Enhancing internal controls to improve risk management has been saved
Perspectives
Enhancing internal controls to improve risk management
Detect and protect: The balancing act of preventive and detective controls
Part 2 of 5
The second article in our 5-part enterprise risk management (ERM) series explores the topic of preventive and detective internal controls. From where to begin to what to consider along the way, see why internal control systems play a critical role in private company ERM.
In many ways, good internal controls are like an air traffic control system—one that moves massive airplanes in and out of crowded jetways and airspace, all day long, with few exceptions. Those tracking systems are not in place to slow down air traffic or prevent planes from flying, but rather to guide the complicated movement of aircraft in a seamless and safe manner.
Private companies and family enterprises should think about internal controls in a similar way. A common misconception is that internal controls compromise agility, when, in many cases, the exact opposite is true. Effective internal controls actually empower better decision-making, as they keep business leaders from relying on inaccurate or incomplete information. If you think about it, almost every important decision leaders make relies on the quality of the information at their disposal. When preventive and detective internal control systems ensure that information is sound, leaders are empowered to make decisions with speed and confidence.
Key takeaways
${column1-large-text}
Start with a risk assessment
A well-executed internal-controls risk assessment starts with understanding what’s material to the company and which processes are the most important. Next up is documenting the current processes and controls, and identifying inefficiencies and potential holes. Only then can risk leaders establish a step-by-step plan.
${column2-large-text}
Distinguish between preventive and detective controls
Detective controls are designed to detect an error or an issue after it has occurred but before a small problem turns into a large one. Preventive controls help prevent things from going awry in the first place. It’s important to find a balance between the two.
${column3-large-text}
Don’t let perfection get in the way
Limited resources—both talent and financial—are a common challenge for private companies and family enterprises. However, companies with thin back offices, lacking the resources to put together a proper system of controls, are often the ones most at risk. It’s important to start by identifying the areas with the most risk, and then focus on continuous improvement.
${column4-large-text}
${column4-title}
${column4-text}
Next up in the series
${header-title}
${column1-large-text}
A modern approach to managing risks
${column2-large-text}
ERM and the fight to contain cyber security threats
${column3-large-text}
${column3-title}
${column3-text}
${column4-large-text}
${column4-title}
${column4-text}
${header-title}
${column1-large-text}
Smart monitoring for operational risks
${column2-large-text}
Strengthening private company risk resilience
${column3-large-text}
${column3-title}
${column3-text}
${column4-large-text}
${column4-title}
${column4-text}
Fuel your long-term success
Private companies must stay nimble—especially when there’s uncertainty on the horizon. With proven private company servicing, Deloitte Private can help you manage strategic, financial, operational, technological, and regulatory risk to enhance enterprise value.
