In the previous posts we have spent a lot of time examining internal controls, developing a checklist as well as highlighting their importance.  Even though you may have gone through these steps or simply reviewed your own existing internal controls it doesn’t mean they will always work.  It is worth looking at some reasons why your internal controls don’t always work.

Some of the these reasons include:

  • Staff may not be aware that some internal controls even exist or haven’t completed relevant training.
  • Staff bypass or don’t follow correct procedures as they may argue that it saves time, there is too much bureaucracy and they believe they know a better way to do it.
  • Security, access codes or passwords have been poorly managed, haven’t been changed or updated.
  • Equipment and other assets are not locked away or secured safely and have been left out in the open raising the chances of theft.
  • Staff simply may make a mistake due to lack of knowledge, poor judgement or just not caring.
  • Financial transactions have not been properly checked, not gone through the correct approval process and have not been recorded correctly.
  • Levels of authority, segregation of duties and delegations are exceeded or not adhered to.
  • Spending limits are not adhered to, incorrect use of credit cards or transactions have not been properly authorised.
  • Staff act dishonestly or in collusion.

These are just some examples to highlight why internal controls don’t always work and as you can see, each one has a negative consequence for the organisation and will impact on the staff who work there.  In the extreme, it can also impact on the reputation as well as the ongoing viability of the organisation.

When you develop policies and procedures for internal controls make yourself aware of why they don’t always work and then address these issues.  There is no point have internal controls if they are not respected, valued or poorly managed.