Internal controls are systems to provide reasonable assurance of efficient operations, reliable financial statements, and compliance with laws.
Regarding internal controls, we need to comply with Sarbanes-Oxley. This law was enacted in 2002 and requires additional work and investigations surrounding the accuracy of financial reporting. It creates individual responsibility, forcing management to be individually responsible for the accuracy of their financial information.
This law was created to help prevent fraud and misconduct within the accounting industry.
Now that we've covered a brief background of internal controls, let's discuss the five key elements of internal controls.
The control environment can be defined in the employee handbook as well as in the annual statement of an organization.
Business risks can be internal as well as external.
There are several ways to perform risk assessments, such as through internal audit, fraud analysis, as well as employee training. We can identify items through internal audits and fraud analyses. We can review the results of the audit of that analysis, and we can respond by performing additional employee training.
Control activities also include proper documentation so that we have formal policies, and authorization procedures to regulate different authorizations for certain transactions.
The most important control activity is separation of duties.
EXAMPLEOne example is a bank reconciliation. The person preparing that bank reconciliation should not be the same person that makes the deposits or the same person that signs off on the review of that reconciliation. You would need to separate those duties among different people to help strengthen your controls.
Note, information and communication systems refers specifically to computerized systems. It is essentially all about the protection of our data--our sales data and customer data.
We as an organization could have very sensitive information about our customers, so we need to have certain controls and checkpoints for our information and communication systems to make sure that data is not compromised.
However, we can't stop there. Once we perform that audit, then we have to analyze the results of that audit. Were there any weaknesses? What are the strong points of our systems?
Monitoring process also includes a review of transactions, such as monetary transactions, returns of merchandise, and non-monetary customer emails.
Essentially, this element involves checking if we're following our procedures, referring to those things that we put in our control environment and making sure we're operating within those policies and procedures.
We perform bank reconciliations to ensure that our financial systems match the bank balance. Essentially, it's to have control over our cash--because cash is very important to any business.
The elements of our internal control that a bank reconciliation involves are:
Source: Adapted from Sophia instructor Evan McLaughlin.