Internal Control Essay Sample
- Word count: 789
- Category: audit
Get Full Essay
Get access to this section to get all help you need with your essay and educational issues.Get Access
Internal Control Essay Sample
A requirement is important to know that all publicly traded U.S. corporations are required to maintain an adequate system of internal controls and procedures for financial reporting in accordance with the Sarbanes-Oxley Act Section 404. It is the responsibility of your executives to ensure there are dependable and effective controls in place, and auditors from outside the company must prove to the adequacy of the internal control systems as well. This information must be recorded in an internal control report each fiscal year as a part of the annual Exchange Act report. The intention of this act is to reduce the possibilities of corporate fraud by mandating specific procedures for financial reporting. It is recommended that your company adopt the framework defined by the Committee of Sponsoring Organizations of the Tread way Commission (COSO) in order to comply with the SOX Act. The first of five components of this framework is to create the control environment. This refers to the implication that management places on a company’s risk management and accountability processes and how they foster an environment of compliance with the company’s internal control systems.
Next, you should conduct a risk assessment which is the process of identifying potential threats to legal, financial or overall operational security. Control activities are another component, which includes the actions taken by a company through policies, proceedings and best practices to keep assessed risks to a minimum. Information and communication methods should be used to inform and educate your employees on all of the control activities such as distributing employee handbooks and posting information on bulletin boards. The last section should be to conduct self-inspections in order to monitor the effectiveness of control activities. In assessing your current level of internal controls, there are some good practices as well as areas that need trivial improvement. First, your accountant is practicing good physical control in regards to keeping checks in the safe; however leaving them on his desk is not a good practice. Checks should be secured at all times until they are distributed to the intended parties.
You should consider requiring all employees to receive paychecks through direct deposit. The switch to pre-numbered invoices is a good decision and I would also advise the purchase of the indelible ink machine. This allows for a good physical control in regards to expenditure and will aid in preventing check fraud. Another control that needs to be recognized is the management of petty cash. There is no way to determine whether the funds are being stolen or mismanaged. It is operating by a complete honor system which leaves the fund vulnerable to theft. In addition to the suggested cash expenditure and physical control improvements, there are personnel controls that should be implemented. If your staff may be lean, it is still best to separate duties for a better system of responsibility. Your accountant’s duties should be separated so that he/she is not solely accountable for the entire accounting process, even if it means management may have to take on other roles. One critical human resource control that can help avoid hiring distrustful employees is to conduct background checks prior to hiring someone.
This would have saved time and money with the employee that was discovered viewing inappropriate materials on company computers. Background checks only unveil previous issues with an individual; there should also be controls in place so that even if a background check is clear, employees will be prohibited from misusing company funds and equipment. For instance all computers in your company have open access and there is no way to record or report exactly which employee used a certain computer, the length of time or the specific content viewed. I suggest you execute computer controls such as firewall restrictions blocking certain types of websites that are inappropriate to conducting company business, assigning user names and passwords to grant access or installing common access card readers where employees can only access the company computers and networks through a separate programmed card with an electronic code implanted.
In summary, there are requirements your company will have to meet should it go public, which will include internal control policies as regulated by law. There good practices currently in place, however there needs to be considerable improvement in regards to certain physical and human resources controls as well as separation of duties. Finally, it’s important to consider that the benefits should exceed the costs needed to execute an effective internal control program and that preventive measures could be less costly than having to correct an error or recover from a loss. Detecting losses early and correcting these errors aids in reducing future risks of the same kind.