Hidden Risks of Company Management Relating to Internal Controls

By James Koepke, CPA – Shareholder, Doeren Mayhew

In today’s fasted-paced world of changing business models, innovative technology and growing regulatory requirements it can be challenging to put an effective controls system in place for your business. But the reality is, the responsibility for establishing and maintaining proper controls solely falls on your management team’s shoulder, and this is how owners, banks, creditors and other third-party outsiders can hold management responsible or reliable for financial reporting errors and fraud. Unfortunately, building an effective internal control infrastructure demands more than just adherence to policies and procedures – it requires use of good judgement on how much control is enough.

In addition to the company’s need for proper controls, auditors also need to evaluate them. As a part of today’s auditing requirements, the assessment of the internal controls plays a big part in helping identify risk factors. Which is often why your auditors ask so many questions about your business’s internal controls. Wondering what they need the information for? That’s simple, it’s to help assess your internal controls and how much reliance they can place on them.  The more controls, the more efficient an audit.

Judgement Criteria

Company management is responsible for the preparation and fair presentation of financial statements in accordance with generally accepted accounting principles in the United States of America. This includes the design, implementation and maintenance of internal controls relevant to the preparation and fair presentation of financial statements free from material misstatements, whether due to fraud or error.

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) framework is used to judge the internal controls management has put into place.  As such, your management team must become familiar with the standards used to measure up your performance.

Three main objectives laid out in the framework, focus on operational, reporting and compliance controls to provide reasonable assurance that your business has:

• Effective and efficient operations
• Reliable financial reporting
• Compliance with applicable laws and regulations

To help measure the effectiveness of your systems of internal controls, here are the five main components used to look at within your company, regardless of its size:

1. Control environment: A set of standards, processes and structures is needed to provide the basis for carrying out internal controls across the organization.

2. Risk assessment: This dynamic, iterative process identifies stumbling blocks to the achievement of the company’s strategic objectives and forms the basis for determining how risks will be managed.

3. Control activities: Policies and procedures are necessary to help ensure that management’s directives to mitigate risks to the achievement of objectives are carried out.

4. Information and communication: Relevant and quality information supports the internal control process. Management needs to continually obtain and share this information with people inside and outside of the company.

5. Monitoring: Management should routinely evaluate whether each of the five components of internal controls is present and functioning.

If you have questions about your responsibilities, controls as they relate to an audit, or would like to have an assessment of your internal controls completed contact Doeren Mayhew’s auditors today.

Want to reach the author? Email James Koepke or call him at 248.244.3011.