Helping SMEs on how to resist corruption in business

Development of internal control system

An anti-bribery program will only be effective if it is controlled effectively. Businesses should consider which process provides the best control of program and what types of checks should be performed to monitor implementation. Moreover, companies at any size need certain internal controls, such as spending controls and signing orders, etc. There are a few points to note :

  • Financial controls (including internal accounting controls) become essential and when being done correctly, will help detect frauds. Transparency and accuracy, in keeping both essential records and documents are critical factors.

According to COSO 2013, internal control consists of four contents: a process, personnel, reasonable assurance and objectives.  The development of internal control procedures should be carried out in two stages with the following specific steps:

Preparation phase:

    • Establish a steering committee comprised the company’s top management and key employees who will develop internal control procedures.
    • Work out the plan to develop a process of internal control
    • Provide training for leaders and key personnel on internal control
    • Hire consultants to design internal control system (if necessary).
    • Conduct assessment to evaluate current status of the internal control system
    • Implement by steps to re-establish or complete an internal control process (this process is regularly taken to re-evaluate, update risk and adjust)

Internal control development phase:

    • Define business philosophy, vision of the company
    • Identify the mission, core values that the business aims to
    • Identify corporate goals in the short and long term
    • Identify risk that the business may face
    • Identify the general control mechanism of the company
    • Identify the organizational structure of the entire enterprise
    • Identify the functions, tasks and goals of each department and each employee in company
    • Identify risks for each component
    • Identify control mechanism for each department and each employee
    • Regulate and document the control mechanisms of each process in specific procedures.
    • Identify all business processes of the enterprise
    • Identify the functions of each process
    • Identify risks of each process
    • Identify risk control mechanism for each process
    • Regulate control mechanisms of each process in the professional regulations
    • Set up communication channels (internal/external)
    • Select a communication approach
    • Schedule a regular and periodic internal control audit
    • Set the minimum benchmark
    • Report poor control activities
    • Monitor and supervise the remedy process
  • Good tracking on terms of contract will help well control the in-transparency in payments and business transactions.
  • Good management helps identify misconduct regarding offering gifts, reception and spending matters;
  • Well-maintained staff relationships and public-private policies encourage openness and compliance.
  • Good leadership sets an example that will contributes to create the culture of the organization.
  • Regular review of internal control process is necessary, eventually include it on the agenda of the Board of Directors meetings.
  • Careful, clear, and readable records should be kept and ready for checking.
  • Checking is only effective if procedures are complied.