Straight through the dangers of today’s digitalization of the business world, a functioning ICS (internal control system) an important priority must be assigned.
For me an example of a super-Gau, the affair of the American Diplomat enfichen has been passed down in enormous large scale to Wikileaks. Had taken more precautions in the US administration, this huge event would have been impossible. Also sell affairs on a smaller scale, where employees have either money lopped off, or sensitive information to competitors, are often surfaced.
By definition, there are 4 features which must follow a good ICS:
– Principle of transparency: The processes must be clearly defined and described. An outsider has to assess whether each was traded to the prescribed principles.
– Four-eyes principle: No important event can be performed by a single person. For example, must be enabled by signing bank payments of 2 employees. Treaties and binding letters should be drawn by two Authorized Signatories employees.
– Principle of segregation of duties: The various processes of a transaction should not be performed by the same person. The buyer buys the goods, the invoice will be recognized but by the accounting department. And the CFO or CEO releases it then. So several people have looked at a process and can recognize inconsistencies.
– Principle of minimum information: The classic, which has not been respected in America. Every employee has access only to the data necessary for him. Open networks where financial experts on the data of marketing, or sales to the CEO have folder access, are simply no longer appropriate. In ERP systems, safety must occupy a important place. A simple downloading of 10’000en of client data must not be allowed to employees.
What is the legal basis?
The Code of Obligations (OR) was adjusted to the 01/01/2008.
The auditors check whether an internal control system exists. The auditors considered when carrying out the revision of the ICS and draws on established processes.
The auditors reported to the Board on accounting and compliance with the internal control system. An ICS is not voluntary, it is mandatory. What are the responsibilities with regard to ICS?
Board: The overall responsibility is borne by the VR. He has to make details of the risk assessment in the appendix.
Management: Responsible for the implementation of the ICS and the life according to the prescribed guidelines.
Auditor: check whether an ICS exists. Comprehensive report with findings on the ICS for the attention VR.
Consider for a quiet moment, as you have managed the following topics, or if you have it for your company on the radar:
- ensure the normal operation
- Active protection against emergency situations
- Securing of trade secrets
- compliance with the required condition
- Active protection against economic crime
- Active protection against sabotage
- Risk assessment and reporting
If potential for improvement still exists, check the contact or About me information to reach Me. 🙂
Thanks for the attention and interest.