Implementing The Right Internal Controls Like Precisely Filling In A Crossword Puzzle
Internal controls are important to safeguard the organization’s assets. When you have strong internal controls, you have more confidence that the organization is promoting operational effectiveness including managing risk effectively, compliance with regulations, and maintaining effective corporate governance.
The organization is working towards achieving its goals and strategic objectives but figures out that it has some internal control deficiencies. Maybe a lack of documented policies or procedures; frequent errors or inconsistencies in reports; or terminated employees whose access hasn’t been deleted timely. If you’re experiencing these types of issues, it’s important to validate and remediate them in a timely manner to prevent them from becoming bigger issues.
Implementing the right internal controls is similar to working on a crossword puzzle coming up with the right word in the right spot. Use the clues below to uncover some elements for effective internal controls:
- 1 across - process of verifying the accuracy and completeness of data or information
- 2 down - procedure for verifying the identity of users
- 3 across - procedures and safeguards implemented to protect assets and ensure compliance
- 4 down - process of optimizing workflows to improve efficiency and reduce unnecessary steps
- 5 down - technological barriers that monitor and control incoming and outgoing network traffic
- 6 across - ongoing observation and assessment of systems and activities to ensure compliance and security
- 7 across - security breach or event that compromises the confidentiality, integrity, or availability of data
- 8 down - technique for encrypting data to prevent unauthorized access
- 9 down - evaluating potential threats and vulnerabilities to determine their likelihood and impact
- 10 across - established guidelines and rules governing behavior and decision-making
- 11 across - ensures only authorized personnel have access
- 12 across - physical mechanisms used to restrict access to doors, cabinets, or other secure areas
Reviewing Internal Controls
Image from Bigstock
Unsure about some of the clues above? If the organization’s internal controls are not as strong as they should be, some places to start are to check documentation, physical/logical security access controls, and the existence of training programs.
1. Start by reviewing the existing documentation including policies and procedures. And if you don’t have much documentation, that in itself is a sign.
2. Do a walkthrough of the key processes to understand and validate how the activities flow, the individuals involved and authorized, and the key controls in place.
3. Monitor anomalies and incidents that occur in day-to-day operations (e.g., data analytics, user activity monitoring, or firewall data). If you have a lot of data, use that data to analyze performance metrics, and identify inefficient areas to streamline—potentially using artificial intelligence to take your data analytics to the next level.
4. Conduct a risk assessment to identify potential vulnerable areas. When the business continuity plan was created, the organization probably did a risk assessment identifying key risks. Or many organizations have a dedicated CISO because one of the top risks is cybersecurity.
Now you better understand how internal controls (preventative, detective, and corrective) can mitigate risks or prevent incidents. Below are the answers to the crossword puzzle:
Shared Responsibility Among All Employees
Image created by Debra Shannon
Promote a culture of control awareness by embedding internal controls into the organization’s operations with a shared responsibility among all employees. Working with groups that focus on internal controls such as Internal Audit or GRC (Governance, Risk, and Compliance) can be valuable trusted business partners.
For more information about the elements of a strong internal control system, follow me on LinkedIn!