Learn something new every day More Info... by email
Internal controls are a practice that has existed for hundreds of years, primarily pertaining to the way organizations manage and protect their internal operations or information. A common practice of these controls is to verify a company’s financial information and create a system of processes or activities to prohibit fraud and embezzlement. Business owners and managers are typically responsible for creating and implementing internal controls. Larger organizations and publicly held companies will most often have more controls than other companies.
Many times, internal controls fall into one of two groups: objective or activity. Each group describes controls that are similar in nature and attempt to protect financial information following specific practices. The objective categorization of controls includes principles that determine the existence, occurrence, completeness, valuation, and presentation or disclosure of financial information. These controls focus on the accounting aspect of financial data. National accounting rules and methods will dictate how companies record individual financial transactions in order for individuals to have a clear idea of the company’s financial performance.
Activity controls will govern the segregation of duties, record detention by departments, supervision of operations, authorization of employee activities, security of financial documents and customer information, physical safeguards, and management approval of completed work. These controls lend themselves to observational review by owners, directors, managers, and supervisors. Additionally, these controls may need adjustment as the company grows and expands. More locations or information will lead to increases in paperwork and accounting activity, which in turn means more controls.
Publicly held companies are common users of extensive internal controls due to government regulation. These regulations ensure that public companies will present accurate and transparent information to shareholders, who are the primary owners of publicly held companies. Governments may also adjust regulations frequently to make corrective measures from past control failures.
Audits help companies determine the effectiveness and efficiency of their internal controls. Audits — usually conducted by public accounting firms — will provide a third-party opinion on a company’s financial and operational controls. Auditors will ensure the company is compliant with external standards, employees are not subverting controls, and managers or supervisors have an active presence in the company’s operations.
Companies may also find through audits that their controls are too restrictive for business operations. Controls can severely hamper how an employee completes a task by requiring management approval or a second employee who must complete a portion of the task. These problems will decrease productivity while increasing the downtime of employees, essentially forcing the company to pay for an employee’s inactivity.
Are government agencies held to the same SOX compliance as private sector companies? Namely the Postal Service.
If an outdated form is accepted from a customer is that an egregious SOX violation?