Perspectives

Enhancing internal controls to improve risk management

Detect and protect: The balancing act of preventive and detective controls

Part 2 of 5

The second article in our 5-part enterprise risk management (ERM) series explores the topic of preventive and detective internal controls. From where to begin to what to consider along the way, see why internal control systems play a critical role in private company ERM.

In many ways, good internal controls are like an air traffic control system—one that moves massive airplanes in and out of crowded jetways and airspace, all day long, with few exceptions. Those tracking systems are not in place to slow down air traffic or prevent planes from flying, but rather to guide the complicated movement of aircraft in a seamless and safe manner.

Private companies and family enterprises should think about internal controls in a similar way. A common misconception is that internal controls compromise agility, when, in many cases, the exact opposite is true. Effective internal controls actually empower better decision-making, as they keep business leaders from relying on inaccurate or incomplete information. If you think about it, almost every important decision leaders make relies on the quality of the information at their disposal. When preventive and detective internal control systems ensure that information is sound, leaders are empowered to make decisions with speed and confidence.

Key takeaways

${column1-large-text}

Start with a risk assessment

A well-executed internal-controls risk assessment starts with understanding what’s material to the company and which processes are the most important. Next up is documenting the current processes and controls, and identifying inefficiencies and potential holes. Only then can risk leaders establish a step-by-step plan.

${column2-large-text}

Distinguish between preventive and detective controls

Detective controls are designed to detect an error or an issue after it has occurred but before a small problem turns into a large one. Preventive controls help prevent things from going awry in the first place. It’s important to find a balance between the two.

${column3-large-text}

Don’t let perfection get in the way

Limited resources—both talent and financial—are a common challenge for private companies and family enterprises. However, companies with thin back offices, lacking the resources to put together a proper system of controls, are often the ones most at risk. It’s important to start by identifying the areas with the most risk, and then focus on continuous improvement.

${column4-large-text}

${column4-title}

${column4-text}

Next up in the series

${header-title}

${column1-large-text}

A modern approach to managing risks

${column2-large-text}

ERM and the fight to contain cyber security threats

${column3-large-text}

${column3-title}

${column3-text}

${column4-large-text}

${column4-title}

${column4-text}

${header-title}

${column1-large-text}

Smart monitoring for operational risks

${column2-large-text}

Strengthening private company risk resilience

${column3-large-text}

${column3-title}

${column3-text}

${column4-large-text}

${column4-title}

${column4-text}
${column-img-description}

Get in touch

Insert Custom CSS fragment. Do not delete! This box/component contains code needed on this page. This message will not be visible when page is activated.
+++ DO NOT USE THIS FRAGMENT WITHOUT EXPLICIT APPROVAL FROM THE CREATIVE STUDIO DEVELOPMENT TEAM +++

Fullwidth SCC. Do not delete! This box/component contains JavaScript that is needed on this page. This message will not be visible when page is activated.

Did you find this useful?