What are Internal Controls?
Internal controls are defined as processes (determined by an entity’s board of directors, management, and other personnel) designed to provide reasonable assurance regarding the objectives in the following areas:
- Effectiveness and efficiency of operations
- Reliability of financial reporting
- Compliance with applicable laws and regulations
Internal controls assure that the processes companies want to happen will and things they don’t want to happen won’t.
(Download Video Transcript)
What is the Purpose of Internal Controls?
The overall purpose of internal controls is to help a department achieve its mission and accomplish certain goals and objectives.
An effective internal control system helps a department to:
- Promote orderly, economical, efficient, and effective operations
- Produce quality products and services consistent with the department’s mission
- Safeguard resources against loss due to waste, abuse, mismanagement, errors, and fraud
- Promote adherence to statutes, regulations, bulletins, and procedures
- Develop and maintain reliable financial and management data, and accurately report that data in a timely manner
What Can Each Department Do to Improve Its Internal Controls?
A properly designed internal control system will involve all departments of an organization to improve their processes.
- Implement separation of duties among different employees to reduce the risk of error or inappropriate actions; ensure no one person has complete control over all aspects of any financial transaction
- Ensure records are routinely reviewed and reconciled by someone other than the preparer to determine that transactions have been processed accurately and appropriately
- Ensure that cash, equipment, inventories, and other property are secured physically, counted periodically, and compared to control records; limit access only to authorized persons
- Provide employees with the appropriate training, direction, and supervision to ensure they have the necessary knowledge and skills to carry out their duties; inform employees of the proper channels for reporting suspected improprieties
- Make sure company-wide and department-level policies and procedures are formalized, documented, communicated, and readily available to employees; document day-to-day operating procedures and practices to provide staff with guidance to ensure management’s directives are carried out and to help maintain continuity of operations in the event of prolonged employee absences or turnover
Does Having Strong Internal Controls Guarantee Success?
No.
Due to limitations inherent in all internal control systems, internal controls only provide reasonable assurance that a department will be successful and achieve its objectives.
Breakdowns in internal controls can occur due to simple mistakes or faulty judgments, or controls can be circumvented through collusion or management override. However, lack of internal controls puts any company at risk for fraud, waste, and abuse.
What are the Components of an Internal Control System?
The Committee of Sponsoring Organizations (COSO) internal control framework identifies five inter-related components:
1. Control Environment
The control environment, sometimes referred to as “tone at the top”, is the foundation for all other components of internal control. The control environment is influenced by management’s philosophy, operating style, integrity, ethical values, and commitment to competence.
If this foundation is strong and if the control environment is positive, the overall system of internal control will be more effective.
2. Risk Assessment
Risk assessment is the identification, analysis, and management of risks relevant to the achievement of the department’s goals and objectives. Risks include internal and external events or circumstances that may occur and adversely affect operations.
Once risks are identified, management should consider their impact (or significance), the likelihood of their occurrence, and how to manage them.
3. Control Activities
Internal control activities are tools - policies, procedures, techniques, and mechanisms - that help ensure management’s directives are carried out. Control activities help identify, prevent, or reduce the risks that can impede accomplishment of the department’s objectives.
Control activities occur throughout the department, at all levels and in all functions. They include activities such as approvals, authorizations, verifications, reconciliations, documentation, separation of duties, and safeguarding of assets.
4. Monitoring
The department’s internal control system needs to be monitored to assess whether controls are effective and operating as intended. Ongoing monitoring occurs through routine managerial activities such as supervision, reconciliations, checklists, comparisons, performance evaluations, and status reports.
Monitoring may also occur through separate internal evaluations (e.g., internal audits/reviews) or from use of external sources (e.g., comparison to peer groups or industry standards, surveys, etc.).
Deficiencies found during monitoring need to be reported to those responsible for the function, with serious deficiencies being reported to top management.
5. Communication and Information
For a department to run and control its operations, it must have relevant, valid, reliable, and timely communications relating to internal and external events.
Managers must be able to obtain reliable information to make informed business decisions, determine their risks, and communicate policies and other important information to those who need it.
Take Control of Your Internal Controls
As you can see, there are many aspects of creating and monitoring your internal control systems. Consider having an outside advisor perform an internal control risk assessment for your company.
Source: Committee of Sponsoring Organizations (COSO) of the Treadway Commission and American Institute of CPAs (AICPA)
© 2022 SVA Certified Public Accountants