Risk Management Strategy with Internal Controls
Kafayat Saliu
Accountant
Financial Analyst
Bookkeeper
Client Overview
Company Name: XTL Corporation
Industry: Manufacturing
Location: Ottawa, Canada
Size: Medium-sized enterprise with over 150 employees
Revenue: $42 million annually
Project Duration: 6 months
XTL Corporation, a medium-sized manufacturing company, engaged my services to address weaknesses in risk management practices and internal controls. The company was facing operational inefficiencies, compliance challenges, and financial discrepancies. Our goal was to develop a robust, practical risk management strategy and implement internal controls that would help mitigate financial and operational risks.
Challenges Identified
Inconsistent Internal Controls
The company had insufficient segregation of duties, which led to potential errors and fraud.
Key processes like approval workflows and reconciliations were either manual or lacked oversight.
Reactive Risk Management
There were no formalized processes to proactively identify, assess, and mitigate risks.
Risks were only addressed after they had already impacted operations.
Lack of Integration Between Financial and Operational Controls
Operational processes such as inventory and procurement were not aligned with the company’s financial controls, leading to poor cash flow management and inaccurate financial reporting.
Objectives
To design and implement a comprehensive risk management framework.
To strengthen internal controls across key business functions.
To improve financial reporting accuracy and operational transparency.
To automate and streamline manual processes.
Solution Provided
Risk Assessment and Identification
I conducted a detailed risk assessment using both qualitative and quantitative methods. The process involved:
Interviews with Key Stakeholders: I interviewed department heads, financial officers, and managers to identify known risks, pain points, and compliance gaps.
Data Analysis: I reviewed historical financial data, audit reports, and operational performance metrics to uncover trends and potential areas of concern.
Risk Mapping: I created a risk register that categorized identified risks by type (financial, operational, compliance, strategic) and assessed the probability and impact of each risk on business operations.
Design and Implementation of Internal Controls
I implemented practical, actionable internal control measures that addressed the gaps identified during the risk assessment:
Segregation of Duties:
§ I separated key duties in the finance department. For example, the individual who raised purchase orders was different from the one who approved them, and the person responsible for making payments was separate from the one reconciling the bank accounts.
§ Introduced a 4-eye review process for any financial transactions above the threshold of $10,000.
Manual Approval and Authorization Workflows:
I used Excel spreadsheets with built-in approval columns to create an organized workflow for purchase orders, invoices, and expense reports. The spreadsheets required multiple sign-offs before any transaction could proceed, ensuring proper authorization.
I also used Excel's conditional formatting to highlight transactions that required approval or exceeded predefined thresholds, which allowed for quicker identification and review.
Reconciliation Automation:
I created an automated reconciliation system in Excel. By linking bank statement data with internal financial records using VLOOKUP and MATCH functions, I automated the identification of discrepancies and flagged unmatched transactions.
Excel’s pivot tables were also used to summarize discrepancies and track reconciliation progress, which saved time and reduced errors in the manual process.
Inventory Control and Procurement:
§ Implemented a barcode system for tracking inventory levels and integrated it with the company’s ERP ( QuickBooks Online) to ensure real-time visibility of stock levels and procurement needs.
§ Introduced a two-person inventory count system to prevent theft or error, ensuring that inventory counts were validated by two different employees.
Monthly Risk Review Meetings:
§ Established monthly risk management meetings involving senior leadership to review the risk register, assess new risks, and update mitigation strategies. During these meetings, specific actions were taken to mitigate any emerging risks.
Training and Capacity Building
To ensure the sustainability of the new systems and processes, I conducted targeted training sessions:
Risk Awareness: I trained department heads and managers on how to identify and mitigate risks in their respective areas. This included risk identification techniques, risk assessment tools, and risk mitigation using data using Excel and Microsoft 365.
Internal Control Procedures: I provided hands-on training for employees on the new automated systems (e.g., approval workflows, bank reconciliation spreadsheet, inventory tracking). This ensured that they understood how to navigate the tools and adhere to new control protocols.
Continuous Monitoring and Reporting
I set up a real-time risk monitoring system that tracked key risk indicators (KRIs) such as cash flow variances, unapproved transactions, and inventory discrepancies.
Automated Alerts: Integrated with the financial system to send real-time alerts when transactions outside of predefined thresholds occurred (e.g., unauthorized payments, large discrepancies between bank and ledger).
Quarterly Risk Audits: I scheduled quarterly internal audits to assess the effectiveness of internal controls and identify areas for improvement.
Results Achieved
Reduced Financial Discrepancies
The implementation of automated reconciliations reduced discrepancies in bank reconciliations by 90%, ensuring that the company’s financial records were consistently accurate and up-to-date.
Improved Operational Efficiency
The integration of barcode tracking for inventory management improved stock accuracy by 35%, reducing excess inventory and preventing stockouts.
The automated approval system streamlined workflows and reduced the time spent on manual approvals by 60%, improving operational efficiency.
Enhanced Compliance and Risk Mitigation
With the introduction of the automated approval process and segregation of duties, the company reduced the risk of fraud by ensuring proper checks and balances were in place.
The new risk management meetings and the creation of a risk register allowed the company to be more proactive in identifying and mitigating risks, reducing incidents of financial mismanagement.
Cost Savings
By automating reconciliation and approval workflows, the company saved approximately $22,000 annually in administrative costs, with the additional benefit of reducing human error.
Stronger Corporate Governance
The enhanced internal controls provided senior management with more visibility and control over operations, contributing to stronger corporate governance and greater shareholder confidence.
Conclusion
Through the development and implementation of a practical risk management strategy, XTL Corporation successfully mitigated its financial and operational risks. The company now has a proactive risk management framework, integrated internal controls, and automated systems that reduce human error, improve efficiency, and ensure compliance. This case exemplifies the impact of targeted, actionable internal controls in enhancing operational resilience and financial stability.
