A little Wandering in the controls’ world: timing and responsibilities.
When does a control take place? Who does it? Two important questions when building a control framework up.
The timing of a control.
We categorize the timing of controls in two categories:
- The ex-ante ones,
- The ex-post ones.
The ex-ante ones are the ones that take place before the action is performed.
To go back to my example of previous articles, it is better to control the installation of a safety net before the trapezists perform their act.
Similarly, it is better to check a bank transfer is not part of a laundering scheme before actually processing the transaction.
The ex-ante controls are the ones I would personally have a tendency to favor as correcting an error is always more expensive that doing the action correctly in the first place.
However, in various situation, only ex-post controls can be implemented. They take place after the facts. To seize the idea, the quality control is a control ex-post. Your product is produced and you then check it falls within quality standards.
What is that segregation of duties?
The segregation of duties is the mere fact that the controlee cannot also be the controller.
Is this a lack of confidence? No. It is based on the fact that when you do something, you often do see the errors you do. I bet all those who have been involved with complex spreadsheet already had to ask someone where an error could be as they could not find it themselves.
Implementing the segregation of duties seems simple on big teams. Some execute, some review. In small teams, however, it can seem like a trickier exercise. I don’t think it is. What we look for here is that someone executes, someone reviews. We never said that, in our mind, it was always the same person executing and the same one reviewing. Remember, risk management, as well as control frameworks need to fit the organization.
The next time you will read me, I will return to the risk sphere and discuss the acceptability of risk.
Co-Founder & Partner
My experience as CFO and CRO, Board Member in financial services, banking and insurance, allows me to cover a wide range of topics: general management of entities, Risk and finance management, corporate taxes, supervision of IT and operations, accounting, budgeting, creation and restructuring of legal structures, regulatory reporting, acquisition of companies, operational statistics, and management accounting.
My strengths are in Finance and Risk Management