- Corporate Security Teams
- Risk & Compliance Teams
- Information Security Teams
Governance, Risk and Compliance
By Resolver Modified March 9, 2021
Enacting new policies and procedures can help companies remain profitable or avoid certain risks that threaten their stability. That said, these precautions will only function correctly if they are adhered to. Internal controls exist to ensure companies are following the processes and procedures they put into place. But how does a company determine whether an internal control is accurately evaluating policies and safeguards? Regular review is often seen as the best way to ensure internal controls remain relevant, even as companies change and grow. A single annual assessment in isolation is not always the best way to go.
As boards review the internal controls that have been put in place, there are several factors they should keep in mind. First, consider the significant risks and assess how they were originally identified, evaluated and managed. It’s important to note whether companies still face these risks or if they have changed, as this could affect both the policies enacted in response and the internal controls that monitor these processes. Then, the effectiveness of the related systems of internal control should be evaluated, paying special attention to any significant failings or weaknesses that have been spotted since they were put into place. Consider whether the appropriate responses are being taken to remedy any of these shortcomings or weaknesses. Finally, take a look at all the findings as a whole. Do they warrant a more extensive evaluation? After an assessment, boards should consider whether they have to pay more attention to specific controls – some measures may need to be reviewed more frequently than others.
Creating a successful system of internal controls in a timely fashion is important, but measures and safeguards should not be implemented just because an issue needs to be addressed. Internal controls should be established with the goal of meaningful use, keeping in mind that effective measures may take time to create. Developing error-proof internal controls should take priority over whipping up a make-do solution. This is part of the responsibility of directors and management – they need to enact useful internal controls, but should not be nearsighted as they look to implement these measures.