Join the Jindal School Community!


The Who, What, How and Why of Internal Controls

read ( words)

Who is responsible for internal controls?
What are internal controls?
How can I operate efficiently?
Why are internal controls of value?

The objective of internal controls is to safeguard your assets and to properly present financial statements in accordance with Generally Accepted Accounting Principles (GAAP).

According to the Committee of Sponsoring Organizations of the Treadway Commission (COSO), “internal control is a process effected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting and compliance.” The effective utilization of controls will strengthen customer service, improve compliance, potentially increase profits and eliminate via social media any misunderstandings of your organization.

Internal Controls also are important because they are instrumental in:

  • Managing revenues;
  • Controlling expenses;
  • Managing assets and asset purchases.

Who is responsible for internal controls?

Everyone in the organization is responsible for controls. Period. End of story!! Yes, this is an ethical issue.

The area to implement internal controls is the Internal Audit Department and/or the Accounting Area. If you have more than 350 employees in your organization, you should have an Accounting Department and an Internal Audit Department. Note, the Internal Audit Department should report to the board of directors.

What are internal controls?

Internal controls are a process by an organization’s board of directors, management and other personnel designed to provide reasonable assurance regarding the achievement of objectives, such as:

  • Effectiveness and efficiency of operations;
  • Reliability of reporting;
  • Compliance with applicable rules, laws, and regulations;
  • Strategic planning.

Internal control components include:

  • Control Environment (Tone from the top),
  • Risk Assessment (Identifying risks and analyzing objectives),
  • Control Activities (Developing policies and procedures),
  • Information and Communication (relevant, accurate and timely), and
  • Monitoring (Evaluations).

In my opinion the most important are Control Environment and Control Activities because they address the following:

  • Management’s role in political, social and economic issues;
  • Segregation of responsibilities to create a system of checks and balances;
  • A system of authorization and record procedures adequate to provide reasonable accounting control over assets, liabilities, revenues and expenditures;
  • Development of policies and procedures for prescribing and documenting the business and control processes. This should consist of a well-thought-out strategy and be reviewed and adjusted periodically to reflect changes in the business and control environment.

See COSO Cube below:

How can I operate efficiently?

There is no perfect answer to this question, and there is no one control that fits all. Every organization is different. Hiring skilled, honest and trained people who are motivated to succeed should increase operating efficiency and controls. The tone from the top and proper lines of communications are important to succeed as an organization grows and matures.

With technology changing daily, and with changes in regulatory compliance requirements, it is useful to review the various processes from time to time. One constantly should be asking why the tasks are performed, who does them and does this increase the bottom line. Benchmarking your organization on how to improve efficiency always helps.

Employees always have concerns, and we should keep in mind such things as pay raises, competition and staff turnover. Being transparent at all levels of the organization will increase operating efficiency and improve profits. Specific senior individuals such as vice presidents should independently perform reviews and ask why various tasks are performed and is there a better way!

Why are internal controls of value?

Strong internal controls eliminate the possibility of fraud. Fraud is the intent to deceive a third party (most likely for financial reasons). Anyone can commit a fraud and those who do try to blend in like everyone else. To commit a fraud, you need to be a PRO:

P = PRESSURE — usually financial and greed issues;

R = RATIONALIZATION — my colleague has it and why not me;

O = OPPORTUNITY — I will not get caught; I am too smart.

Remember, EVERYONE is involved with the internal control system, which will enhance our mission, strategy, customer service and profits.

John Barden is a clinical professor and director of the BS in Accounting Program at the Naveen Jindal School of Management.

John Barden

John Barden

John Barden is a clinical professor and director of the BS in Accounting Program at the Naveen Jindal School of Management. Read more articles

Subscribe to JSOM Perspectives, one stop shop for everything you want to know about JSOM

Subscribe to receive our freshest post in your inbox every two weeks!