Professional Documents
Culture Documents
Financial Controllership Reviewer
Financial Controllership Reviewer
Financial Controllership is a management function that Internal control is a process, effected by an entity’s board of
supervises the accounting and financial reporting of an organization. directors, management and other personnel, designed to provide
It is responsible in the implementation and monitoring of internal reasonable assurance regarding the achievement of objectives in
controls. the following categories:
For all businesses there are risks that exist and that need • Reliability of financial reporting
to be identified and addressed in order to prevent or minimize
losses. • Compliance with applicable laws and regulations
Risk is the threat that an event, action, or non-action will Concepts and Objectives
adversely affect an organization’s ability to achieve its business
Control definition reflects certain fundamental concepts:
objectives and execute its strategies successfully. Risk is measured
in terms of consequences and likelihood. • Internal control is a process. It's a means to an end, not an end in
itself.
The following process is used for assessing risks:
identifying risks, sourcing risks and measuring risks. Overall, you • Internal control is affected by people. It's not merely policy manuals
should focus on the high risks affecting your operations. and forms, but people at every level of an organization.
• Consider significant risks (errors and omissions) that are common • The economical and efficient use of resources.
in the industry or have been experienced in prior years
• The accomplishment of established objectives and goals for
• Information Technology risks (i.e. - access, backups, security, data operations or programs.
integrity)
Internal Control Myths and Facts
• Volume, size, complexity and homogeneity of the individual
transactions processed MYTHS:
through a given account or group of accounts (revenue, receivables) 1.Internal control starts with a strong set of policies and procedures.
• Susceptibility to error or omission as well as manipulation or loss 2.Internal control: That’s why we have internal auditors!
• Robustness versus subjectiveness of the processes for 3.Internal control is a finance thing.
determining significant estimates
4.Internal controls are essentially negative,
• Extent of change in the business and its expected effect
like a list of “thou-shalt-nots.”
• Other risks extending beyond potential material errors or
5.Internal controls take time away from our core activities of making
omissions in the financial statements
products, selling, and serving customers.
What are Internal Controls?
FACTS:
Management must control identified risks to help the
1.Internal control starts with a strong
Company:
control environment.
• achieve its performance and profitability targets,
2.While internal auditors play a key role in the system of control,
• prevent loss of resources,
management is the primary owner of internal control.
• ensure reliable financial reporting, and
3.Internal control is integral to every aspect of business.
• ensure compliance with laws and regulations, avoiding damage to
4.Internal control makes the right things happen the first time.
its reputation and other consequences.
5.Internal controls should be built “into,” not “onto” business
-In summary, internal controls can help our company get where it
processes.
wants to go, and avoid pitfalls and surprises along the way.
Control Focus COSO Components Defined
Redefining the control focus The Committee of Sponsoring Organizations of the Treadway
Commission (COSO), was formed in 1985 to improve the quality of
-The new approach to controlling business risks may be financial reporting through business ethics, effective internal
characterized by the “new rules” of “prevent and monitor” and “build controls and corporate governance. Based on these principles, they
in quality” as opposed to the “old rules” of “detect and correct” and developed and published the COSO framework in 1992 as a
“inspect in quality.” This means a paradigm shift in the traditional foundation for establishing internal control systems and determining
viewpoint of control as illustrated in the following table: their effectiveness.
Old Paradigm New Paradigm Control Environment
Only AUDITORS and EVERYONE, including
TREASURY are concerned operations, is concerned • The control environment sets the tone of an organization,
about risks and controls about managing business influencing the control consciousness of its people. It is the
risks
foundation for all other components of internal control, providing
FRAGMENTATION – Every Business risk assessment
function and department do and control discipline and structure. Control environment factors include the
its own thing are FOCUSED and integrity, ethical values and competence of the entity's people;
(“SILO MANAGEMENT”) COORDINATED management's philosophy and operating style; the way
with senior level management assigns authority and responsibility and organizes and
OVERSIGHT develops its people; and the attention and direction provided by the
NO BUSINESS RISK FORMAL BUSINESS RISK board of directors.
CONTROL POLICY CONTROL POLICY
approved by management Risk Assessment
and the board
INSPECT for and DETECT ANTICIPATE and • Every entity faces a variety of risks from external and internal
business risk and REACT PREVENT business sources that must be assessed. A precondition to risk assessment
to it risk at the source and
MONITOR business risk is establishment of objectives, linked at different levels and internally
controls continuously consistent. Risk assessment is the identification and analysis of
Ineffective PEOPLE are the Ineffective PROCESSES relevant risks to achievement of the objectives, forming a basis for
primary source of business are the primary source of determining how the risks should be managed. Because economic,
risk business risk industry, regulatory and operating conditions will continue to
change, mechanisms are needed to identify and deal with the
special risks associated with change.
Internal Control Structure
Control Activities
In many cases, you perform controls and interact with the control
-Control activities are the policies and procedures that help ensure
structure every day, perhaps without even realizing it. management directives are carried out. They help ensure that
necessary actions are taken to address risks to achievement of the
Monitoring:
entity's objectives. Control activities occur throughout the
• Monthly reviews of performance reports organization, at all levels and in all functions. They include a range
• Internal audit function of activities as diverse as approvals, authorizations, verifications,
Information & Communication: reconciliations, reviews of operating performance, security of assets
and segregation of duties.
• Vision and values survey
• Issue resolution calls Information and Communication
• Reporting
• Pertinent information must be identified, captured and
• Corporate communications (e-
communicated in a form and timeframe that enables people to carry
mail, meetings)
out their responsibilities. Information systems produce reports,
Control Activities:
containing operational, financial and compliance-related
• Purchasing limits information, that make it possible to run and control the business.
• Approvals They deal not only with internally generated data, but also
• Security information about external events, activities and conditions
• Reconciliations necessary to informed business decision-making and external
• Specific policies reporting. Effective communication also must occur in a broader
Risk Assessment: sense, flowing down, across and up the organization. All personnel
must receive a clear message from top management that control
• Monthly Risk Control meetings responsibilities must be taken seriously. They must understand their
• Internal audit risk assessment own role in the internal control system, as well as how individual
Control Environment: activities relate to the work of others. They must have a means of
• Tone from the top communicating significant information upstream. There also needs
• Corporate Policies to be effective communication with external parties, such as
• Organizational authority customers, suppliers, regulators and shareholders.
Section I - Assumptions
• Payments for production costs. These are the costs Another issue that gives rise to significant cash flow
for materials and associated production supplies that variation is the impact of the business cycle on company
are needed to create products. activities. A business cycle is a long-term change in business
• Payments for salaries and wages. This cash outflows that is due to external economic conditions
is derived with a formula that is based on the sales per
employee and the average pay per person.