In establishing control, an organization should define which part of the business or workflow needs control.
There are many aspects and ways of establishing business controls. It depends on the industry, product, size of the organization or purpose. In establishing control, an organization should define which part of the business or workflow needs control. Which part needs it the most? Here are some aspects we consider when we implement systems:
1. Data input. If the company uses an ERP system, a spreadsheet or even manual, there has to be a check and balance. There’s a maker and there’s a checker. One missing zero could cost millions.
2. Accountability. The company has to establish accountability. The first step after defining the process is to document the process. Each step should have an accountable person who prepared and the person who checked it. The purpose is if one makes a mistake, then the company can pinpoint who’s at fault.
3. Document Audit Trail. Each process in the workflow has to have a timestamp. If the company has a software, it has to have a capability to record who created it, who modified, who posted, approved or who deleted it and when.
4. Document Series and Control. A good system will always be a feature where document series are automatically generated and no one can touch it once posted. Only adjust.
5. Hardware Integration. It will always be cool that a printout automatically generates once a transaction is posted. Drawer change automatically opens, biometrics DTR records are automatically sent to the DB tamper-proof. Duplicate copies of printouts have a “Duplicate Copy” label.
6. Roles/Responsibilities. Ideally, purchases are hidden from salespeople and sales are hidden from procurement people. Inventories and Bill of materials are hidden from other departments or areas.
7. Document matching. It is important that an approved PO cannot be overpaid and approved Sales Orders cannot be over delivered.