From Policing to Partnering: Rethinking How We Enforce Controls

Everyone in a finance or accounting seat has that moment — the awkward email reminding a coworker to provide receipts for their credit card charges or the uncomfortable interaction when you have to deny a purchase because someone has exceeded their budget. You hit ‘send,’ and suddenly you’re not a coworker, you’re the compliance police.

Internal controls are vitally important (the Association of Certified Fraud Examiners estimates that 5% of an organization’s revenue is lost to fraud every year) but they are only words on paper if they aren’t implemented and enforced. Let’s explore ways that the finance office can stop policing and start partnering!

Why Enforcement Fails (Even with Good Policies)

The first step of creating a collaborative internal control environment is understanding why team members might try to circumvent internal controls. It’s usually not because they’re doing something wrong or want to cause problems, so what are the most common reasons colleagues try and work around controls?

• Time Pressure: Teams are busy and, without understanding the importance of them, internal controls can feel like just another thing that slows down operations.
• Perception: Internal controls can feel like bureaucracy and a way for finance to control the organization.
• Tone at the Top: Leaders may verbally value accountability and controls, but reward speed or convenience instead, contradicting finance’s messaging.

The good news? With a few shifts in mindset and communication, enforcing controls can feel less like policing—and more like partnership.

The Shift: From Enforcing to Enabling

Now that we have an idea of why internal controls feel more like a burden than a benefit, how can we create a culture where internal controls are just part of day-to-day life?

Change the Narrative: Recast internal controls as shared tools, not personal duties.

• Use enforcement as an opportunity to teach: “Let’s look at why this step was missed and how to make it easier next time.”
• Provide fraud facts and figures and prevention training across the organization. Internal controls are everyone’s responsibility, so they’re easier to implement when everyone is engaged.

Transparency Builds Trust: Explain why the control exists and who it’s protecting.

• Normalize talking about controls as part of good stewardship, not suspicion.
• Regularly share “wins” — times when controls prevented a problem. Perhaps a team member receives a vendor email asking to change payment info. Instead of forwarding it to finance, they call the vendor and learn the email was hacked. That vigilance deserves celebration!
• Empower leaders at all levels to model compliance. A positive “tone at the top” is one of the most effective ways to reduce fraud risk because it creates a compliant environment.

Fix the Friction: Ask other departments and team members, “What’s making this control hard to follow?”— then work together on fixing those pain points.

• Involve other departments in shaping controls — co-create rather than dictate. While this may not work in areas like revenue recognition, getting input on things like expense reimbursements or the purchase order process can really bring a team together.
• Consider a process review to get an outside perspective on how to enhance efficiency and maintain controls.

Good enforcement isn’t about catching people doing wrong; it’s about helping them do right. When we lead with partnership, compliance stops being a chore—and starts becoming a culture.