Internal Control Failure the Collapse

Internal Control Failure

The collapse of Baring PLC, the oldest bank in England is a good example of failure of internal control. Nick Leeson, a trader in derivative trading lost close to $1.7 billion in open ended derivative contracts established in the name of Baring PLC [Leeson, 2006]. When the Bank of England report on the financial fiasco came out, the Daily Telegraph, a respected British newspaper declared that, "The [Bank of England] report reflects badly on the Bank of England, badly on Mr. Leeson, but worst of all on the senior management of Barings. It defies the comprehension of an outsider that a single individual could have wreaked such havoc for almost three years without detection." This is what the Internal Control is about. Leeson was a fraud but failure of internal control allowed him to run such huge losses without any checks over a period of 3 years.

The internal control in the case of Baring PLC were non-existent and even fraudster, Leeson claimed to be astonished at the absence of any controls or accountability. During his prosecution Leeson admitted, "I was astonished that nobody stopped me. People in London should have known that I was making up the numbers..."Leeson could only spend the amount due to lack of any controls over his deals in derivative trading, "I marveled at how every single Barings person blamed somebody else - especially me - rather than themselves. It was as if they needn't have been employed at all," Leeson declared to the press.

Business internal controls are important and need to be understood by entrepreneurs as well as by accountants. Poorly monitored or haphazardly developed internal controls may make the difference between success and failure of any business. [Calhoun and Luizzo, 1992] state that 30% of t] business failure occur due to poor internal controls and dishonest employees.

The Internal Control is defined as a process that ensures effective operations with reliable financial reporting in compliance with applicable laws and regulations. An internal control system has to protect business's assets, encourage efficient operations, generate reliable accounting information and comply with company policy to make it difficult for a dishonest employee to commit fraud. [Lavery et al., 2000] estimate that U.S. businesses loose $400 billion due to fraud and theft by managers and employees each year.

Setting up a system of internal control requires a business to [Hrncir & Hobbs, 2002]:

Establish Responsibilities

Maintain Adequate Records

Insure Assets And Bond Key Employees.

Separate Recordkeeping From Custody Of Assets

Divide Responsibility For Related Transactions.

Apply Technological Controls.

Perform Regular and Independent Review or Audits.

Internal Control failure is a result of failing to apply any or all of these guidelines. If no person is made responsible for an activity, no one will handle that responsibility, for example if receiving payments from customer is left to whoever happens to be near the customer then due to no clear responsibility assignment, everyone will assume that the customer leaving the shop has paid the dues to someone else and the customer may leave without making any payment. The business owner is likely to pay for this management style in loss of cash, loss of inventory, loss of control, and eventually loss of the business [Hrncir & Hobbs, 2002].

Maintenance of accounting records allows the business to monitor its performance, gauge its effectiveness in achieving targets and allows the managers to check if an even did or did not occur on a certain date. The accounting record can thus highlight failure to meet the targets and also helps check accounting anomalies.

The staff assigned to a particular job should have the required competence and a level of integrity for the job. Background checks for employees in sensitive position are necessary, but if the internal controls are inadequate an otherwise honest employee may be tempted to cheat due to personal financial stresses. The CEO of ENRON attempted to give a rosy picture of the company financial position to protect his own investment in company shares.

As a part of internal control, the accounting function and actual physical stocks should not be managed by the same person. This removes the temptation of cooking the books and allowing the stock to disappear without anyone noticing the fraud.

Protecting computer records through limiting access to accounting and record functions protects integrity of records and also removes the risk of unauthorized persons altering the records to commit fraud.

Regular and independent audits are essential for internal control. Failure of internal control is most often due to failure of proper supervision and independent checks of business related matters. Auditor must understand the business, its internal controls and the business environment to audit the system.

Internal controls helps business to achieve its performance and profitability objectives without risking the problems that can happen due to failure of internal controls. Reliable financial reporting avoids dishonest employees cheating the company, helps in compliance of laws and regulation applicable to the business and avoids damages due to mismanagement, failure in compliance of regulations and ensures that the profits due to the company do not end in someone else's pocket.

Internal control however cannot change a poor manager into a good one. Management of large companies often design internal controls to keep them out of the internal control mechanism. This allows audit and internal failure control up to a certain level while the high ups can benefit from the frauds they commit. [Tipgos, 2003] argued that the present internal control systems do not prevent senior management fraud. He argued that the rules formulated by the Tread-way Commission and the Committee of Sponsoring Organizations (COSO) for internal controls created zones of 'responsibility to comply' and 'responsibility to implement'. Between these two areas is a "zone of discretion and prerogatives" which top management enjoys and which defines management's range of compliance. The fraudulent executives have used this 'zone of discretion and prerogative to an extent where the board of directors have no option but to accept the management wishes. In order to extend the internal controls up to the top level to prevent the cases such as ENRON and WorldCom, "The fundamental question is whether top management would allow itself to be subject to the controls it has instituted or implemented in the organization."