ORGANISATIONAL STRUCTURE AS A RISK DETERRANT
The experts on the TV were analysing the other day, the risks of a coup in both countries. So far Pakistan‘s history has been marked with military coups while none in India. Recently the Defence Minister made a categorical statement that there was no possibility of a military coup ever.
While the Defence Minister has made his comments based on his observations of the military personnel over the last seven years, TV experts have given certain logic while classifying it as a remote possibility
S.No |
Factors |
Pakistan |
India |
1 |
Ethnic background |
90% of army is from Punjab including Army chief |
Multi state regiments |
2 |
Status of Army Chief |
Higher than the Air force, Navy. They report to him |
All three Chiefs are equal |
3 |
Status of military |
Higher than Defence Ministry |
The Chiefs are of Additional Secretary level and report into the Defence Secretary |
4 |
Reporting of operational formations ( Corps) |
Corps report directly to the Army Chief |
Corps report to Divisional Headquarters, who in turn report into the Army Chief |
Hence the Organisational structure is such that in India’s case they act as controls to the risk of a coup, while in Pakistan’s case the structure seems to aid a military coup. Hence the structure in one case mitigates risk while in the other case heightens the risk i.e. it is a hazard.
OTHER TYPE OF ORGANISATIONAL CONTROLS
Organisational structure overarches all organisational controls and is a response to a strategic risk.
The other types of organisational controls address risks in day-to-day activities for e.g., authorisation of transaction, signing powers over cheques, segregation of duties, who can do what, etc. These are known as organisational controls as there is a human being interfacing.
These controls can be classified as
- Administrative controls
- Activity based controls
Examples of administrative controls are segregation of duties, delegating authorised powers, etc. while examples of activity-based controls are cheque signing, ledger writing, voucher preparation, etc.
WHEN TO CONSIDER WHICH CONTROL
An easy way to start is to study the strategic, operational, compliance, and reporting risks. Strategic risks are mainly covered by Organisation Structure, while the other three classes are covered by Administrative controls &activity based controls.
DESIGN
Controls are designed firstly by considering the individual risks. Then a portfolio approach is taken by considering risks & controls collectively with in a process, unit, division, enterprise, so as to optimise it.
COMPLIANCE REVIEWS
Internal audit would evaluate the efficiency of controls to current risks (organisation structure and administrative controls, activity based controls done by team), while external evaluations would also assess on the basis of anticipated risks.
Deepak Wadhawan, FCA is the founder of eAuditor.in (www.eauditor.in) an online course on Effective Internal Auditing.