Rumours about why they fail compliance 726
-
A person in my company told me a few days ago that she’d heared that for 60% of the companies that fail, horrible IT contols are the reasons.%0AI cannot find anything about this topic on the internet to confirm or deny this statement.%0ACan anyone help?%0AInformation about IT controls, and companies that fail because of them, is especially interesting.
-
My opinion: %0APersonnel-related issues, typically related to poor segregation of duties, inadequate staffing, or related training or supervision problems.%0AWeaknesses related to documentation.%0A From Compliance Week: complianceweek.com/ %0AProblems with financial systems and procedures remain the most common types of weaknesses and deficiencies disclosed. %0A From PricewaterhouseCoopers: %0AThe most frequently cited area requiring internal control remediation efforts was in this category of financial process improvements. Computer and security controls also ranked high on the PwC remediation priority. %0A From IIA Enterprise Risk Management and Control Self-Assessment Conference. September 9, 2004: %0AFrequently cited categories of internal control weaknesses%0AStaffing/Personnel 32%%0ADocumentation 19%%0AGAAP Misapplication 16%%0ASegregation of duties 12%
-
Some frequently reported internal control disclosures:
Roles and responsibilities of finance and accounting personnel not adequately defined
Employees lack of understanding of company policies and procedures
Inconsistent application of company policy among business units and segments
Skill set inadequate to meet the needs
High turnover in the accounting and finance function and other functions
Inadequate staffing and supervision
Lack of systematic documentation
No documentation showing that customer credit check was performed
Improper capitalization of manufacturing costsLack of segregation of duties (within the branches, with regard to certain personnel within inventory accounting, between payroll and other accounting personnel, between certain transaction recording and related asset accountability functions, related to check disbursement for loan processing and cash receipts etc.)
Overriding of internal controls by the CEO and CFO without proper documentationPoor oversight by the Board and Audit Committee
Misrepresentation of certain facts by the management to auditors
User access to IT systems not changed when a user’s status changed
Inactive accountsLack of IT system maintenance policies and procedures
Lack of policies and procedures to address overall IT security
Lack of a separate test environment from the production environment.