs fully declare all related party transactions and potential conflict of interest situations on a periodic basis.


(b) Delegation of Authority (DOA)

  • an overall delegation of authority guideline should be documented for all functions and operations,
  • in particular, delegation of authority guidelines must be documented for the following:

Appointment and dismissal of members of top management team
– Awarding of salary, bonuses, benefits for all staff
– Setting terms and conditions for all staff
– Debt and Capital restructuring
– Investment functions
– Treasury functions
– Issuing of guarantees
– Issuing of charges on assets
– Acquisition or disposal of investments, businesses and commercial rights
– Establishment of exclusive and/or special types of arrangements

©  Risk Management

  • There should be a mechanism in place to ensure that all significant operational risks are identified and recorded on an ongoing basis.
  • Procedures should be established to ensure that suitable action plans are implemented to address all the risks that have been identified.
  • The action plans should be measurable to assess whether the identified risks have been successfully managed.
  • There should be an effective system or process (e.g. Internal Audit checks) to ensure that adequate controls are in place to address identified Operational and Financial risks.
  • Adequate insurance coverage should be undertaken for both the company’s assets.

(d) Management Information

The Management Information System (MIS) should be able to generate explanatory management reports, incorporating the usage of comprehensive graphs and schedules, on a timely basis.

In particular, the management reports should include the following:

– Profit and loss account
– Balance sheet
– Cash-flow statement
– Aged debtor listings
– Creditor listings
– Inter-company balance/transaction report
– Foreign exchange exposure report
– Contingent liabilities and other commitments report
– Action plan report
– Operational risk report
– Division sales report
– Division inventory report
– Stock category month stock trend with comparison between stock holding vs prior month
– Commentaries on the followings:

(a) Sales/GP – on a current month versus budget, current month versus prior month and actual YTD versus budget YTD basis

(b) Expenses – in terms of Staffing, Selling and General Expenses on a current month versus budget, current month versus prior month and actual YTD versus budget YTD basis

(c) Other Income – explain and indicate the nature and comparison of current month versus budget and prior month , and current YTD versus budget YTD

(d) Profit before Tax – comments in summary what caused the change in PBT

(e) Cash Flow, Capital Expenditure and other significant items

(f) Assets Management – in terms of AR and Stock turnover, ageing etc
– Month end borrowing position (amount utilised versus facilities provided, interest rate)
Comprehensive documented period end procedures should be in place to facilitate timely preparation of the management reports.

Management reports should be reconciled to underlying accounting records and all reconciling items should be addressed promptly.

Major variances against budget should be analysed monthly as part of management reporting.

Provisions for taxation, both current and deferred, should be checked quarterly to ensure accuracy and compliance with local regulations.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.