Risk Management
Timmermans Consulting gives concrete structure and support in the area of risk management. The focused and structured way of managing of your risks and opportunities is our challenge. With our approach, which has been proven successful many times with our customers can we work in a consistent way to identify the risks and threats, identify the available control points in your processes and assist you in further improvements. Through this approach, you can significantly improve your results and substantial financial setbacks avoided.
In general, Internal Control is defined as a process affected by an organization’s structure, work and authority flows, people andmanagement information systems, designed to help the organization accomplish specific goals or objectives. It is a means by which an organization’s resources are directed, monitored, and measured. It plays an important role in preventing and detecting fraud and protecting the organization’s resources, both physical (e.g., machinery and property) and intangible (e.g., reputation or intellectual property such as trademarks).
For each company, small, large or even global, a suitable Internal Control structure needs to be in place to assure the company’s goals and objectives are managed adequately. To realise the strategic objectives of the company, taking risks is part of the business; Internal Control is the structure within the company to manage & report on the business risks and controls and therefor should form part of the strategy. The Internal Control (IC) structure needs to be maintained and improved on an ongoing basis to remain in line with the changing environment.
To manage the company’s Internal Control environment, it is essential to have a framework in place that consists of a set of components that are interlinked and are equal important:
- Control environment: sets the tone of an organization, influencing the control consciousness of its people.
- Risk assessment: the entity’s identification and analysis of relevant risks to the achievement of its objectives, forming a basis for determining how the risks should be managed.
- Control activities: the policies and procedures that help ensure that management’s directives are carried out.
- Information & communication: the identification, capture, and exchange of information in a form and time frame that enable people to carry out their responsibilities.
- Monitoring: process that assesses the quality of internal control performance over time.
Examples of a few organisations that have shown over the last years / decades to have insufficient Internal Control in place:
- Enron
- Worldcom
- Parmalat
- Freddie Mac/Fanny Mae
- AOL
- Lernout & Hauspie
- Merrill Lynch
- Ahold
- Bernard Madoff
- Tyco
- Barings Bank
The areas impacted within these organisations were a.o.:
- Fraud
- Incorrect financial reporting
- Booking expenses as capital
- Using corporate unallocated revenue accounts
- Shell companies with fake profits
- Cut & paste forgery by using Bank letterheads
- Fictitious transactions
- Conflict of interest
- Illegal payments
- Inflating sales
- Uncontrolled speculations in future contracts
The number of organisations (commercial business, governmental organisations, financial institutes, etc) with IC issues resulting in significant losses is increasing every day or week. One of the last examples is the recent discovery of a large fraud situation in DE (the coffee company) in Brazil, where a loss had to be taken of 80 million Euro, disappointing all the new shareholders.
How can Timmermans Consulting assist you in improving your Internal Control structure?
As a starting point we will review your current IC environment based on our standardised Quick Scan approach, resulting in a first presentation of issues and opportunities.
Based on this, we will start, in cooperation with the management, to assess all potential risks and their related controls. Controls can be grouped in company level wide controls, controls over processes and general controls over IT systems. This information will be documented in standard templates to be used across the group which will ease the roll-out of the process. If required, we can offer also to document your main business processes in a flowchart, which will visualize not only the processes itself, but also the risks and controls in these processes.
When the first phase is finished of the risk and control assessment, the specific controls will be documented mitigating the potential risks. After the documentation of controls, all controls will be tested by means of a proven Walk-Through-Test activity. This testing will identify all control gaps (controls not operational or not effective) leading to phase 3 being the remediation phase.
The objective of the remediation phase is to take all control gaps to a so-called remediation log which need to be addressed. In this log, all identified control gaps are shown as action with priorities, clear deadlines and owners of these actions, so the log is management in a most practical manner.
If you want to know how we can assist your organisation in reviewing the Internal Control situation, please contact us on below telephone number or fill in the contact form and we get in touch with you.