Internal Controls

Fikret Sebilcioğlu
  • Fikret Sebilcioğlu          CFE, CPA, TRACE Anti-Bribery Specialist         
  • Managing Partner
  • Internal Controls&Forensic
  • E-mail to Fikret

Regulations tend to hold management and board of directors more accountable for internal controls. Do you know if your internal controls work properly to ensure error and fraud risks over operations and financial reporting are mitigated effectively?

Thanks to recent scandals, frauds, and business failures arising from control errors or failures, IT and financial reporting environment surrounded by internal controls have become the top agenda item of companies as:

  • IT and financial reporting is becoming complex
  • Relatively more reliance is placed on information generated by such systems
  • Regulations are putting greater emphasis on internal controls

Regulations tend to hold management and board of directors more accountable for their actions all over the world. In the light of these developments, Turkish Regulators via Turkish Commercial Code require board of directors to establish robust internal controls. This is the fiduciary responsibility of the Board which cannot be delegated to general assembly or management.

Taking into account all these developments, internal control system should provide reasonable assurance to the board and management that transactions are complete, accurate, valid and underlying financial data is protected against unauthorized amendments and access to confidential data and physical assets is appropriately restricted to authorized personnel. Therefore, design, documentation and operation of controls are most critical to obtain that assurance.

How Cerebra can help you

Cerebra provides comprehensive internal controls restructuring services that is aimed to increase the efficiency and effectiveness of your existing system of controls.

No two entities have the same internal control system. Companies and their internal control needs differ dramatically by industry size, culture and management philosophy. Therefore, one company’s internal control system often will look very different from another’s. Considering this fact, Cerebra has developed a methodology which helps companies to design their internal control system to operate in a most effective and efficient manner. This approach is flexible and can be tailored to the needs and expectations of companies of all size.

Internal Control System Restructuring

Our initial step would be to understand your existing control environment. Thereafter, considering the company’s strategy and objectives the existing controls will be restructured. Restructuring of your control environment will include (a) implementing new controls and (b) redesign, remove or rework existing controls.

Internal Control Review

The first step is to determine the risks you face and prioritize them. Then we will meet with management to identify the areas of focus and the existing controls, policies and procedures in place. These areas typically include:

  • Disbursement cycle (payables, bank transfers, checks, purchasing)
  • Revenue cycle (billing, receivables, collections, bad debt)
  • Payroll cycle
  • Information technology (software, hardware, mobile devices)

We then evaluate the existing controls in place. This typically involves interviews with management and/or staff, site visits and observations of work being performed. We discuss our approach with management prior to commencing. Upon completion of the Internal Control Review, we issue a report of our findings, as well as recommendations and best practices.

Internal Control Testing

Based on the Internal Control Review, we may suggest - or you may request - detailed testing of the controls in all areas or selected areas.

Internal Control Testing entails selecting a sample of actual documents and transactions from your organization to test for adherence to policies/procedures and the effectiveness of the controls. After testing transactions, we provide specific recommendations for improvements and/or best practices.

Risks change as technology, people and the company's strategy changes, so it is important that your policies are evaluated and tested regularly.