Be Ready! Internal Controls in Treasury Departments

Be Ready! Internal Controls in Treasury Departments

by François Masquelier, Head of Corporate Finance and Treasury, RTL Group, and Honorary Chairman, EACT

This article deals with the importance of improving internal controls in the treasury departments of European MNCs. Automation and straight-through processing (STP) is the radical solution. The critical and specific features of their work make treasury managers potential specialists in internal control. 

If you ask people, even financiers, how to define internal control, you may well get a big surprise and a major disappointment. So what is an internal control? According to the ICI (Internal Control Institute – www.internalcontrolinstitute.org) an internal control is:

 “…a process, effected by an entity’s Board of Directors, management or other personnel (including treasury team), designed to provide reasonable assurance regarding the achievement of (treasury and corporate finance) objectives in the following categories: effectiveness and efficiency of (treasury) operations; reliability of financial (and treasury) reporting; compliance with applicable laws and regulation”. 

Treasury managers, like any other employees, are required (for companies governed by national laws embodying the European Eighth Directive) or will be required (for unlisted companies) to map out the internal controls applicable/applied to their businesses. Besides, IT technology and the resources at the disposal of treasury managers now enable them to fine-tune their internal controls or to strengthen them. The sums at stake are sizeable, the transactions can be complex, there is a high risk of fraud (due to the amounts being processed) and the timing is by definition extremely tight in order to ensure that the same day’s value date is applied. The treasury manager can start by simply listing his internal controls on a spreadsheet (see Figure 1).

An example of an internal control framework for treasury departments

In terms of policies and procedures, treasury managers have one of the most regulated jobs, with the most checks and restrictions. They are organised and must be organised to ensure their departments run efficiently.They measure their effectiveness by using Key Performance Indicators (KPIs). They automate all systems and procedures as much as possible. Furthermore, they fulfil all the functions of effective internal control: they adhere to the code of conduct but are themselves subject to their own rules of conduct through ‘general treasury policy’; they adhere to the firm’s core values and to the general principles of their own policies; they set the example (‘walk the talk’); they have a quite structured organisation; staff that have to be competent and highly qualified (ever more so); they delegate and are themselves delegated to by management; they hold general authorisations, mandates and proxies; they are frequently subject to internal audits (very much so, given the specific features of their work and amounts involved); they are responsible for safeguarding the group’s financial assets and finally, as a tenth feature, they monitor their performance using KPIs. [[[PAGE]]]

The treasury manager - a mini CRO

Group Treasury Managers are  often like mini Chief Risk Officers (CROs), something that is sometimes overlooked. In a structured and ordered manner, they use specialist IT applications to manage the risks inherent in their work, usually with better effect than anyone else in the business. This is why they are increasingly involved in the process of mapping out risks and in Enterprise Risk Management (ERM). Treasury managers are like Circe, explaining the risks of the voyage to Ulysses to prepare for the dangers of the Odyssey and, for example, for the dangerous songs of the sirens or the dreaded Scylla and Charybdis. Treasury managers know what risk taxonomy means and prepare a long series of reports on managing it and on the underlying (financial) risks.

It is because they manage risk day to day that they are organised and have developed a battery of internal checks to keep it fully under control. They know about the difficulties of the segregation of tasks. They have their own Business Contingency Plans (BCPs) to cater for scenarios of non-access to buildings or systems. They are organised around a series of policies and procedures, themselves the implementation of general group policies and drawn from the company’s founding principles or fundamental charter. They are used to measuring the stage of completion of the duties that fall upon them through the use of KPIs, Key Risk Indicators (KRIs) and other Key Activity Indicators; because if it is not being measured, it is not being managed.

Like everyone else, they are subject to specific regulations and laws (e.g., IFRS for accounting principles and disclosures, with all the increased responsibility for the CFO who will ultimately have to sign the accounts; ever more restrictive European Directives, particularly on OTC derivative products, SEPA and MiFID; etc). More so than for any other employee, it is essential that the treasury department’s code of ethics (often more restrictive than the company’s own code of ethics) is adhered to so as to ensure the department runs properly. But this specific code of ethics must be monitored and supported by software and ad-hoc checks that are preventive, but also detective, or even corrective. Treasury technology (e.g., ERP and TMS) now makes treasury management more effective and efficient (especially when the whole IT architecture and solutions are fully interfaced for real STP), reducing not only costs but more importantly the operational risks of handling and processing financial data. It must assure the completeness and integrity of the data in the IT systems, the basis and container of its work, and provide a transactions audit trail. At a time when the CFO has to commit personally to the reliability of the accounts being presented, it is important to have prior assurance that the mechanisms limit inherent risk and provide assurance of the quality of the outgoing content to be certified.

These days, the words ‘tighter security’ ring bells in the minds of CFOs and result in larger budgets being allocated for computerising the department.

Don't wait until you are forced to make preparations

It cannot be stressed enough that treasury managers should be scrupulous in preparing (sometimes even anticipating the requirement) a comprehensive list of the internal controls that they intend to follow up and carry out. Furthermore, this exercise often involves increased use of computerised management techniques to automate and secure procedures and databases. This is a good pretext for the in-house sale of a number of projects related to IT development. These days, the words ‘tighter security’ ring bells in the minds of CFOs and result in larger budgets being allocated for computerising the department. 

In some ways, the treasury is an excellent testing ground for those wishing to tackle their list of internal controls, often for reasons of compliance with the European Eighth Directive, as it contains everything required for putting effective controls (it is often here that the problem arises, through a lack of effective controls) and effective monitoring in place. Treasury managers can be very virtuous and make their departments centres of excellence for the internal controls that are so vital for their organisations.