Internal Controls – The Control Environment
In our first article, we discussed the reasons to love internal controls and indicated that many organizations use the core components of the framework developed by The Committee of Sponsoring Organizations of the Treadway Commission (COSO) when developing and implementing internal controls (ICs) that are right-sized to them. In this article, we’ll focus on the first of the five components.
- Control Environment
- Risk Assessment
- Control Activities
- Information & Communication
- Monitoring Activities
The control environment (CE) is the underpinning of the other core components and is the foundation ICs are built on. It sets the tone for the organization and provides the structure and discipline necessary for employees to conduct their job functions and carry-out their control responsibilities. The goal of the CE is to achieve the entity’s strategic objectives, provide reliable financial reporting to internal and external users, operate the business efficiently and effectively, comply with applicable laws and regulations, and safeguarding assets.
- Integrity and ethical values, aka “Tone at the Top”
- Management sets an ethical climate that fosters honesty and integrity through their actions, code of conduct, whistleblower policy, etc.
- Participation by those charged with governance
- The Board of Directors provides direction, attention, and oversight strategic decisions, formal policies, bylaws, etc.
- Management’s philosophy and operating style
- Views regarding managing business risks, including financial, operating and compliance risks, are appropriately reflected in policies and procedures
- Appropriate attitudes towards financial reporting are reflected in the related policies and procedures
- Commitment to competence
- The organization hires and retains competent employees to carry-out tasks and provides appropriate internal or external training and evaluations
- Organizational structure
- The organization structure is properly designed and documented in organizational charts, job descriptions and appropriate lines of reporting are put in place
- Assignment of authority and responsibility
- Appropriate levels of authority and responsibility are assigned to qualified and experienced individuals, which provides a basis for accountability
- Human resources policies and practices
- Expectations regarding behavior, competence, and integrity are established in policies and procedures to be used during hiring, orientation, compensation, promotion, evaluation and remedial actions
ICs are essential for a successful business. Having the right attitude, awareness, and actions are the keys to success.
Our next article will cover the second core component, Risk Assessment.