The essential control activities. A company needs to establish a mechanism to ensure that they have internal accounting controls and risk management controls. Supervisors need to establish a mechanism to ensure that the entities they regulate have internal accounting controls and risk management controls. The supervisory mechanism need not prescribe specific and detailed controls, but rather provide general guidance to companies.
The Essential Control Activities
Companies are required to determine that appropriate internal controls are set, and monitored at the senior management level. The responsibility for implementation and monitoring of the internal controls should be clearly defined, and senior management should promote a strong Markets Compliance culture at all levels within a company.
When ensuring that appropriate human, and other resources are allocated to the Markets Compliance function, the company should take into account the scale, and types of the investment services, activities, and ancillary services undertaken by the company.
Control activities must be designed, to ensure that applicable regulatory requirements, and the requirements laid down in the internal Markets Compliance policies, and procedures are complied with in letter and spirit.
The company should cover both the internal accounting controls, risk management, and other internal controls. Internal accounting controls for companies should include books, and record-keeping requirements related to securities, investments. Segregation of duties controls should be designed to safeguard the assets of the company and to safeguard the investor’s property. Risk management and controls for companies should include controls for the overall company, individual trading desk limits, market risk, credit risk, legal risk, operational risk, and liquidity risk.
Firm Guidance
Firm guidance from the senior management to the investment, and other business departments regarding internal controls should contain general guidance at the most senior levels, and specific guidance as the information flows to individual trading desks. Companies should have supervisors that are required to maintain written documentation about the application of control procedures.
Companies need to determine that internal Markets Compliance controls are effectively operating as designed continuously. Companies are required to establish mechanisms to verify that Markets Compliance controls are being followed. The verification procedures may include Markets Compliance checks, and internal audits, which should be independent of the investment or trading desks. External audits by independent accountants may also support the company’s overall control system.
Companies need to determine that recommendations by auditors and regulators are properly implemented. Companies need to determine that controls, once established, keep pace with new products, technology, and emerging Markets Compliance regulatory requirements.
Companies need to establish, mechanisms to report material deficiencies or breaches in Markets Compliance controls to the senior management, and supervisors on a timely basis. Companies should be prepared to provide the supervisors with relevant Markets Compliance status. As part of control activities, the management of the company should ensure that the Markets Compliance function is established as an independent function, to ensure that Markets Compliance regulatory requirements are identified, understood, disseminated to the process owners, and implemented.
Companies are required to ensure that the compliance function fulfills its advisory, and assistance responsibilities, including providing support for staff and management training, providing day-to-day Markets Compliance assistance to the employees, and participating in the establishment of Markets Compliance policies, and procedures.
What Are Control Activities?
Control activities are the policies, procedures, techniques, and mechanisms that help ensure that management responds to risks identified during the risk assessment process. Control activities, in other words, are actions taken to reduce risk. The risk assessment process determines the need for a control activity. When the assessment identifies a significant risk to an agency’s goal achievement, a corresponding control activity or activities is determined and implemented.
Control activities can be either preventive or investigative:
Preventive measures are intended to reduce the likelihood of an unfavorable event occurring. The development of these controls entails anticipating potential problems and putting procedures in place to avoid them.
Detective activities are intended to identify and notify management of any undesirable events that occur. This enables management to take corrective action as soon as possible.
Final Thoughts
To ensure the integrity of financial statements and to promote ethical values and transparency throughout the enterprise, every organization requires strong internal controls. Internal controls are the mechanism for doing so; controls assist in identifying risks and reducing them to an acceptable level.
Strong processes supported by robust internal control systems enable an organization to consistently comply with all applicable laws and regulations, as well as to earn the confidence, trust, and loyalty of its stakeholders. Internal controls are also important in preventing employees and others from committing fraud.
