Have you organized your internal controls effectively?
Internal control (ie internal control) is a process aimed at obtaining reasonable assurance about achieving the company’s objectives. The compliance operation supports internal control.
The management formulates business activities aimed at effectively achieving the business objectives. The business activities are organized by the management with business processes that include control measures. The company management supports the business processes with IT systems and employees direct the processes. The internal control focuses on (the chance of) possible disruptions to the processes.
There are many reasons for disruptions. We name a few:
- The legislator sets requirements for the organization of business activities. Partners may also make such demands and ultimately we may view company policy as a management requirement;
- The integral and cohesive organization of business activities using business processes requires expertise. On the one hand, we want to record the company and personal data only once and on the other hand, we want to support employees, customers and suppliers as much as possible;
- With the help of technological developments, professionals organize internal control more effectively with the help of business processes, which include control measures;
- The desired knowledge level of employees changes with every change in the organization of business activities. Employees with the right knowledge are a precondition for managing effective business processes; and
- Measuring, estimating, interpreting, assessing and reporting the effectiveness of the business processes and control measures “by default” must move along with all the above changes.
Organizing the compliance operation, which includes the organization of internal control, requires a strategic and operational approach. From a strategic perspective, the position builds a knowledge base on organizing effective business activities. From an operational perspective, the position works with management and employees to effectively drive business processes – with resources.
How can we help you?
Do you have questions about organising, implementing or expanding your compliance operations? Our service owner, Caroline Willemse AA RE RFG or her colleagues, would be happy to discuss your specific case.
The management periodically formulates a – preferably integral – internal control or compliance approach. Based on the overview and insight into the organization of the business activities, the management emphasizes internal control. Based on the integral internal control approach, management implements the decentralized internal control approach.
A large part of the internal control activities takes place in the IT systems that support the business processes. When selecting or building these systems, explicit attention is paid to organizing compliance and continuous monitoring. The internal control approach focuses in particular on determining the effectiveness of the compliance measures, interpreting the findings and assessing business risks, and, if desired, taking appropriate measures.
If adequate control measures are not taken in the systems or compliance is not supported by automated means, this can lead to inconvenient business risks.
Emphasis in the internal control plan can be focused on business units, type of business activities and areas of focus. An area of focus can be the protection of trade secrets or the protection of personal data.
We list a few special compliance approaches:
- For MYOBI’s business activities, we take care of compliance with the TTP policy, in particular the TTP code of conduct GDPR; and
- As part of the contract life cycle of the smart contracting application, we have developed the compliance approach for contract management.
Depending on the nature and scope of the business activities and the desired level of control, we draw up a suitable compliance model, an action plan for implementation and a business case in close collaboration with employees involved in the compliance operation.
Parallel to the development or expansion of the compliance operation, we formulate the internal control plan in collaboration with management.
Our role is merely moderating. The aim is to draw and receive attention for the need to perform compliance activities, to structure, transfer knowledge and to initiate the compliance operation.
The implementation strategy depends on the size and complexity of the business, the willingness of department management to participate in a compliance operation and the focus areas of compliance.
Relevant legislation is often an argument for organizing a compliance operation. Gradually, management discovers that compliance generates valuable information for better and more effective organization of business activities. Compliance work exposes business risks and gives leadership and management the ability to steer.
To successfully set up a compliance operation, it is necessary that the leadership, management and employees see the added value and believe in the function. The basis for this is a level of knowledge that must be carefully built up. Only then will there be confidence that compliance is necessary for achieving company and departmental goals and is appropriate for personal considerations.
An integrated compliance approach can consist of many areas of attention. When building the business compliance function, it is wise to take into account different areas of attention. During the implementation, it may be wise to approach the implementation per focus area.
‘Cost of control’
Regardless of the size of the company, management wants insight into the costs and benefits of internal control. Anglophone countries speak succinctly about ‘Cost of control’.
Companies with a modest size can have enough of compliance with the help of an Accountability Seal on the MYOBI Trust Network. For companies of any size, a compliance operation can be attractive. The costs of compliance activities may be a reason to start an investigation.
The cost level of compliance can also be the reason to conduct an investigation into the effectiveness of a compliance operation.
It is wise to approach the annual internal control activities at company and department level on a project basis, to record the hours and costs and to include the time and costs spent in the reporting. There is often a correlation between the effective organization of