What are some of the main purposes of strengthening a company’s internal controls over financial reporting? One is to set up a defense to minimize the risk of a material misstatement to the financial statements. Another is to put up a barrier against the temptation to commit fraud. Companies that are going public or newly public are required to enhance and attest to their internal controls under the Sarbanes-Oxley Act, and there are real compelling reasons to do get this done right. As companies start the process or review the state of their SOX compliance efforts, they will want to focus on their key internal accounting controls.
What Are Key Internal Controls?
Internal controls are the systems and processes your company has in place as a protective blockade against mishaps and fraudulent activity that could lead to the need to restate your financial statements. How equipped is the company to detect and quickly respond to errors? And how can your company prevent or minimize the risk of fraud? Your company, with the help of SOX experts, can identify your key controls as a way to mitigate such risks and help you identify problems swiftly. The process of identifying what exactly is a key control can be customized to the unique situation of the company.
At first, after the passage of Sarbanes-Oxley and its internal control provision, known as SOX 404, companies went overboard in trying to meet the compliance requirements and anticipating their external auditor’s expectations for the internal control audits. A big lesson learned since then, from the overwhelming early days of SOX 404 compliance, was that companies should focus on their key internal controls—the internal controls that matter. After all, every company is different and has its own way of doing things.
The Internal Control—Integrated Framework from COSO (Committee of Sponsoring Organizations of the Treadway Commission) lists the five components of internal controls:
- Control environment: The set of standards, processes and structures underlying internal controls. This includes management’s tone at the top.
- Risk assessment: Companies need to identify key risks to the effectiveness of their internal controls and evaluate how they manage those risks.
- Control activities: Companies adopt activities to mitigate the risks defined above; these include segregation of duties and account reconciliations.
- Information and communication: Companies need information coming in and going out, as they need to know about risks to the business and also need to convey throughout the company and to outside interested parties that they take internal controls over financial reporting seriously.
- Monitoring: Companies are expected to test and evaluate their controls. For objectivity’s sake and to prepare for an auditor review, this can be done by SOX experts.
Examples of Internal Controls in Accounting
Internal controls in accounting are often designed to identify and prevent errors and minimize fraud risk. They clarify who is responsible for what, while ensuring accountability, reliable financial reporting, and optimal efficiencies among the finance and accounting team. In other words, internal controls can put layers into place that help to ensure a mistake is caught or not made in the first place. Processes and systems that have not kept up with the growth of the company can have a detrimental effect on a company’s SOX compliance risk, and the integrity of its financial data. Segregation of duties in accounting is an example of an internal control that most companies adopt for many processes.
Why Is Separation of Duties Required?
Segregation of duties (sometimes referred to as separation of duties) is one of several crucial internal accounting controls. It is long ingrained in mature finance teams but may not be inherent in the very early days of a company with very few employees. It’s the agreement that more than one person is responsible for a particular task. It keeps everyone responsible in check, while protecting the accuracy of financial statements and company assets. Consider the simplest of examples: One employee processes the checks that come into the office while another records what is received, or an employee needs a manager’s approval to make a payment. Finance and accounting experts can help you ensure that this internal control is covered, through systems that make delegation and access management seamless.
The Importance of Internal Controls
Is it time to assess the internal controls that matter most to how your company operates, to mitigate the risk of a restatement and to see if your SOX compliance program is efficiently run? Companies preparing for Sarbanes-Oxley compliance and even SOX veterans could benefit from an assessment of the processes and documentation practices underlying their financial reporting. SOX experts identify the gaps and inefficiencies and provide solutions that work for your company’s exact needs.