Blind trust of the Board and those who are charged with Governance, in the management, coupled with inadequate control functions increases the risk of management override of internal controls.
It is not uncommon for the management to challenge the control function’s recommendation to strengthen the internal controls, as they may think it weakens employee empowerment to make decisions.
Little do they know that a lack of oversight on management actions may result in a high probability of committing fraud.
It is already established that the Management of the Company is responsible for designing, implementing and monitoring the internal controls within its various processes and flows. However, the risk of overriding controls is inherently high to mispresent the financial statements and impress the shareholders or commit fraud.
Override of internal controls is due to pressures or incentives to meet the business objectives or perhaps an opportunity for the management to engage in fraudulent activities and misuse their authority to cover up in the financial statements.
It has been found that senior management and executives are involved in the override of internal controls and commit fraud.
The oversight of internal controls and management actions rests with the Board of directors and Audit Committee. This is achieved by forming a strong and resourceful Audit Committee and Control functions within the Company. Such Control functions may include Compliance and Risk Management and an independent internal audit department.
The Board sets the tone at the top by devising various policies and procedures, power of attorney, a delegation of authorities, rigorous reporting, independent internal and external audits and training.
But is this enough?
I don't think so.
Even with diligent control functions, limitations still exist, and the senior management and their subordinates may override the authority and control procedures to commit fraud, which may go undetected. They may result in the frequent override of internal controls.
The Board's roles and responsibilities and sub-committees, including the Audit Committee, shall be clearly defined in their respective charters. Collectively the Board is responsible for assessing the following:
The Audit Committee can perform the following actions to address the risk of management override of internal controls:
Therefore, awareness of the Company’s Code of Conduct with employees, customers, vendors, and third parties is vital. It can be created through various onsite and off-site training, seminars, and marketing collateral, giving them awareness about the control environment and their role. In addition, the whistleblowing culture will further strengthen the Company's control environment, therefore minimizing the risk of management override of internal controls.
The first question which comes into the mind after the fraud is exposed is, where were the Board, Audit Committee, and control functions?
The risk of management override of internal controls is inherently high; however, if the Board and Audit Committee challenge the senior management and status quo, internal control weakness may be identified promptly. Perhaps the control functions may adopt an effective risk management approach to identify internal control weaknesses.