“One-size-fits-all” really only works…when it “fits”. Tailoring is required when buying a suit or developing your business controls. Right-sizing your controls will protect your organization.
Developing control activities for your business is no different. If they aren’t right-sized, you will be too vulnerable or too restricted to successfully grow your business.
Through policies, processes and procedures, control activities are the actions taken to help mitigate risk within your company. They can be designed for prevention or detection and may incorporate a range of both manual and automated applications.
Consider this example of inventory disappearing at a client: The business discovered some of its small, but fairly expensive products were vanishing. There were with no clear leads to determine what was happening. The company implemented some simple controls, including installing a key system and surveillance camera. Since implementing this control activity, losses have been reduced significantly. Discovering your most vulnerable areas and adding effective control activities around them can result in large returns.
Appropriate (Right-sized) controls will vary depending on the nature of your work, the work environment and your specific needs. The following are some of the more commonly used control activities.
- Education, Training and Coaching – Ensuring employees have proper qualifications and training to perform their duties effectively promotes efficiency and reduces errors.
- Authorization – Providing reasonable assurance that business transactions are falling within set policies and that appropriate personnel approve any exceptions.
- Performance Planning and Evaluation – Unusual trends or unexpected results that may require further investigation or corrective measures can be identified using key performance indicators.
- Physical Security Over Assets – Protecting and safeguarding assets from damage or loss due to natural disasters, accidents, negligence, theft or fraud.
- Reconciliation – Verifying the accuracy of financial documents by regularly collating automated and source records.
- Segregation of Duties – Minimizing occurrences of error and fraud by having more than one individual involved in completing fiscal activities.
Security in the area of information technology is a growing concern at many companies. Cyber- attacks, IP protection, data integrity, electronic payment systems among other growing technology risks make IT a target for improving control activities.
Incorporating Control Activities
Control activities are used throughout all areas and levels of a corporation. In the process of design and implementation, your goal should be to obtain maximum benefit at minimum expense. Here are some points you should consider:
- Control activities should not cost more than the potential damage from undesirable events.
- Control activities should be considered while company systems and processes are being developed. This will prevent expensive retrofitting after the systems and processes are implemented.
- Resources for control activities need to be balanced with the likelihood and ramifications of risk.
- Some risks may require more than one control activity.
Taking the time to determine what suits your company best will be worth the cost of alterations. With the right types and balance of control activities in place, you will maximize operations, efficiency and productivity, saving time and money in the process. Your business will be dressed for success.