Internal control
We usually think of internal control in terms of financial risks, such as credit risk and fraud. But as social businesses, MFIs also need to have checks and balances in place to make sure they keep to their stated social objectives, and comply with their formal policies, procedures and systems.
This section covers a number of key questions on internal control, including:
- Why is it important to integrate SPM into internal control?
- How much will it cost?
- How can you train your team?
- How can you align your policies to ensure compliance?
- What can you do to check the quality of your information?
- How should you conduct an internal social audit?
- What is the role of external audits and ratings?
- What key lessons should you bear in mind?
You can also read in detail about the experience of AMK (Cambodia), and how it has successfully embedded SPM into its internal control function.
What do we mean by ‘internal control’?
People often confuse internal control with internal audit – but audit is just one element of internal control, which is, in turn, a part of overall risk management. By internal control, we mean all the methods, policies and procedures used to ensure that things happen the way they should. Internal audit, on the other hand, is an assessment. It’s the final check that the internal control system is working properly. An internal audit should be carried out regularly as a way of ‘self-assessing’ your organisation’s performance. The results will tell you what needs to be changed (policies and procedures), should the audit reveals that things aren’t working as they should.