In 2002, when Congress mandated publically-traded businesses pay more attention to their internal controls, many business owners believed this was not only unnecessary, it was a profound waste of money. In the intervening years, many detractors have concluded that not only is an emphasis on internal controls good business, it’s also indispensable to maximize profits.
The objectives of a properly designed control environment include: (1) to promote operational efficiency and effectiveness, (2) to facilitate timely and accurate financial reports, (3) to safeguard Company assets and (4) ensure compliance with relevant laws and regulations. In today’s economy, failure to properly address the financial risks associated with each of these objectives could very well push a Company out of business.
These objectives are realized through defining objectives for the Company as a whole, key business units within the Company, and specific processes within those business units. Once objectives are established, the risks to achieving those objectives are identified, and strategies to mitigate or manage risks are developed. In essence, management determines what could go wrong with the business in general and the accounting function in particular, and then designs various procedures to address those risks- typically addressed by implementing a mix of preventative and detective internal controls.
How Controls Address Risk
Preventative Controls Prevent Material Risk From Occurring. Examples Include:
- Segregating the ability to enter into a transaction from the ability to account for it or possess custody of the cash associated with it.
- Performing background and credit checks upon employees in sensitive business areas.
- Establishing, communicating, and reinforcing a culture of ethics.
Detective Controls Identify If Material Risk Has Occurred. Examples Include:
- Reviewing the bank statement and corresponding bank reconciliation in detail for usual adjustments, transactions, or conditions.
- Reviewing and approving supporting documents for each material disbursement.
- Scrutinizing payroll reports for unauthorized pay increases, bonuses, or unknown employees.
For those unaccustomed to thinking in these terms, designing and implementing a proper set of internal controls can be a daunting exercise; but it is familiar territory for a CPA. Should you have any concerns about whether your controls are suitably designed to achieve the above objectives, we would welcome the opportunity to assess the current control environment and recommend cost-effective solutions to any significant deficiencies that may exist.