Did you know that every single activity in the company must have minimum one control in place? In our company, we established an Internal Control System Procedure where all processes are recognized and documented and internal controls defined. We wanted to promote a consistent and standardized approach for the identification of minimum control requirements and the assessment of the effectiveness of internal controls. Internal controls can be following: 4 eyes principle, reconciliation, reporting, segregation of duties, audit inspection, application input confirmation, back up and retention, BCP/Disaster recovery plan, staff training, job rotation, Chinese wall, working instruction, authorization, etc. Before we setup internal controls, we must assess the potential risks. After that, we assess the effectiveness of current controls. Internal Control System of our company is organized in observance of the following main requirements:
- Managers must recognize and understand all material types of risks related with operations of our company, determine the extent of risk acceptable to it;
- Managers must guarantee adequate procedures necessary for internal control and regular supervision thereof;
- Managers must ensure that they will take all measures required for the identification, assessment, monitoring, limiting and control of risks;
- Managers must guarantee the appropriate qualifications and repute of employees, adequate experience and requisite skills necessary for the performance of their duties;
- Information system functioning should be properly regulated;
- Assessment of our company shall cover all types of risks faced by it;
- The system of internal control shall guarantee the adequate structure of control and established control procedures at each management level. Control procedures should include: reporting to managers, control of operations of the company’s structural units, protection of assets, management information, data checks and comparisons;
- Board must ensure the separation of functions of the execution of payment operations, risk assessment and accounting;
- The company should have in place a reliable system of information technologies. It shall be necessary to ensure safe and continuous operation of this system, in particular related to the accumulation, processing and use of data, to prepare its business continuity plan and for different extraordinary events;
- The system of internal control shall guarantee the provision of reliable and adequate internal and external information in good time and appropriate form;
- The employees performing their duties must forthwith inform managers about the deficiencies of internal control system, inadequately managed risks faced by the company or violations.
After the receipt of results, the Risk Management Department consolidates the results and prepares the report for Board. The goal of the report is to document the effectiveness of the whole Internal Control System of the company.
