The Importance of Internal Controls
Internal controls are the policies, procedures, and systems that safeguard assets, ensure reliability of financial reporting, promote operational efficiency, and achieve compliance with laws and regulations. Control weaknesses are a leading cause of financial loss in SMEs through fraud, error, or inefficiency.
COSO Internal Control Framework
- Control Environment: Tone at the top, ethical values, organisational structure
- Risk Assessment: Identifying and analysing relevant risks to achieving objectives
- Control Activities: Policies and procedures that mitigate identified risks
- Information and Communication: Timely and accurate information flows
- Monitoring Activities: Ongoing evaluation and correction of deficiencies
Key Control Areas for Hong Kong SMEs
- Cash and banking: Dual authorisation for payments, regular bank reconciliations, segregation of duties
- Revenue and receivables: Credit approval, timely invoicing, aged debtors review
- Procurement and payables: Purchase order authorisation, three-way matching
- Payroll: Segregation between HR and finance, payroll reconciliation, leaver procedures
- IT general controls: User access management, data backup, change management
Case Study: Fraud Prevention
A Hong Kong trading company discovered its accounts payable clerk had created fictitious vendors and approved payments to bank accounts under his control — totalling HK$780,000 over 18 months. Aaron Wong & Co. was engaged to conduct a fraud investigation and control review. Remediation included a four-eye approval process for vendor additions, monthly master file reconciliations, automated exception reports, and a whistle-blowing hotline.