Posts

5 Key Internal Control Principles Manufacturing Companies Must Consider!

If large manufacturing companies want to stay competitive in today’s business environment they need to continually work on improving production efficiencies, product quality and cost reduction.

Apart from the competitive business environment, large companies need to comply with a load of rules and regulations.  The Department of Labor (DOL) administers and enforces more than 180 federal laws.  These include the Fair Labor Standards Act (FLSA), Occupational Safety and Health (OSH) Act, Federal Mine Safety and Health Act of 1977e Occupational Safety and Health Act and many more.

In addition, publicly listed companies have to comply with the Sarbanes-Oxley Act.   The intent was to drive improvements in companies’ internal controls.  To comply with the Sarbanes-Oxley Act many firms adopted a recognized control framework.

The most common control framework that companies chose is known as the COSO framework.  The COSO framework was issued in 1992 by the committee of sponsoring organizations of the Treadway Commission (COSO).  Their Internal Control – Integrated Framework was referred to as “COSO”, but on May 2013 COSO issued an updated Internal Control – Integrated Framework (the 2013 Framework) to incorporate the changes and technology advances that have taken place and effected the business world.

The 2013 Framework provides more guidance to large companies to effectively put in place a robust system of internal controls.  It adds 17 principles that are necessary for effective internal controls, but also introduces 81 focus points that are typically important to establish an effective system of internal controls for large companies.

Large manufacturing companies now have the opportunity to implement some of these “best practice” principles and focus points at the operations level to improve on their efficiencies and effectiveness of internal controls.

The following 2013 COSO principles and focus points are more relevant to large manufacturing companies:

1.    The organization selects and develops general control activities over technology to support the achievement of objectives. (COSO Principle 11)

With today’s advances in technology, management needs to consider which technology solutions fit their business models best.  It is important to understand the risks associated with the different technology solutions available. Assessing and documenting controls over technology would greatly assist manufacturing companies to make the best decisions regarding technology.

2.    The organization identifies and assesses changes that could significantly impact the system of internal control.  (COSO Principle 9)

Manufacturing companies are faced with more changes today than in the past that could affect the system of internal control.  These can be grouped into three categories:

  • Changes in the external environment, such as availability of raw materials, new laws and regulations.
  • Changes in the business model, such as better technology solutions and higher quality standards.
  • Changes in leadership.

Understanding, documenting and communicating these changes to management will assist the organization to better manage these changes and control the desired outcomes.

3.    The organization specifies objectives with sufficient clarity to enable the identification and assessment of risks relating to objectives. (COSO Principle 6)

For manufacturing companies to achieve their manufacturing goals, sufficient clarity and understanding of the risks associated with these is essential.  Once the risks are properly identified and ranked, management can implement actions to mitigate these risks.

Specific focus areas such as tolerance of risk and the required level of precision in performance measurements could greatly improve the effectiveness of risk mitigating actions.

4.    The organization obtains or generates and uses relevant, quality information to support the functioning of internal control. (COSO Principle 13)

Control systems need to provide accurate, relevant and timely information to enable management to have a more pro-active than a re-active approach towards internal changes in the business.

5.    The organization selects, develops, and performs ongoing and/or separate evaluations to ascertain whether the components of internal control are present and functioning. (COSO Principle 16)

As manufacturing processes and systems evolve and change over time, so should the internal controls and monitoring systems to stay current and relevant.   Regular evaluations and updating of internal controls are essential to ensure that internal controls are present and functioning.

Focusing on these key areas will enable large manufacturing companies to use their resources more effectively and help them to better define their operational goals and objectives to ultimately become more competitive and successful!

At LBA Haynes Strand we have a group of qualified and experienced professionals with internal controls and manufacturing experience to assist your manufacturing company to implement an effective and efficient internal controls framework. Click the button below for your no-cost consultation today!

10 Common Internal Control Deficiencies Found in Small Businesses

The following 10 common internal control deficiencies found in small businesses can cause the loss or damage of assets, loss of resources, and a decline in revenue. These deficiencies can easily be rectified by slightly changing or modifying existing processes or introducing basic internal controls:

1. Inadequate documentation / records
Documentation provides evidence of the underlying transactions. It is the input to establishing proper financial records. Financial documents should be pre-numbered to ensure all transactions are recorded and accounted for. This will help to prevent recording of the same transaction twice, as there should not be any duplicate numbers in your system. With proper numbering of documentation, tracing documents that relate to follow up queries/claims and questions from customers or owners of prior transactions will be easy.Proper documentation would most probably provide satisfactory answers to most, if not all, financial transaction related questions. Furthermore, adequate documentation will ease the process of compiling financial records and completing tax returns.

2. Key business cycles not properly defined 
Managers and owners don’t see the need to create written policies and procedures or just even basic flowcharts defining the key business processes, as some small business processes appear to be uncomplicated. However, this is probably one of the most unused control tools where the most value can be added with little effort. An effective procedure can align business objectives and help establish best practice operating procedures. As businesses have different focus areas, different cycles will be important to your business but for most businesses the following processes will be critical. Sales and Accounts Receivable, Cash Management, Banking Procedures, Purchases, and Accounts Payable. For a business selling goods, inventory controls will be an important cycle. Documenting key controls in each of these cycles will provide transparency and consistency. Specific roles and responsibilities in each of these cycles can easily be assigned to specific individuals. When improvements and changes are made to your processes, employees can quickly be informed, trained, and brought up to speed.

3. Lack of control with authorization of transactions 
Authorization of purchases should occur before the commitment of resources. Depending on the size of the business, levels of authority can be introduced to better eliminate the risk of inappropriate spending. For example, with orders above a certain dollar value, say $1,000, more than one quotation should be obtained which could ultimately reduce your overall expenditure. Authorizing of transactions before placing orders provides the owners/managers the opportunity to evaluate different purchasing options, and make sure items or services obtained will support the business objectives.

4. No oversight and review  
Small business owners many times get so involved in the day to day operations of the business that they tend to neglect performing basic review procedures. Business owners should take some time and interest in the financial records. This is an important aspect of fraud prevention. Not a lot of time is required to review monthly revenues, expenditure reports, inventory reports, budget vs. actual amounts, and variance reports. Having a more hands on approach will give the owner invaluable feedback on how the business is performing and where any potential problem areas or poor performance areas may exist. Review of the financial records is a critical component and input for better decision making. The frequency of the review of financial data depends on the volume of transactions and type of business, however, the review of financial data should generally be conducted on a monthly basis.  

5. Dated or ineffective information systems  
Small businesses run on lean resources and very little time is often spent evaluating information systems. Investing time in this area could add a lot of efficiencies in the long run.  List the systems in your business and the key performance measures you need from each. Working systematically though these will help you stay competitive and efficient. Many user-friendly software systems are out there which could shorten processing and operating cycles – and are not that expensive to operate. 

6. Lack of physical & logical security  
Lack of physical security of business assets and resources could result in the loss or damage to assets and resources. Access to equipment, petty cash, and check stock should be restricted to appropriate individuals and stored or locked in an appropriate secure location. Computer equipment and networks should be password protected and computer passwords should be changed regularly. Having firewalls and protective devices or software on computer systems is an important component to help prevent security breaches.  Protection of personal information and banking information are becoming increasingly important with the increase in risk of identity/credit card theft. Personal and employee data should be encrypted and stored in secure folders.

7. No formal ethical policies and procedures 
This control may not seem to be crucial for the success of a business, but without clear guidelines on the use of the business assets and expectations, in terms of integrity and ethics from employees, businesses can expose themselves to inefficiencies and misappropriation of assets.  A code of ethics is an open disclosure of the way an organization operates.  A well written and thoughtful ethics policy can serve as a communication vehicle that reflects important values and goals of the business.  It can provide guidelines of how employees should deal with potential misbehavior and/or misappropriation of assets and can provide alignment with regard to company values and commitments.

8. Job roles and responsibilities not clearly defined 
Employees are your most important assets and as a small business you are very reliant on your employees.  They are representatives with customers, suppliers, and competitors. For this valuable resource to be effective in your business you will need to provide clear direction and define appropriate roles and responsibilities for each employee.  Job roles and responsibilities should be clear and preferably be in writing.  This will ease the process of separating duties discussed in the next section.  New employees will quickly be able to reference back to their responsibilities and understand their roles better.   

9. Lack of separation of duties 
Small businesses are susceptible to fraud by their own employees as they may have a few employees with multiple roles. Each employee should have specific job responsibilities, preferably in writing to ensure there is no confusion in assigned job roles and responsibilities.  Generally, assigning different people the responsibilities of authorizing transactions, recording transactions, and maintaining custody of related assets such as cash and credit cards provides for more effective internal control and less opportunities for misappropriation of assets. 

10. Inadequate disaster recovery, backups and business continuity plans   
The importance of backups and business continuity are many times under-emphasized.  Systems can be designed so that back-ups are performed automatically and on a regular basis.  Backups should be made based on transaction volume and stored off-site.  To re-create data can be painful, time consuming, or not practical at all.  Business Continuity plans outline how recovery will be accomplished in case of a disaster.  Long term power outages or disruptions, offices not available for long periods of time, and loss of staff on a large scale are not that uncommon and can happen. Planning ahead for disasters before they strike is important to the survival of your business.  A disaster recovery plan typically consists of an emergency plan, disaster recovery plan, and a continuity plan.  

Changing your approach towards internal controls in your business in these 10 key areas, can make your business grow! Implementing control tools in these areas can be accomplished in a fairly easy manner and in a short amount of time. Consult your local accountant or auditor for advice with some of the technical financial processes and controls. Changing your focus in these 10 areas, will add a lot of value to your business over the long run!