Governance and Control in the SME

The COVID-19 pandemic has worsened the crisis small and medium-sized enterprises (SMEs) face. One of the primary reasons for this is the need for proper corporate governance and control systems. Corporate governance establishes guidelines and regulations, while internal controls ensure compliance. Failure to follow accounting policies and accurately recognise and classify issues such as revenues, borrowing costs, inventories, and asset impairment can result in catastrophic outcomes. As we navigate these challenging times, it is imperative to prioritise establishing sound governance and control systems to ensure the sustainability of SMEs.In the current business landscape, it has become apparent that management control is a pivotal factor in the success of consulting services for small and medium-sized enterprises (SMEs). However, this singular focus can often lead to the sidelining of growth and expansion targets for these companies. The consequences can be dire for those brave enough to attempt internationalisation without the proper governance structures. SMEs are particularly susceptible to issues such as the misuse of corporate resources for personal gain and a lack of standardised financial reporting due to the absence of internal control systems. Therefore, we must work together to provide SMEs with the necessary tools and support to thrive in the global marketplace. Effective governance and integrated audit processes are crucial for success in today's business landscape. Companies prioritising these measures and working towards credible attribution of their systemic risk enjoy multiple funding sources and pave the way for industry-wide progress. While it's understandable that some may resist implementing control systems, it's important to acknowledge their undeniable benefits in driving growth and mitigating risks.

According to a 2011 article by Dominic S. B. Soh and Nonna Martinov-Bennie, the issue of poor internal audit governance is a global problem in European countries and the U.S. In today's fast-paced financial market, it is imperative to have effective audit processes to stay competitive with the rest of the world. Furthermore, to achieve growth, it is crucial to have good ideas and solid control practices.

Organisations need to have effective measures in place to prevent and address issues. According to a report by the Institute of Internal Audit from 2015, three types of control can be utilised for this purpose: preventive, investigative, and corrective. Preventive controls aim to stop issues from occurring in the first place, while investigative controls are used to identify and address issues after they occur. Corrective controls, on the other hand, are used to rectify issues and prevent them from happening again in the future. Being aware of these types of control can help organisations establish a comprehensive approach to risk management and ensure that they stay on the right track. #InternalAudit #RiskManagement #ControlTypes

As a professional, I understand the importance of preventive controls in ensuring the smooth flow of business operations. These controls are process-based and rely on assigning specific roles and approaches to management based on their position within the procedural flow. The underlying principle of preventive controls is to separate critical steps operationally and responsibly. For instance, we can separate the functions and responsibilities between expenditure proposers, approvers, and implementers. Similarly, accepting returns or issuing reimbursements can follow a similar separation of duties approach. We can ensure smooth business operations and minimise risks by implementing preventive controls.

It's crucial to have adequate internal controls to detect existing problems. Investigative controls are one such type of control that can prove immensely valuable. For instance, performing bank account reconciliations after specific transactions like refunds or payments can be a perfect example. Similarly, inventory verification following a physical count or accounting calculation can also significantly help. By implementing these investigative controls, you can ensure that your business operations run smoothly by identifying and addressing issues promptly.

As businesses grow, it's essential to have a system in place to ensure they stay on track. That's where corrective controls come in. These internal controls are designed to fix any issues that may arise from deviating from legal, financial, or planning standards.

Successful internal controls are more than following prevention, investigation, and correction procedures. Management responsiveness, a thorough evaluation of results, and quality follow-up actions are essential for true success. CoSO's ERM guidelines identify nine key parameters for effective internal controls. ?#internalcontrols #riskmanagement #CoSOguidelines

• The methodology is at the heart of auditing, as it reflects the approach to the assessment and quality of auditing. For example, the process must reflect the optimal way to achieve a perfect match between the data collected and the list of data to be acquired. Acquiring data without knowing whether it is the correct data or, worse, whether it is all that can be obtained and is needed invalidates the very validity of the methodology. In addition, the methodology's effectiveness must ensure the quality and depth of the data collected for review.
• Documentation refers to storing and retrieving information for the audit process and follow-up.
• People assigned to audit activities must be adequately trained and aware of their responsibilities. In addition, they must have sufficient autonomy to conduct their activities freely.
• System (mainly IT) refers to the level of standardised information flows and the reliability of the documents representing them for the assessment process.
• Risk refers to the depth of assessments on the same, whether operational or strategic and related mitigation and recovery plans.
• The review concerns the dual quality control phase of financial and non-financial audit processes, especially from an operational perspective.
• Ownership and accountability indicate whether an audit is a siloed function, not subject to the control of business functions and with proper spread and shared across the company, or a driven activity with ownership and control entrusted to the various leaders.

Below is a summary table of the nine key parameters with their application levels.

To keep repeating that the SMEs are great resources but not having the courage (or the interest) to state what is best for them is to increase the sense of bewilderment and frustration of those entrepreneurs who are waiting for nothing more than to receive the right and qualified support to get out of an endless impasse. Governance and control are no longer an option; they are an indispensable component of business at the very moment when one is considering how to expand and grow it. It is only in a context with codified procedures. It controls that one can embark on a new entrepreneurial adventure of expanding one's business because the objective of an entrepreneur must not only be to take risks, but to seize all opportunities, within a framework of reassuring certainty that inevitable risk is monitored and controlled.