• As a result of this session, you will be able to:
• Understand risk management
• Develop methods to manage those risks using internal controls
• Understand what are internal controls
• Determine what are strong and weak controls; how are they assessed
• Analyze and evaluate financial, operational, and compliance issues
• Identify activities to diminish the potential for excessive bias in financial reporting
• Locate on the Web the US financial standards organizations and professional associations
• Won't be afraid to speak up when some accounting or business issue should be questioned
• Length: 4 hours
• Target Group: Management, Administrative and Financial personnel
• Instructors: Marsha Carter, Director, Business Development, Hughes Electronics, retired; Marion Martelli, CMA and CFO, Moringstar Group Western Division, retired

Internal Control Process

A comprehensive internal control process will be capable of deterring fraud, and preventing, detecting, and correcting problems based on an overall assessment of risk and exposure.

The Committee of Sponsoring Organization (COSO) model developed by the American Institute of Certified Public Accountants, the American Accounting Association, the Financial Executives Institute, the Institute of Internal Auditors, and the Institute of Management Accountants has been adopted as the generally accepted framework for internal control by entities representing all sectors of business and government. The COSO model is widely recognized as the definitive standard against which organizations measure the effectiveness of their systems in internal control.

The COSO model defines internal control as any process or action designed to reduce risk and give reasonable assurance that:

• Operations are effective and efficient
• Financial and operational reports are reliable
• Compliance with applicable laws, regulations and company policies and procedures has been achieved
• Any errors are detected in a timely manner

The Bradley Lambert training program has been designed within the context of the COSO model. An effective internal control process consists of the five components: vision, policies and procedures, communication, risk assessment and monitoring.

• A Corporate vision that promotes a control environment culture of accountability, responsibility and ethics and influences the ?control consciousnessî of its employees. ‹ Administrative officials establish a local control environment for their departments.Ý Control environment factors include: ethical values, competence of the employees, leadership philosophy and operating style, and the way management assigns authority and responsibility. The control environment forms the foundation for the other control components and provides discipline and structure to the organization.

A risk assessment that identifies circumstances that may impede the ability of a department, a project, or the company to achieve its objectives.Ý The assessment process analyzes the procedures currently in place, which are designed to mitigate the identified risks, and determines the residual exposure that the department, project, or company, has with respect to the risks.Ý Risks with unacceptable exposure levels will require additional control procedures; risks with very low exposure levels might be effectively controlled with fewer procedures. Costs associated with control processes should not exceed expected benefits. Policies and procedures that are designed to ensure that management directives are carried out.Ý Policies and procedures occur throughout the institution, at all levels and in all functions.Ý They can be either administrative or financial in nature.Ý They can range from an authorization signature to a lock on a door or a disaster plan. ‹ Documenting policies and procedures and making them accessible to employees helps provide day-to-day guidance to staff and will promote continuity of activities in the event of prolonged employee absences or turnover.

• A communication process to ensure that employees have quality and adequate information to effectively discharge their responsibilities, and be transmitted to the right people at the appropriate time.Ý Training employees to be more effective in their current positions and educating them for future positions is a vital form of a communication process.Ý Employees are provided with an appropriate level of direction and supervision and are aware of the proper channels for reporting suspected improprieties.
• A monitoring process that assesses the performance quality of the department, project or company-wide process over time. However, it is crucial that the probability of detection of management misdeeds be high. This monitoring process is accomplished through ongoing and continuous improvement activities such as:
• Reviews of operating and financial reports - Costs and expenses are monitored and controlled. Comparisons of actual expenses to budgeted amounts are performed on a regular basis, and all significant variances are researched. Routine examination and reconciliation of transaction records to official company records is required to verify the accuracy of the records, the appropriateness of the transactions, and their compliance with policy.
• Comparisons of data to physical assets - Equipment, inventories, cash, and other property are secured physically, counted periodically, and compared with amounts shown on control records.
• Checks on the separation of duties - The objective is to ensure that duties (roles) are assigned to individuals in a manner so that no one individual can control a process from start to finish.Ý Financial responsibilities are divided between different people to assure a single person does not perform every aspect of a financial transaction.Ý Segregating responsibilities can reduce errors and prevent or detect inappropriate transactions.
• Reviews of authorization procedures - Transactions are authorized by a person delegated with approval authority when the transactions are consistent with policy and funds are available.
• Awareness of common control weaknesses that have been found in prior company audits - Being aware of these risks and related controls can help an administrative official to carry out his or her responsibilities for financial management.
• Monitoring can also be accomplished through separate evaluations such as internal and external audits. ‹ If a third party monitors or conducts an internal control audit, knowledge gained about control processes may not remain within the organization whose control processes are evaluated.
• Responsibilities - It is the responsibility of the board of directors to ensure there is a reliable process to identify significant risks to corporate business objectives, establish accountability and compliance in risk management ensure up-to-date written risk management policies and procedures, and guarantee to shareholders that a sound internal controls system is in place to manage risks. ‹ Management is responsible for establishing specific internal control policies and procedures. Every employee is responsible for ensuring that established internal controls are followed and applied. ‹‹ Employees are also responsible for communicating upward any observed or suspected problems involving fraud or other improprieties involving company resources. ‹‹‹ Internal auditors evaluate the effectiveness of control systems, monitor control systems, and contribute to ongoing effectiveness of control systems. ‹ External auditors review control systems for impact they have on financial reporting and compliance with requirements of external agencies.

> We have described for you the BLI experience with the internal controls process: concepts, pitfalls and benefits. ‹ The benefits far outweigh the pitfalls that are the result of ineffective internal controls. Let Bradley Lambert Inc. assists you with your internal controls process. Our services are dedicated to increasing performance and reducing costs and risk in your company. ‹ We work with complex subjects and make them easy to understand.

For a free consultation, please contact Bradley Lambert Inc.