Internal Controls

Finance & Accounting Services

Internal Controls

Preventing operating losses, fines, litigation, errors and unnecessary risk exposure.

Internal Controls Definition

Broadly defined, internal controls are those functions within accounting and auditing that involve all of the rules, procedures and systems implemented by a company to assure operational effectiveness, reliability of financial information, compliance with laws, regulations and policies, and the protection of resources, including both physical assets and intellectual property.

There are a number of definitions of internal controls but they fall into these categories:

Application of Internal Controls

Authorization & Approvals

Do people making decisions have the proper authorization to do so? For instance, for purchases exceeding a set amount — $5,000 — must a Controller or CFO or Treasurer review and authorize such a purchase. The company may instruct their purchasers or banks not to honor any such purchase if a check does not bear their signature.

Check Co-Signers

A control for a business may be that checks should be co-signed by authorized officials for anything exceeding a set amount.

Bank Reconciliations

Bank reconciliations compare bank statements to general ledger entries.  The purpose is to reconcile and correct any errors, unforeseen fees or fraudulent entries.

Employee Reimbursements

Employee expenditures, travel, entertainment and credit care policies are a form of control.  For example, all travel may need to be pre-approved by a supervisor

Why are internal controls important?

Protect Investors from Fraud

The emphasis on internal controls grew out of the need to protect investors from fraudulent accounting activities. The Sarbanes-Oxley Act of 2002 was created in part to make managers responsible for financial reporting by creating a step-by-step record of how accounting data can be traced. This is commonly referred to as an “audit trail.” The audit trail is useful to affirm — or possibly call into question –the veracity of an accounting entry, source of funds, validity of revenue and expenses booked, and sources of funds or cash.

The threat of Boards and executives who don’t comply being subject to criminal penalty is a motivating factor for strong internal controls.

Passing the Auditors’ Tests

All companies, both private and public conduct audits. An audit is an unbiased examination of the organization’s financial statements and the underlying accounting therein. The audit is typically overseen by an Audit Committee.  A “clean” or unqualified audit is one that is free from material misstatements or non-compliance. Auditors conduct tests of internal controls for the risk, control activities, information and monitoring of processes and procedures for integrity and supporting documentation.

Operational Performance

Access to real-time processes and performance measurements means you can quickly remediate errors, gaps, mistakes and problems. Entities will also be able to make smarter decisions promptly and safeguard against legal exposure.

Types of Internal Controls

Financial Reporting & Disclosure

This involves the scope, design, adequacy and effectiveness of internal control over financial reporting and the company’s disclosure controls and procedures.

Items evaluated include the accuracy, timeliness and thoroughness of the company’s financial information, including accounting records and transactions.

Some applications would include monthly close procedures, co-signing checks and bank reconciliations.

Other examples might include how the company ensures its payments to third parties for services rendered are valid.

Reports may be created to test the design of controls and the operating effectiveness of controls.

Risk Assessment

Items reviewed under the risk umbrella can include information security, competition, and regulation.

Tests may be conducted related to a Company’s investments, cash management and foreign exchange management, and the adequacy of the Company’s information security policies. For example, what are the steps taken by management to monitor and mitigate these exposures and to identify future risks?

Trust Services Principles

For certain services that deal with confidential information or services agreements in health care or software, for example, there are the so-called “trust services principles.”

These include security, confidentiality, availability, process integrity and privacy. Here’s a quick summation of each.

  • SECURITY – Addresses if the platform or system is protected (both physically and logically) against unauthorized access.

  • CONFIDENTIALITY – This has much to do with information, in particular, How you use customer information, Who has access to it, and How you protect it. Also, is the company following its contractual obligations to protect client information?

  • AVAILABILITY – Are systems up and running as agreed? Also, are you providing colocation, data center, or hosting services to clients?

  • PROCESS INTEGRITY – Particularly for financial services or e-commerce, are your services provided in a complete, accurate and timely manner? Are you ensuring, for example, that transactions are fulfilled? How?

  • PRIVACY – Different from confidentiality, this deals more with how you collect customer information, especially personal information, and is it in line with what your committed and agreed to?

Schedule a 15-minute call today

Our Team

Kumar Ampapathini

Partner

Pamela Banks

Director

Dan Benetz

Partner

Rajiv Bhagat

Partner

Peter Biro

Partner

Michael Boudreau

Partner

Kerry Byler

Partner

Michelle Carlton

Senior Director

Mike Casey

Practice Managing Partner

Frank Connolly

Partner

Jim Corr

Regional Managing Partner

Ben de la Cretaz

Partner

Kent Elmer

Managing Partner

Emmett Ferri

Partner

Eric Froistad

Principal

Mark Gagne

Partner

Ron Giaquinto

Partner

Joshua Goldstein

Principal

Keith Heffron

Partner

Dennis Hunt

Principal

James Jackson

Principal

Joe Jessup

Partner

Chris Joe

Partner

Joe Johnston

Partner

Dale Kirkland

Partner

Matthew Klaiber

Senior Director

Greg Klebon

Principal

Kristin Koepenick

Principal

Michael Levine

Partner

Jim McClintock

Principal

Mike McEachern

Partner

Maura McInerney

Partner

Joseph Migliozzi

Partner

Hunter Morhous

Principal

Tom Morton

Partner

Martha Parker

Partner

Viraj Parikh

Regional Managing Partner

Lori Parro

Partner

Barry Pincus

Partner

Brian Rauls

Partner

Sharon Reese

Partner

Karen Reynolds

Partner

Paul Sansone

Regional Managing Partner

Jason Scherr

Partner

Debbie Schleicher

Partner

Allison Somerset

Director

Morris Stemp

Partner

Ted Stone

Regional Managing Partner

Roberto Trevino

Principal

Cristian G. Valbuena

Director

Michael Weinstein

Partner

Mark Zadell

Partner

Related services

Insights

Essential Tech Due Diligence Skills: Reasons to Avoid the ‘We’ve Got a Guy’ Shortcut

09/17/2024
Read More

Technical Due Diligence: Benefits, Process, & How-to Checklist

09/10/2024
Read More
techcxo-inc-5000

TechCXO Returns to Inc 5000 List

08/28/2024
Read More

Questions?
Call Us or Email

If you’ve never outsourced or used executives on demand before, you’re sure to have a lot of questions. Don’t worry, we’re more than happy to answer them all.

And we know everything there is to know about this unique model. Schedule a call with us or send an email now.

Email us for more information

Name(Required)