Close this search box.

Achieving Operational Efficiency: Internal Controls Strategies for Technology, People, and High-Risk Processes

By Courtney Handy, on March 26th, 2024

In today’s rapidly evolving business landscape, optimizing operational efficiency is more critical than ever. This requires a holistic and proactive approach to internal controls that addresses technology, people, and high-risk processes.


As businesses expand, so does their technological footprint. What once seemed like a manageable and value-added collection of applications and systems can quickly become a tangled web of inefficiencies, redundancies, and security risks. Therefore, performing a general inventory of your organization’s applications and systems is critical to stay organized and efficient and aware of your biggest risk areas, especially as they grow, evolve and people inevitably turnover.

  1. Purpose— What is the purpose of each application? Is it being underutilized? If so, why? Too often, applications become imbedded in processes and become outdated. One of the biggest indicators of this is people’s reliance on spreadsheets. I remember working with a large organization that created their own home-grown system 10+ years prior to automating an intricate process. Years of no oversight and zero upgrades to modules and reporting capabilities turned a once promising solution into an incomplete and outdated tool. People were right back to using hard copy forms, spreadsheets and duplicative emails to supplement workflows that should have been incorporated into the application. With any issue, you may have to consider upgrading to a newer version, making tweaks to a home-grown application, or shifting to a different platform. Identifying the purpose and how users interact with each application is the first step in maximizing your applications and mitigating risk.
  2. Type of Information— Next, take a look at the information stored in these applications. Are there multiple applications that offer the same or similar functionality? Is the same type of data stored in more than one application? If so, why? Who “owns” each application? Remember, many applications do not seamlessly interface with one another and making sure data matches is one more to-do people must consider. Unless it’s absolutely necessary, try to limit the number of applications that house similar to streamline operations and eliminate unnecessary tasks and tools.
  3. Access— Managing access to systems is critical for security and efficiency. There is no reason why an operations manager should have access to the payroll system to add a new employee or change someone’s pay. Unfortunately, it doesn’t take much oversight for an employee to route funds to themselves and wreak havoc on your organization. Regularly generating and reviewing system access reports is a sure way to prevent employees from having excessive access or conflicting rights with a coworker who performs the same or similar job. As a good rule of thumb, one person should never have the sole ability to complete a particular task start to finish, especially when dealing with financial transactions.


With turnover rates at an all-time high, effective personnel management has become more critical than ever. Ignoring the human aspect of a business can lead to detrimental consequences, both financially and operationally. Below are several factors to consider when creating and maintaining an efficient workforce:

  1. Cross Train— Cross-training employees and ensuring they are knowledgeable about various roles within the organization is crucial. In the event of a key employee leaving unexpectedly, having others who can step in and take over their responsibilities is invaluable and will save a ton of time. This not only mitigates the risk of knowledge loss but also promotes a more flexible and adaptable workforce.
  2. Document & Update Job Descriptions— As companies grow and evolve, job roles may change, and employees may be promoted or transferred. It is essential to document and regularly update job descriptions to reflect these changes and help prevent people from performing duplicate tasks or tasks that no longer align with their pay grade post promotion. Clear and up-to-date job descriptions help employees understand their roles and responsibilities, facilitating smoother operations and increased efficiency.
  3. Communicate Expectations & Perform Reviews— Transparent communication and regular performance reviews are necessary for employee engagement and productivity. In my experience, employees appreciate transparency. When in doubt, clear and concise expectations, performance feedback, and a path forward (for those eager for a promotion or a pay raise) helps employees align their efforts with organizational goals, driving efficiency and performance.
  4. Shift Responsibilities— Identifying areas where responsibilities can be shifted or redistributed can also lead to increased efficiency. By reallocating tasks based on employee strengths and workload, organizations can optimize productivity and ensure that each employee is working to their full potential.
  5. Staffing & Metrics— Utilizing metrics to measure employee performance, quality, and efficiency is essential for effective people management. Metrics can help identify areas for improvement, gaps in skills, and best practices in recruitment, placement, and retention. One common productivity measure is task efficiency, calculated by dividing the number of tasks completed by an employee in a given time period by the total number of hours worked.

High-Risk Processes

Certain areas within business operations are more prone to error, fraud, and inefficiencies. Identifying and managing these high-risk processes can help organizations maintain integrity and efficiency in their operations. Here are some key areas and best practices for managing high-risk processes effectively:

  1. Vendor Management— Organizations rely on external vendors to support their operations, making vendor management a critical component in any risk mitigation efforts. To ensure effective and efficient vendor management, strong controls are necessary. It’s important to establish a clear policy for adding new vendors and to limit the personnel who can add or modify a vendor in the system. Doing so prevents people who approve invoices or payments from adding a fictious vendor and issuing payments to themselves. Regularly reviewing the list of active vendors is also an important step in ensuring data is accurate. This step can also help identify old, duplicative or questionable vendors that should be removed to mitigate the risk of fraud, error and to streamline vendor management processes.
  2. Payroll/HR— Payroll and HR are common risk areas due to the access of sensitive information, monetary transactions, and complexity of processes. Encouraging employees to opt for direct deposit can eliminate the tedious tasks of handling physical checks, minimizing the risk of theft or fraud. It’s also crucial to ensure that no single individual has the sole responsibility for processing, submitting, and approving payroll, which can help prevent errors and unauthorized changes. Regularly reviewing payroll change reports and verifying that each change is supported by documented HR approval is another essential step in maintaining payroll integrity and accuracy.
  3. Banking & Disbursements— Efficient banking and disbursement practices can also help maintain financial integrity and minimize the risk of fraud. One strategy is to minimize the number of banks and accounts used, which simplifies management and reduces the risk of errors or unauthorized transactions. To promote accountability, it’s important to segregate the individuals responsible for creating and maintaining payment templates, entering payments, and approving disbursements. While credit cards can be a valuable tool, organizations should limit the number of cards issued and adhere to a clear policy regarding their use and consequences of misuse.

If you need further guidance or have any questions on this topic, we are here to help. Please do not hesitate to reach out to discuss your specific situation.

This material has been prepared for general, informational purposes only and is not intended to provide, and should not be relied on for, tax, legal or accounting advice. Should you require any such advice, please contact us directly. The information contained herein does not create, and your review or use of the information does not constitute, an accountant-client relationship.

Share on LinkedIn
Share on Facebook
Share on X

Written By

Courtney Handy Aug 23

Related Articles

Charlie Wood April 2020
Charlie Wood
Practice Lead, FoxPointe Solutions
bonadio circle 80x80
The Bonadio Group