[Seungseop Song's Financial Light] What Exactly Is 'Naebu Tongje' (Internal Control)?

Finance is difficult. It is filled with confusing terms and complex backstories intertwined. Sometimes, you need to learn dozens of concepts just to understand a single word. Yet, finance is important. To understand the philosophy of fund management and consistently follow the flow of money, a foundation of financial knowledge is essential. Accordingly, Asia Economy selects one financial issue each week and explains it in very simple terms. Even those with no financial knowledge can immediately understand these ‘light’ stories that illuminate the ‘light’ of finance.

[Image source=Yonhap News]

[Asia Economy Reporter Song Seungseop] Recently, the term ‘internal control’ has been frequently mentioned in the financial sector. After a 60 billion won embezzlement incident occurred at Woori Bank, various articles have used the phrase “internal control failure.” The Financial Supervisory Service ordered all banks to directly inspect their internal control systems. This shows how important internal control is in the financial sector. But what exactly is internal control?

Internal control refers to ‘the procedures that all members of a company must follow.’ It is a broad concept and can be understood as a kind of rule. The company creates these rules internally, and the chairman, board of directors, executives, and employees all must comply. Imagine if everyone acted according to different rules. Work would be disrupted, and the company would not operate properly. It would also be difficult to hold anyone accountable for mistakes.

Therefore, it is no exaggeration to say that a good company is one with well-established internal control. This means that sales are conducted efficiently, employees comply well with laws and regulations, and the organization strives effectively to achieve its goals. From a shareholder’s perspective, companies with a high level of internal control are safer investments.

Internal control is broadly divided into ‘accounting management control’ and ‘operational management control.’ Accounting management control aims to protect the company’s assets and maintain the reliability of accounting records. Operational management control aims to prevent and detect fraud and errors within the company, ensure management’s compliance with policies and regulations, and improve operational efficiency and effectiveness. In other words, accounting management control is the procedure to meticulously manage and safely store money, while operational management control is the procedure to facilitate smooth operations.

There are generally five elements necessary to establish good internal control. First, you need to secure talented personnel who can manage internal control well. This is called the ‘control environment.’ There is also ‘risk assessment,’ which effectively detects various risks occurring in the company, and ‘control activities,’ which clearly define roles to maintain internal control. Additionally, there must be ‘information and communication,’ meaning accurate and appropriate information flow. Finally, ‘monitoring’ ensures smooth follow-up actions when incidents or problems occur. All five must be solid for a company to be safe and efficient.

Financial companies, in particular, are subject to stricter internal control obligations than other private companies. This is because they handle deposits from individuals and businesses, and incidents can have significant ripple effects on the national society and economy. Moreover, since trust is the lifeblood of banks, they naturally must be sensitive about internal control. When internal control is solid, errors or deviations during business activities can be prevented, and corrective actions can be taken quickly if risks arise.

In Korea, discussions on internal control regulations in the financial sector began in 2004. At that time, the ‘internal accounting control system,’ which can be seen as accounting management control, was regulated. Comprehensive internal control regulations related to operations were established in 2015, and in 2017, the ‘Act on the Governance of Financial Companies’ was enacted, further strengthening internal control standards.

What happens if internal control is not properly established? There are countless cases of financial accidents caused by internal control failures. The 1995 collapse of Barings Bank is a representative example. Barings Bank went bankrupt after its Singapore branch sold high-risk derivatives and failed to properly grasp the scale of accumulated losses. The accounting fraud at Enron in the 2000s and the investment losses of major investment banks in 2008 are similar cases. The fact that Woori Bank did not detect the embezzlement of 61.4 billion won over six years in three separate incidents is also argued to be an example of internal control failure.

Then, who is ultimately responsible for internal control in banks? Who should bear the final responsibility when internal control fails? The financial authorities and banks have somewhat different views on this issue. The Financial Supervisory Service basically considers the ‘CEO (bank president)’ as the ultimate responsible person. On the other hand, banks argue that sanctioning the CEO solely because internal control standards were negligently established when a financial accident occurs is somewhat excessive.

Of course, regardless of who is held responsible, internal control has fundamental flaws. No matter how perfect the system is, accidents can still happen. This is because companies are made up of imperfect humans. Even very talented personnel can sometimes become careless or exhausted and make wrong judgments. This is called ‘execution risk.’ Therefore, to prevent risks, it is necessary to continuously strengthen, review, and strictly monitor internal control.

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.