Difference between revisions of "Internal Control"

Revision as of 13:53, 10 April 2021

Internal Control is a process affected by an organization's governing board, management, administration, and personnel and is designed to provide reasonable assurance regarding the achievement of objectives in the following categories:

effectiveness and efficiency of operations;
reliability of financial reporting; and
compliance with applicable laws and regulations.

This definition reflects certain fundamental concepts:

Internal control is a process. It is a means to an end, not an end in itself.
Internal control is affected by people. It involves not only policy manuals and forms, but also people functioning at every level of the organization.
Internal control is geared to the achievement of objectives in several overlapping categories.
Internal control can be expected to provide only reasonable assurance to an organization's leaders regarding achievement of operational, financial reporting, and compliance objectives.^[1]

Internal controls are one of the most essential elements within any organization. Internal controls are put in place to enable organizations to achieve their goals and missions. Management is responsible for the design, implementation, and maintenance of all internal controls, with the Board responsible for the overall oversight of the control environment. Strong internal controls allow for organizations to achieve three main objectives. These three objectives are: accurate and reliable financial reporting, compliance with laws and regulations, and effectiveness and efficiency of the organizations operations. In order to achieve these objectives an internal control framework needs to be applied and followed throughout the organization. The five components of the internal control framework are control environment, risk assessment, control activities, information and communication, and monitoring.^[2]

Components of Internal Control^[3]
The framework of a good internal control system includes:

Control environment: A sound control environment is created by management through communication, attitude and example. This includes a focus on integrity, a commitment to investigating discrepancies, diligence in designing systems and assigning responsibilities.
Risk Assessment: This involves identifying the areas in which the greatest threat or risk of inaccuracies or loss exist. To be most efficient, the greatest risks should receive the greatest amount of effort and level of control. For example, dollar amount or the nature of the transaction (for instance, those that involve cash) might be an indication of the related risk.
Monitoring and Reviewing: The system of internal control should be periodically reviewed by management. By performing a periodic assessment, management assures that internal control activities have not become obsolete or lost due to turnover or other factors. They should also be enhanced to remain sufficient for the current state of risks.
Information and communication: The availability of information and a clear and evident plan for communicating responsibilities and expectations is paramount to a good internal control system.
Control activities: These are the activities that occur within an internal control system.

source: Reliability First

Roles and Responsibilities in Internal Control^[4]
According to the COSO Framework, everyone in an organization has responsibility for internal control to some extent. Virtually all employees produce information used in the internal control system or take other actions needed to affect control. Also, all personnel should be responsible for communicating upward problems in operations, non-compliance with the code of conduct, or other policy violations or illegal actions. Each major entity in corporate governance has a particular role to play:

Management: The Chief Executive Officer (the top manager) of the organization has overall responsibility for designing and implementing effective internal control. More than any other individual, the chief executive sets the "tone at the top" that affects integrity and ethics and other factors of a positive control environment. In a large company, the chief executive fulfills this duty by providing leadership and direction to senior managers and reviewing the way they're controlling the business. Senior managers, in turn, assign responsibility for establishment of more specific internal control policies and procedures to personnel responsible for the unit's functions. In a smaller entity, the influence of the chief executive, often an owner-manager, is usually more direct. In any event, in a cascading responsibility, a manager is effectively a chief executive of his or her sphere of responsibility. Of particular significance are financial officers and their staffs, whose control activities cut across, as well as up and down, the operating and other units of an enterprise.
Board of directors: Management is accountable to the board of directors, which provides governance, guidance and oversight. Effective board members are objective, capable and inquisitive. They also have a knowledge of the entity's activities and environment, and commit the time necessary to fulfil their board responsibilities. Management may be in a position to override controls and ignore or stifle communications from subordinates, enabling a dishonest management which intentionally misrepresents results to cover its tracks. A strong, active board, particularly when coupled with effective upward communications channels and capable financial, legal and internal audit functions, is often best able to identify and correct such a problem.

Audit roles and responsibilities

Auditors: The internal auditors and external auditors of the organization also measure the effectiveness of internal control through their efforts. They assess whether the controls are properly designed, implemented and working effectively, and make recommendations on how to improve internal control. They may also review Information technology controls, which relate to the IT systems of the organization. To provide reasonable assurance that internal controls involved in the financial reporting process are effective, they are tested by the external auditor (the organization's public accountants), who are required to opine on the internal controls of the company and the reliability of its financial reporting.
Audit committee: The role and the responsibilities of the audit committee, in general terms, are to: (a) Discuss with management, internal and external auditors and major stakeholders the quality and adequacy of the organization’s internal controls system and risk management process, and their effectiveness and outcomes, and meet regularly and privately with the Director of Internal Audit; (b) Review and discuss with management and the external auditors and approve the audited financial statements of the organization and make a recommendation regarding inclusion of those financial statements in any public filing. Also review with management and the independent auditor the effect of regulatory and accounting initiatives as well as off-balance sheet issues in the organization’s financial statements; (c) Review and discuss with management the types of information to be disclosed and the types of presentations to be made with respect to the Company's earning press release and financial information and earnings guidance provided to analysts and rating agencies; (d) Confirm the scope of audits to be performed by the external and internal auditors, monitor progress and review results and review fees and expenses. Review significant findings or unsatisfactory internal audit reports, or audit problems or difficulties encountered by the external independent auditor. Monitor management's response to all audit findings; (e) Manage complaints concerning accounting, internal accounting controls or auditing matters; (f) Receive regular reports from the Chief Executive Officer, Chief Financial Officer and the Company's other Control Committees regarding deficiencies in the design or operation of internal controls and any fraud that involves management or other employees with a significant role in internal controls; and (g) Support management in resolving conflicts of interest. Monitor the adequacy of the organization’s internal controls and ensure that all fraud cases are acted upon.
Personnel benefits committee: The role and the responsibilities of the personnel benefits, in general terms, are to: (a) Approve and oversee administration of the Company's Executive Compensation Program; (b) Review and approve specific compensation matters for the Chief Executive Officer, Chief Operating Officer (if applicable), Chief Financial Officer, General Counsel, Senior Human Resources Officer, Treasurer, Director, Corporate Relations and Management, and Company Directors; (c) Review, as appropriate, any changes to compensation matters for the officers listed above with the Board; and (d)Review and monitor all human-resource related performance and compliance activities and reports, including the performance management system. They also ensure that benefit-related performance measures are properly used by the management of the organization.
Operating staff: All staff members should be responsible for reporting problems of operations, monitoring and improving their performance, and monitoring non-compliance with the corporate policies and various professional codes, or violations of policies, standards, practices and procedures. Their particular responsibilities should be documented in their individual personnel files. In performance management activities they take part in all compliance and performance data collection and processing activities as they are part of various organizational units and may also be responsible for various compliance and operational-related activities of the organization. Staff and junior managers may be involved in evaluating the controls within their own organizational unit using a control self-assessment.

↑ What Does Internal Control Mean? Michigan Tech
↑ What is the Objective of Internal Controls? Cerini & associates
↑ The Framework for Internal Control University of Washington
↑ Roles and Responsibilities in Internal Control Wikipedia

[1] What Does Internal Control Mean? Michigan Tech

[2] What is the Objective of Internal Controls? Cerini & associates

[3] The Framework for Internal Control University of Washington

[4] Roles and Responsibilities in Internal Control Wikipedia

[1]

[2]

[3]

[4]

@@ Line 21: / Line 21: @@
-[[File:Internal Control Framework.png|400px|Internal Control Framework]]<br />
+[[File:Internal Control Framework.png|300px|Internal Control Framework]]<br />
 source: [https://rfirst.org/KnowledgeCenter/Risk%20Analysis/InternalControls/Pages/InternalControls.aspx Reliability First]
+'''Roles and Responsibilities in Internal Control<ref>Roles and Responsibilities in Internal Control [https://en.wikipedia.org/wiki/Internal_control Wikipedia]</ref>'''<br />
+According to the COSO Framework, everyone in an organization has responsibility for internal control to some extent. Virtually all employees produce information used in the internal control system or take other actions needed to affect control. Also, all personnel should be responsible for communicating upward problems in operations, non-compliance with the code of conduct, or other policy violations or illegal actions. Each major entity in corporate governance has a particular role to play:
+*Management: The Chief Executive Officer (the top manager) of the organization has overall responsibility for designing and implementing effective internal control. More than any other individual, the chief executive sets the "tone at the top" that affects integrity and ethics and other factors of a positive control environment. In a large company, the chief executive fulfills this duty by providing leadership and direction to senior managers and reviewing the way they're controlling the business. Senior managers, in turn, assign responsibility for establishment of more specific internal control policies and procedures to personnel responsible for the unit's functions. In a smaller entity, the influence of the chief executive, often an owner-manager, is usually more direct. In any event, in a cascading responsibility, a manager is effectively a chief executive of his or her sphere of responsibility. Of particular significance are financial officers and their staffs, whose control activities cut across, as well as up and down, the operating and other units of an enterprise.
+*Board of directors: Management is accountable to the board of directors, which provides governance, guidance and oversight. Effective board members are objective, capable and inquisitive. They also have a knowledge of the entity's activities and environment, and commit the time necessary to fulfil their board responsibilities. Management may be in a position to override controls and ignore or stifle communications from subordinates, enabling a dishonest management which intentionally misrepresents results to cover its tracks. A strong, active board, particularly when coupled with effective upward communications channels and capable financial, legal and internal audit functions, is often best able to identify and correct such a problem.
+''Audit roles and responsibilities''<br />
+*Auditors: The internal auditors and external auditors of the organization also measure the effectiveness of internal control through their efforts. They assess whether the controls are properly designed, implemented and working effectively, and make recommendations on how to improve internal control. They may also review Information technology controls, which relate to the IT systems of the organization. To provide reasonable assurance that internal controls involved in the financial reporting process are effective, they are tested by the external auditor (the organization's public accountants), who are required to opine on the internal controls of the company and the reliability of its financial reporting.
+*Audit committee: The role and the responsibilities of the audit committee, in general terms, are to: (a) Discuss with management, internal and external auditors and major stakeholders the quality and adequacy of the organization’s internal controls system and risk management process, and their effectiveness and outcomes, and meet regularly and privately with the Director of Internal Audit; (b) Review and discuss with management and the external auditors and approve the audited financial statements of the organization and make a recommendation regarding inclusion of those financial statements in any public filing. Also review with management and the independent auditor the effect of regulatory and accounting initiatives as well as off-balance sheet issues in the organization’s financial statements; (c) Review and discuss with management the types of information to be disclosed and the types of presentations to be made with respect to the Company's earning press release and financial information and earnings guidance provided to analysts and rating agencies; (d) Confirm the scope of audits to be performed by the external and internal auditors, monitor progress and review results and review fees and expenses. Review significant findings or unsatisfactory internal audit reports, or audit problems or difficulties encountered by the external independent auditor. Monitor management's response to all audit findings; (e) Manage complaints concerning accounting, internal accounting controls or auditing matters; (f) Receive regular reports from the Chief Executive Officer, Chief Financial Officer and the Company's other Control Committees regarding deficiencies in the design or operation of internal controls and any fraud that involves management or other employees with a significant role in internal controls; and (g) Support management in resolving conflicts of interest. Monitor the adequacy of the organization’s internal controls and ensure that all fraud cases are acted upon.
+*Personnel benefits committee: The role and the responsibilities of the personnel benefits, in general terms, are to: (a) Approve and oversee administration of the Company's Executive Compensation Program; (b) Review and approve specific compensation matters for the Chief Executive Officer, Chief Operating Officer (if applicable), Chief Financial Officer, General Counsel, Senior Human Resources Officer, Treasurer, Director, Corporate Relations and Management, and Company Directors; (c) Review, as appropriate, any changes to compensation matters for the officers listed above with the Board; and (d)Review and monitor all human-resource related performance and compliance activities and reports, including the performance management system. They also ensure that benefit-related performance measures are properly used by the management of the organization.
+*Operating staff: All staff members should be responsible for reporting problems of operations, monitoring and improving their performance, and monitoring non-compliance with the corporate policies and various professional codes, or violations of policies, standards, practices and procedures. Their particular responsibilities should be documented in their individual personnel files. In performance management activities they take part in all compliance and performance data collection and processing activities as they are part of various organizational units and may also be responsible for various compliance and operational-related activities of the organization. Staff and junior managers may be involved in evaluating the controls within their own organizational unit using a control self-assessment.