One of my favorite aspects of being a financial professional is knowing that others on the management team and in my organization are relying on me. I am expected to handle key functions within the business, and if I do my job well I can contribute integrally to the organization’s success. This can provide a constant sense of urgency but also a rewarding feel of satisfaction and significance.
Among the not so glamorous yet important features of an organization’s structure are internal controls. Accountants are expected to implement sound measures to safeguard assets and reasonably ensure that management’s objectives are achieved toward effective operations, reliable financial reporting, and legal and regulatory compliance.
Even if this sounds boring, take consolation in the fact that your organization’s survival and success depends on it.
The Committee of Sponsoring Organizations (COSO) first released its Internal Control-Integrated Framework in 1992. This document defined internal control and provided accompanying standards. Over twenty years later the framework is still highly relevant.
In May of 2013 changes were made that kept the core intact and added, among other things, seventeen principles to help with implementation of the framework in light of changes over the years. A recent article in The CPA Journal discusses these seventeen principles as organized under the five categories of internal control within the COSO framework.
1) Commit to integrity and ethical values – this largely entails setting an effective “tone at the top.”
2) The independent Board of Directors should oversee internal control – among other things, objectively evaluate managers and ask appropriate questions.
3) Establish appropriate authority, responsibility, and reporting structures.
4) Attract, develop, and retain the right talent to achieve objectives.
5) Hold employees individually accountable for fulfilling organizational objectives.
6) Be able to identify and assess risks by having first formulated objectives with sufficient clarity.
7) Identify and analyze risks throughout the organization to determine how they should be managed – choose whether to accept, avoid, reduce, or share risks.
8) Consider potential fraud risks, including misappropriation of assets and alteration of records, that could deter the organization from achieving its objectives.
9) Be ready for changes, including within the external environment, business model, or leadership, that could impact the internal control system.
10) Mitigate risks to acceptable levels by choosing and implementing appropriate control activities.
11) Technology is a special category of importance for implementing control activities that help enable the organization to achieve management’s objectives.
12) Policies establish expectations and procedures put these policies into action in order to deploy control activities.
- Information & Communication
13) Support internal control functions with relevant and timely information – capture data, transform it into information, and protect its availability and accessibility to appropriate parties.
14) Communicate internally regarding internal control objectives and responsibilities.
15) Communicate with appropriate external parties regarding internal control, carefully considering the timing, audience, and nature of the communication.
16) Have ongoing evaluations to determine whether internal controls are working effectively.
17) Communicate internal control deficiencies to senior management and the board of directors so that they can timely take corrective action.
In short, internal controls help management set a proper tone, define organizational objectives, and run the business effectively. A leadership-oriented financial professional who wants to be indispensably valuable within an organization should study and understand how to effectively choose, implement, and monitor internal controls on an ongoing basis.