The first point is system access management. Particularly, there are often lapses in the procedures for revoking system access for those who have transferred departments or resigned. Even though system access should be revoked immediately, it is common to adjust system access a while after the department transitions or termination. Since job transitions occur frequently in our daily work environment, it is essential to be aware of our own system access privilege. To prevent incidents caused by unauthorized access to information, it is also important to design control activity to remove access when there is a job transfer or termination.

The second point is management of employees engaged in the position for a long time. It is often observed to see individuals performing the same tasks for a long time without proper supervision, however, this can be quite risky from internal control perspective. One of the main causes of the embezzlement or financial incidents are data manipulation or access right abuse by personnel who have been in their roles for a long time. In response to this, implementing a "job rotation system" might be control activity to mitigate the risk. This can prevent the concealment of critical data manipulation and occupational misconduct, helping to avert larger incidents.
The third aspect is self-approval. Nowadays, it is general procedure for accounting entries arising in each department to be recorded through an ERP system. Typically, a preparer submits an entry, and the head of department must approve it for entry posting. However, it is frequently observed that the head of department holds both the preparer & approver authority within the system, where separation of duties is implemented. In such cases, immediate system improvements should be proceeded to ensure that the same individual cannot be both the preparer and approver of entries, thereby preventing self-approval. Additionally, a regular monitoring system should be established to check for the existence of self-approved entries to prevent any potential incidents.

Lastly, it is critical to conduct periodic training on entity’s internal rules & policy. While it is essential to understand company’s policy, it is also vague to recall them when it is needed. Many people are unaware of which rules & policies should be followed and procedures & consequences if not followed them. However, it is a crucial point needs to be addressed considering following internal rules & policies is a baseline of proper internal control. Incidents resulting from ignorance of rules & policy should not occur. As mandatory training is conducted such as, workplace sexual harassment, diversity awareness, and other functional trainings, adding mandatory training on task relevant rules & policy will greatly enhance control environment within the company.
 

In conclusion, we have covered major control points and environment in daily office life. Although these may be considered basic matters, but they can easily be overlooked. I hope that the establishment of control environment and awareness to prevent financial incidents become a part of our daily life by recognizing that internal control is not distant from our own tasks.