Internal Controls: The Components of an Effective Accounting System

Chris Pinell, CPA, CITP, CFE
Pinell & Martinez, LLC
October 5, 2012

As part of a financial statement audit, the auditor examines the effectiveness of the organization’s internal controls over financial reporting. During this process, clients often ask: “How can we improve our internal control system?” To answer this question, I believe it is important to first provide insight into the components of a properly designed system.

COSO’s Internal Control – Integrated Framework, the most widely accepted internal control framework, describes internal control as consisting of five components: (1) control environment, (2) risk assessment, (3) control activities, (4) information and communication, and (5) monitoring.

The control environment serves as the umbrella for the other components. It is a reflection of the attitudes of management, directors, and owners; such as: integrity and ethical values, assignment of responsibilities, and participation of the board of directors. Without an effective control environment, the other four components are likely to be ineffective.

Second, management must perform risk assessment procedures to identify and analyze risks. All entities, regardless of size, structure, or industry face a variety of risks from external and internal sources that must be managed. To do so, management must identify risks, estimate the significance of the risks, assess the probability of the risks occurring, and develop actions to reduce risks to an acceptable level.

Another important component of the internal control system is control activities. These are the procedures that help address risks. The development of control activities generally falls into one of the following classes: segregation of duties, proper authorization of transactions and activities, adequate documents and records, physical control over assets and records, and independent checks on performance.

In addition, the company must have an effective accounting information and communication system to initiate, record, process, and report the entity’s transactions and balances. This component is typically made up of classes of transactions, such as: cash disbursements, cash receipts, sales, acquisitions, and so on.

Last but not least, management must assess the quality of internal control performance with monitoring activities. This is done to determine that controls are operating as intended and modified as needed. The information being assessed can come from recommendations and reports by the board of directors, auditors, and regulators.

Internal control should be viewed as an integrated and slightly sequential process. Management should consider the impact of each internal control component in reducing the risk of material misstatement in the financial statements. Nevertheless, the internal control system’s effectiveness will depend on the expertise and trustworthiness of the people using it.

Pinell & Martinez, a locally-owned CPA firm in Covington, Louisiana, has the expertise to assist your organization with developing and implementing internal controls.Contact us for more information.

All rights reserved. This copyrighted material may not be re-published without permission.