4 Ways to Build Strong Internal Controls

Part 1 of 3 in the Protecting Your Castle series

A castle’s treasure is worth protecting. The lives, resources, and gold are critical to sustaining the kingdom’s long-term viability. But, are the castle walls strong enough to hold off an enemy attack? Strong walls are a critical component to protecting a castle, just as proper internal controls play a huge role in protecting an organization’s information, data, and profits—its assets. An organization’s leaders must build strong internal controls as a safeguard.

When building strong castle walls or internal controls, consider these recommendations:

1. A strong foundation is the starting point. Leadership is so important when making the decisions to ensure everything is properly planned and effectively executed. Strong leadership sets the tone for the team. Another word for this in the internal audit world is the “control environment.”
2. Creativity and foresight are required to anticipate attacks and possible threats. A risk assessment also must be performed. This area is typically overlooked, but crucial.
3. Determine and evaluate the available materials, resources, and tools. This requires skill and experience to find the highest and best use of all the available components. A strong leader must find the right balance to build the strongest walls (internal controls) using the appropriate amount of resources that will thwart the most likely attacks. If the walls are too tall and thick, there may not be enough materials and resources available to finish building them before an attack, or if the design is too complex, this may lead to poor execution and premature failure. On the other hand, if the walls are too short or not thick enough, the castle could become an easy target for the enemy. An organization’s internal control structure requires the same balance.
4. Finally, as with everything, strong walls require constant attention through monitoring and repair. With proper monitoring, smaller walls or less sophisticated controls will remain strong. Repairs are also an important component to ensure internal controls last and continue to provide protection. Walls can be patched and reinforced just as internal controls can be reassessed periodically to ensure they are properly functioning and adequately mitigating potential threats.

Fraud can cripple an organization by sucking up resources. Informed leaders should know the risks to the organization and develop controls to address them—which all seems very simple when talking about a castle and its treasure. Business owners and executives, however, often ignore or significantly underestimate an organization’s risk of fraud and other likely threats (e.g., cyberattacks). It is okay to take calculated risks related to possible threats, but many organizations choose to ignore them or discount the possibility of occurrence—which can be costly to the organization. Don’t let this happen! Keep your walls strong and your assets protected!

Stay tuned for next week’s blog to learn more about training your army to protect the walls of your castle. This blog is part 1 of 3 in the Protecting Your Castle series. 

If you ever have an idea for a future blog or a question about a published blog, please contact me with your thoughts. I would love to hear from you.