 |
| Extent of damage of the Bangladesh Bank heist. Photo owned by cnnphilippines.com |
On July 2017, Maria Victoria Lopez, head of Metrobank's Corporate Service Management was arrested for stealing Php1.75billion from the Bank through a fake loan account.
On February 2016, unidentified hackers managed to steal over $81-million from Bangladesh Bank's account at the New York branch of the US Federal Reserve using fraudulent orders directed to the SWIFT payments system. The heist resulted to the arrest of former Rizal Commercial Banking Corporation (RCBC) branch Manager Maia Deguito for several violations of the Anti-Money Laundering Act of 2001 (AMLA).
Another big incident which involved the country's oldest bank, Bank of the Philippine Islands (BPI), affected 1.5 million depositors involving a major system glitch. The glitch resulted to a double posting of bank transactions which was caused by the Programmer bypassing her supervisor's approval.
The three real examples that I had mentioned perfectly describe the concept of fraud and error which are significant costs in doing business. Do you think we can lessen the probability of happening and the impact of these unfortunate events?
Fortunately, there are several ways. And these ways are part of the Company's risk management activities which are applicable to all types of organizations regardless of size. Part of these activities are implementing appropriate controls.
Now, I do not want you to get bored by discussing all those technical stuff that only accounting folks can understand. We will try to make it as plain as possible by applying it to small businesses like sari-sari store or even applying it to our day to day activities.
The Committee on Sponsoring Organizations (COSO)-- a respected global thought leader of risk and control framework, defines a control as a process effected by a Company's owners to provide reasonable assurance to the achievement of Company's objectives. In other words, a control is a set of techniques you can use to help you grow your business. It helps you sleep well at night while earning the highest profit as possible.
COSO's definition of control generally covers three areas: (1) effectiveness and efficiency of operations; (2) reliability of financial reporting; (3) compliance with applicable laws and regulations. This means controls can help us and our businesses become more productive at the least possible effort and time, help us maintain adequate records, and most importantly comply with the applicable laws and regulations like paying the correct taxes.
How are we able to implement those techniques and principles? COSO would direct us to this cube showing the five components of the COSO framework. This framework provides guidance in thinking about the risks surrounding our businesses and how we can mitigate them by implementing appropriate controls.
One way of implementing controls is defining significant processes and ensuring that policies and procedures applicable for these processes are properly documented and appropriately followed. For example, in a sari-sari store, the significant processes are sales, cash collections, purchases, and inventories.
In a sales process particularly credit sales, there is a tendency that you might forgot to record the debt thus reducing the ability to collect it. So the control that you can implement here is to setup a subsidiary ledger that allows you to systematically record the debts.
For your cash collections you might need to ensure that all cash on hand at the end of the day are immediately deposited to avoid being lost or being stolen. For your inventory purchases you might need to ensure that you are sourcing them from a supplier that offers the best price. And lastly for your inventory process, you need to ensure that inventories on hand are regularly accounted for to identify shrinkages and stolen inventories.
There are no perfect controls. But we can reduce the impact and the probability of happening of those undesirable events at the lowest possible if we maintain effective controls.
No comments:
Post a Comment