Transcript

Slide 2

COSO’s definition of internal controls is … “A process, effected by an entity's
board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives.”

Slide 3

An internal control structure is essentially safeguards in the form of policies and procedures established by management to provide reasonable assurance that the objectives of the organization is met. This structure is internal to the organization and is designed, implemented and monitored by management. It is important that you take note here. Internal Controls are management’s responsibility and not the auditor or the SEC.

Slide 4

There are five basic categories of internal controls:
Accurate accounting records
Safeguard of assets
Effective and Efficient Operations
Management Policies
Compliance with applicable laws and regulations
Accounting records must be based upon reliable and verifiable information. People are making big dollar decisions based upon that information and they are relying upon it to be correct. In order for a business to continue doing business they must have access to their assets or resources such as cash, equipment, reputation, etc. Good internal controls protect those assets from theft and damage. Internal controls are also important in optimizing operations by reducing duplication of effort or waste. These controls also must be effective at ensuring management policies and procedures are followed.

Slide 5

And finally internal controls are important in ensuring that employees and managers follow all applicable laws and regulations. One such law is the Foreign Corrupt Practices Act of 1977. This act requires publicly traded companies to keep accurate records and have an adequate system of internal controls.

Slide 6

Now that we have looked at the basic categories of internal control lets look at the five basic components.
Control Environment
Risk Assessment
Control activities
Information and communication
Monitoring

Slide 7

This slide shows the control environment as an umbrella that protects the other four components. With out a solid control environment the other components of internal control are either severely weakened or completely eliminated.

Slide 8

So what is the control environment? The control environment is essentially the overall attitude of top management. You can say management sets the stage with their actions, policies and procedures. They set a tone for the rest of the organization. The control environment is the soul of management’s philosophy and operating style. We refer to this as the “tone at the top”. Essentially if management is secretive and underhanded with how they treat employees and customers, you can be sure that the entire organization reflects that thinking. However, an organization whose top management stresses the importance of integrity and transparency and sets a good example for their subordinates will have an organization that displays these qualities.

Slide 9

A good control environment has a clear organizational structure. Good organizational structures show clear lines of authority and responsibility. When everyone knows what they are responsible and accountable for the organization runs much smoother. There is also a commitment to competence. Organizations that hire individuals with little to no experience into key control positions such as safety officer and internal auditor are demonstrating that they have little regard for the importance of the position. In fact it suggests a desire to weaken the position.

Another important characteristic of a good control environment is the existence of an audit committee. More specifically the existence of an audit committee who is comprised of individuals external to the organization.

And of course we can’t forget integrity and strong ethical values. Although this goes without saying…management needs not only to behave with integrity and ethical values they should also reiterate to their subordinates the importance of integrity and sound ethical values.

Slide 10

The next component on our list is risk assessment. It is important that management routinely assess their organization for possible risks that could sink or cripple the organization. Once risks are identified they can be minimized or eliminated. You yourself conduct risk assessment everyday. For instance when you look both ways before crossing the street you are essentially assessing whether there is a risk of being run over should you cross the street at this point in time.

Slide 11

The next component on our list is control activities or policies and procedures designed and implemented by top management. You can break control activities down into five categories.
Segregation of duties
o This is where authorization, recording and physical control of assets are divided amongst different individuals so that no one person controls two or more of these duties for a given asset.
o For instance, one person should open the mail and separate out the checks, another should record the checks and another person should make the deposit. Good segregation of duties reduces potential theft of the checks.
Proper procedures for authorization
o This outlines clearly who has the authority to make certain decisions
o For instance, clear procedures for credit approval
Adequate documents and records
o It is important that complete documentation is maintained to support transaction records.
o For instance, invoices with clear and understandable information need to be available to support a claim against the organizations assets or resources. In other words someone with little to no previous knowledge about the transaction should be able to look at the supporting documentation and be able to understand the transaction and its business purpose. What do I mean by business purpose? I mean that the use of the resources are important and necessary to the operations of the company.
Physical control over assets and records
o Essentially this category has to do with securing resources so that they are available for future use.
o For instance, a safe or vault secures cash from theft so that it can be available for use by the company tomorrow and the next day after that, etc.
Finally Independent checks on performance
o To ensure that all the controls that have been designed and implemented are actually functioning as designed…someone needs to check or monitor these controls.
o For instance, managers need to check employees work for completeness and accuracy.

Slide 12

The second to last component is information and communication. The dissemination of general and critical information is essential to the well being of an organization. In order for a company to react to immediate opportunities and threats there needs to be a reliable system that can quickly communicate information to the appropriate people.

As with general information, an entity’s accounting information and communication system must be able to identify, assemble, classify, analyze, record, and report the entity’s transactions to the decision makers. These decision makers need confidence in this system in order to make the best decisions for the organization.

Slide 13

Good accounting information and Communication systems have seven control objectives
1. the information can be validated
2. transaction authorization is complete
3. the elements of the transaction are complete…for instance all source documents are available to support the transaction
4. classification follows the organizations guidelines
5. the information is timely for any relevant decisions
6. the information has correct valuation
7. and finally the information is posted and summarized into useful reports

Slide 14

The final component of internal controls is monitoring. Management needs to regularly check internal controls to assure themselves that the controls are still functioning as designed. It is also important that internal controls are routinely evaluated and modified as appropriate for changes in business conditions.