BLI Site MapWorkshops CatalogServicesAbout BLIHome Page

Internal Control Implementation

Overview :

Today, probably more than ever, everyone in the corporate community is aware of the need for improvement in corporate governance. ‹ Considerable activity has been generated in this area with the enactment of the Sarbanes Oxley Act on July 30, 2002.

One of the most significant parts of the act is Title IV Enhanced Financial Disclosures and in particular Section 404 Management Assessment of Internal Controls which requires the following:

  • Annual Report must contain internal control report which shall:
    • State responsibility of management for adequate internal control structure and procedures
    • Contain assessment of the effectiveness of the internal control structure and procedures
  • Registered public accounting firms must attest to and report on the assessment made by the company
As a consequence, many companies are reviewing and updating their control practices and procedures. Once the practices and procedures have been updated, training of everyone involved must be accomplished. If any one factor is most critical to the successful implementation of a control model, it is that everyone involved must understand internal control. Effective training depends heavily on how concepts are phrased and concrete examples and exercises make the concepts real to participants.

This is where Bradley Lambert Inc. (BLI) can help.

BLI, a leader in corporate governance training and consulting, puts powerful, unique tools to work on internal controls training and improvement. Working together, BLI collaborates with its client to make sure they develop a training program consistent with the client?s internal control objectives. Initiatives implemented by BLI clients included operating policies such as ethics hotlines, and accounting policies such as consultation requirements for complex and sensitive accounting matters, revenue recognition alternatives and capital acquisition alternatives and benefits. BLI encourages its clients to concentrate its training on initiatives that will reduce the incidence of financial fraud, focus on quality and guard the interests of investors.

Examples of BLI's efforts have been demonstrated in their clients completing successful audits, which saved money by avoiding repeat audits and reducing business risk.

The following will provide the reader with more detailed information on the BLI approach to assisting its clients in improvements in internal controls. BLI can do the training, train your trainers and help you improve your policies and procedures. For a free consultation or more detailed information please contact BradleyLambert, Inc.

The Bradley Lambert Inc. Training Program

BLI works with its clients to deliver the BLI standard internal control training program or to deliver a company-specific customized version designed to communicate the definition of the internal control process and the importance of internal control to company executives, employees, Board of Directors, etc. The purpose of this training program is to help managers understand and assess the risks in major fiscal/business processes they are overseeing in their departments. Business officer roles and responsibilities within the context of managing operations, risks, and internal controls will be discussed. In addition, business officer role developments resulting from the implementation of the Sarbanes-Oxley will be discussed. Various financial review techniques and tools within the company will be presented. The management discretion attribute of financial reporting (e.g. revenue recognition, economic leverage, expenditures treated as expensed or as assets, expensing stock options or not, and management integrity) will be described. ‹ These example accounting areas are most importance to understand in order to reduce excessive or abusive bias.

  • As a result of this session, you will be able to:
    • Understand risk management
    • Develop methods to manage those risks using internal controls
    • Understand what are internal controls
    • Determine what are strong and weak controls; how are they assessed
    • Analyze and evaluate financial, operational, and compliance issues
    • Identify activities to diminish the potential for excessive bias in financial reporting
    • Locate on the Web the US financial standards organizations and professional associations
    • Won't be afraid to speak up when some accounting or business issue should be questioned
  • Length: 4 hours
  • Target Group: Management, Administrative and Financial personnel
  • Instructors: Marsha Carter, Director, Business Development, Hughes Electronics, retired; Marion Martelli, CMA and CFO, Moringstar Group Western Division, retired

Internal Control Process

Most companies have defined a process to ensure internal control. A comprehensive internal control process will be capable of deterring fraud, and preventing, detecting, and correcting problems based on an overall assessment of risk and exposure.

The Committee of Sponsoring Organization (COSO) model developed by the American Institute of Certified Public Accountants, the American Accounting Association, the Financial Executives Institute, the Institute of Internal Auditors, and the Institute of Management Accountants has been adopted as the generally accepted framework for internal control by entities representing all sectors of business and government. The COSO model is widely recognized as the definitive standard against which organizations measure the effectiveness of their systems in internal control.

The COSO model defines internal control as any process or action designed to reduce risk and give reasonable assurance that:
  • Operations are effective and efficient
  • Financial and operational reports are reliable
  • Compliance with applicable laws, regulations and company policies and procedures has been achieved
  • Any errors are detected in a timely manner
The Bradley Lambert training program has been designed within the context of the COSO model. An effective internal control process consists of the five components: vision, policies and procedures, communication, risk assessment and monitoring.
  • A Corporate vision that promotes a control environment culture of accountability, responsibility and ethics and influences the ?control consciousnessî of its employees. ‹ Administrative officials establish a local control environment for their departments.Ý Control environment factors include: ethical values, competence of the employees, leadership philosophy and operating style, and the way management assigns authority and responsibility. The control environment forms the foundation for the other control components and provides discipline and structure to the organization.
A risk assessment that identifies circumstances that may impede the ability of a department, a project, or the company to achieve its objectives.Ý The assessment process analyzes the procedures currently in place, which are designed to mitigate the identified risks, and determines the residual exposure that the department, project, or company, has with respect to the risks.Ý Risks with unacceptable exposure levels will require additional control procedures; risks with very low exposure levels might be effectively controlled with fewer procedures. Costs associated with control processes should not exceed expected benefits. Policies and procedures that are designed to ensure that management directives are carried out.Ý Policies and procedures occur throughout the institution, at all levels and in all functions.Ý They can be either administrative or financial in nature.Ý They can range from an authorization signature to a lock on a door or a disaster plan. ‹ Documenting policies and procedures and making them accessible to employees helps provide day-to-day guidance to staff and will promote continuity of activities in the event of prolonged employee absences or turnover.
  • A communication process to ensure that employees have quality and adequate information to effectively discharge their responsibilities, and be transmitted to the right people at the appropriate time.Ý Training employees to be more effective in their current positions and educating them for future positions is a vital form of a communication process.Ý Employees are provided with an appropriate level of direction and supervision and are aware of the proper channels for reporting suspected improprieties.
  • A monitoring process that assesses the performance quality of the department, project or company-wide process over time. However, it is crucial that the probability of detection of management misdeeds be high. This monitoring process is accomplished through ongoing and continuous improvement activities such as:
  • Reviews of operating and financial reports - Costs and expenses are monitored and controlled. Comparisons of actual expenses to budgeted amounts are performed on a regular basis, and all significant variances are researched. Routine examination and reconciliation of transaction records to official company records is required to verify the accuracy of the records, the appropriateness of the transactions, and their compliance with policy.
  • Comparisons of data to physical assets - Equipment, inventories, cash, and other property are secured physically, counted periodically, and compared with amounts shown on control records.
  • Checks on the separation of duties - The objective is to ensure that duties (roles) are assigned to individuals in a manner so that no one individual can control a process from start to finish.Ý Financial responsibilities are divided between different people to assure a single person does not perform every aspect of a financial transaction.Ý Segregating responsibilities can reduce errors and prevent or detect inappropriate transactions.
  • Reviews of authorization procedures - Transactions are authorized by a person delegated with approval authority when the transactions are consistent with policy and funds are available.
  • Awareness of common control weaknesses that have been found in prior company audits - Being aware of these risks and related controls can help an administrative official to carry out his or her responsibilities for financial management.
  • Monitoring can also be accomplished through separate evaluations such as internal and external audits. ‹ If a third party monitors or conducts an internal control audit, knowledge gained about control processes may not remain within the organization whose control processes are evaluated.
  • Responsibilities - It is the responsibility of the board of directors to ensure there is a reliable process to identify significant risks to corporate business objectives, establish accountability and compliance in risk management ensure up-to-date written risk management policies and procedures, and guarantee to shareholders that a sound internal controls system is in place to manage risks. ‹ Management is responsible for establishing specific internal control policies and procedures. Every employee is responsible for ensuring that established internal controls are followed and applied. ‹‹ Employees are also responsible for communicating upward any observed or suspected problems involving fraud or other improprieties involving company resources. ‹‹‹ Internal auditors evaluate the effectiveness of control systems, monitor control systems, and contribute to ongoing effectiveness of control systems. ‹ External auditors review control systems for impact they have on financial reporting and compliance with requirements of external agencies.
> We have described for you the BLI experience with the internal controls process: concepts, pitfalls and benefits. ‹ The benefits far outweigh the pitfalls that are the result of ineffective internal controls. Let Bradley Lambert Inc. assists you with your internal controls process. Our services are dedicated to increasing performance and reducing costs and risk in your company. ‹ We work with complex subjects and make them easy to understand.

For a free consultation, please contact Bradley Lambert Inc.