Norms and Principles of Sound Management

Back

Chapter 5 – Internal Control

5.1 INTERNAL CONTROL

5.1 (1)             Internal control is a group or measures, procedures and systems established by the business managers to aid in the process of managing in a reasonable and prudent fashion.

5.1 (2)             The main objective or internal control is to prevent and detect discrepancies and errors in order to protect the resources and assets of the business.

5.1 (3)             Internal control is also the instrument used for ensuring abidance to principles and norms or sound management.

Norms

5.1 (4)             For sound management to be present, the organization must employ a system to detect and avoid discrepancies and errors, and to respect the principles of transparency, balance, fairness, efficiency, continuity and abnegation.

5.1 (5)             Dependent on the circumstances, an adequate internal control system evolves around the following elements:

a)     The appropriate separation of functions

b)     An authorization policy

c)     Management procedures

d)     A reliable information system

e)     Limited access to assets

f)     Other administrative controls.

 

5.2    SEPARATION OF FUNCTIONS

5.2 (1)             «Incompatible Functions» : Character of two or several functions which cannot be operated simultaneously without compromising the integrity of the administrative rule.

5.2 (2)             The separation of functions is a basic element in preventing and detecting discrepancies and errors. It assists in the maintenance of sound management principles by involving a greater number of mediating parties so as to limit the inherent risks of every administrative action.

5.2 (3)             The separation of functions implies that the responsibility of operations is divided up into several players.

5.2 (4)             When certain operations imply by their nature a substantial risk in the protection of the assets, the functions related to such .transactions are deemed incompatible. Such functions are those which imply access to assets and accountancy of the operations related to such assets.

Norms

5.2 (5)             The business manager must ensure that:

1)    All the administrative and organizational functions of the business are clearly defined and that each individual understands the scope or their responsibilities.

2)    The incompatible functions are separated.

     Here are certain incompatible functions, for example:

      • To be responsible for the expedition of goods, for invoicing and for receiving payment
      • To be responsible for the pay-roll as well as the personnel
      • To be responsible for receiving goods and for the auxiliary book-keeping or suppliers accounts
      • To be responsible for receiving payment and for the preparation of bank appeasements
      • To be responsible for receiving the payment and for the auxiliary book-keeping of customer accounts
      • To be responsible for the pay-roll and of bank reconciliations

5.2 (6)             As there are not enough employees to perform an impeccable division of functions, management must instil controls that make up for it, the most common list of which is as follows:

      • Pre-numbered forms, with controlled sequence
      • Inquiries on sales invoices which are not joined with shipping stubs
      • Opening of mail and preparation of a list of payments received by a person who is independent from the accounting department
      • Periodic analysis of the aging or accounts
      • Management authorization or accounts receivable write-offs
      • The matching of purchase orders, receiving stubs and invoices in the accounting department

 

5.3    AUTHORIZATION POLICY

5.3 (1)             «Authorization policy» : A policy in which management allocates powers and responsibilities to approve any administrative action.

5.3 (2)             The managers of businesses and organizations are assigned responsibilities which they can not, under certain circumstances, perform alone when considering the extension of the tasks to be performed.
In such cases, these managers assign the tasks as well as delegate certain responsibilities in order to implement sound management principles in the operations of the organization. Such functional delegation or decision making does not in itself release these managers from their responsibilities.
This double challenge of delegating efficiency and responsibility becomes the prime justification of internal control and the establishment of one of its elements, the authorization policy.

5.3 (3)             A consistent authorization policy ensures the instillation of sound management principles in creating a supervisory responsibility and obligation on the part of the signing manager to respect sound management principles.

Norms

5.3 (4)             Every directing manager must issue a clear and structured authorization policy when justified by the circumstances, and he must make sure that such policy is known and respected by the members or the organization.

Amid important authorizations, let us list the following:

      • Signing or cheques
      • Approval of customer credit
      • Approval of pricing and discounts
      • Approval of return of merchandise
      • Approval of purchase orders
      • Approval of bank reconciliations
      • Approval of invoices by the person responsible for performance of the work
      • Approval of any commitment made on behalf of the business or of the organization

5.4    MANAGEMENT PROCEDURE

5.4 (1)             «Management procedure» : Group of regulations with intent to organize management, and which are put in place to achieve certain results.

5.4 (2)             The preceding section featured the assignment of responsibilities within the organization. The establishment of organizational regulations is the main element which allows controlling for the execution of tasks within an organization. The descriptions of tasks, of responsibilities and the organizational regulations determine the expectation related to each task or function as well as their limits.

Norms

5.4 (3)             In practicing sound management within a business or an organization, the directing manager must take cares to adequately inform their members of management procedures related to a task to be performed, and or the responsibilities which are assigned to him. For this purpose, here are a few communication tools:

      • Description of tasks and of expectations
      • Organizational regulations
      • System for evaluating performance
      • Training program.

5.4 (4)             The establishment of management procedures ensures the respect of several principles of sound management.

5.4.1   FAIRNESS

Management procedures ensure fair treatment in an employer-employee relationship as well as an evaluation and a comparison of jobs for the purpose of compensation. This system is the prime reference for a true compensation policy based on the principle of fairness (basic justice).

5.4.2   CONTINUITY

Ensures personnel turn-over and mobility, without jeopardizing the operations of the organization.

5.4.3   EFFICIENCY

Increases employee productivity in reducing inefficiencies and errors due to a lack of information.
The manager is able to economize resources by rationalizing tasks and functions. Let us recall that economy and effectiveness are the components of efficiency.

5.4.4   ABNEGATION

Ensures the respect of the abnegation norm by specifying the salary, compensation, and other benefits attached to a position or a job.

5.5    INFORMATION SYSTEM

Generalities

5.5 (1)             «Information system» : An organized set of means available to the organization for transmitting administrative, accounting, marketing and operational information used in decision-making. The information system is the power behind internal control and its reliability leads to better decision-making.

5.5 (2)             The manager must take all necessary measures to ensure the transmittal of information within the organization to attain sound management.

The three main responsibilities, therefore, are as follows :

      • Implementation and revision of the information system
      • The system’s reliability
      • The protection of the system and ·of the data transmitted

5.5 (3)             The information system can be manual or computerized. In every instance, the manager will make sure that the business uses -adequate and complete books, and that the same can provide information which is sufficient for decision making.

5.5 (4)             An adequate information system must be well documented to ensure transparency and continuity. The basic documentation includes the following elements:

For manual or computerized systems:

      • a description or the various steps needed to complete transactions
      • organizational chart of the accounting cycle with assignment of tasks
      • the respect of generally accepted accounting principles; and also for computerized systems

and also for computerized systems :

      • description of data entry procedures
      • description of data provided by the system
      • copy of reports most frequently used
      • software documentation
Norms

5.5 (5)             The directing manager must make all the necessary decisions to ensure the reliability of the information system. He has also the obligation to verify the value of the data used by the system, and to rectify all deficiencies likely to distort the information.

5.5 (6)             The directing manager must guarantee the system’s protection as well as of the data entered in process. Here are some essential elements or the information system:

      • adequate insurance coverage
      • limited access to books, registers, documents, pay-roll, minute book, etc.
      • the filing of important documents in places which are protected against fire and other events of destruction
      • the copying of essential documents
      • the entrusting of legal documents and also for a computerized system

and also for computerized systems :

      • central processing unit to be installed in a separate room with limited access
      • access to software or network under different levels or authorization by password
      • procedures for the adequate making of copies
      • the copying of software and data files kept outside or the business
      • measures in case of emergency (malfunctioning, power failure)
      • protection of equipment against vandalism and other events of destruction

5.6    LIMITED ACCESS TO ASSETS

Norms

5.6 (1)             It is of prime importance that only authorized personnel have access to the business assets. Management must, therefore, take measures to limit direct access (access control to warehouse, protection devices, physical count performed periodically, etc) and indirect access (separation of incompatible functions, authorization required for utilization and disposal or the business assets).

5.6 (2)             The manager, required to manage goods and resources, must ensure their protection as a responsible and prudent person would do. Access to the business assets must be restricted in order to avoid their depletion.

5.7    OTHER ADMINISTRATIVE CONTROLS

5.7 (1)             «Administratives controls» : Miscellaneous measures which form part of the internal control and are established in order to permit:

1)         supervision or administrative actions

2)        prevention of errors and discrepancies

3)        protection of the assets

The directing manager has the responsibility to set up appropriate administrative controls which encourage respect of sound management.

A budget preparation process permits the identification of the sources of funds and disbursements necessary for the marketing of the organization. The necessity of this process for planning purposes has been discussed in this chapter. Such process also ensures an overall internal control ·of the business activities. The analysis of results in the budge is a sufficient tool which the directing managers may use for control purposes.

Norms

5.7 (2)             The directing manager must ensure that the financial statements be prepared periodically.
5.7 (3)             Here are, for example, other administrative controls meant to ensure the sound management of the business or the organization:

      • preparation or budget
      • preparation of periodical financial statements
      • revision and comparison by the directing manager or the budget and the periodical financial statements
      • accounts analysis prepared and revised regularly
      • alarm system for fire and theft
      • a conservation-policy for books and accounting documents
      • adequate insurance coverage.

Back to principles

These 4 chapters are an excerpt of the compendium gathering the OAAQ’s generally accepted Sound Management principles. The complete version of the compendium is available as part of the book Le cadre de Saine Gestion, un modèle de gouvernance intégrée, published by CCH in 2007.We thank Mr. Bernard Brault F.Adm.A F.CMC, who as a main author and licensee for the use and publication of these principles , agreed for us to share the legal foundation of the Sound Management concept with our readers.

All rights reserved © 2012: Any reproduction in part or whole for personal purposes is permitted. Its commercial and professional use is permitted only as reference, as long as the norm or principle referred to is associated to the OAAQ and Bernard Brault.