Accountants must know how to evaluate internal controls. Here’s a brief outline of what internal controls are and the COSO Framework for internal controls.
Accountants need to know how to explain their methods for evaluating internal controls and recognize different types of deficiencies that can be present in organizations’ internal controls. That’s why we’ve created the Accounting Basics: Evaluating Internal Controls course. In this course, we break down the COSO Internal Control Framework and identify different types of deficiencies and material weakness.
|Who should take this course?|
|· CPAs||· Business Owners|
|· CFEs||· Business Managers|
|· CFFs||· Internal Auditors|
|· MAFFs||· External Auditors|
|· CIAs||· Corporate Accountants|
|· CMAs||· Government Accountants|
|· CFOs||· Risk Management Personnel|
|· CEOs||· Business Owners|
|· CPAs||· Business Managers|
|· Internal Auditors|
This course is designed for individuals looking for a basic understanding of evaluating controls, or just need a refresher, so let’s start at the beginning:
What are internal controls?
An internal control is defined as “a process, effected by an entity’s board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting and compliance”.
Why are internal controls important?
Internal controls are key to companies reaching their goals and ensuring the organization can withstand growth. With internal controls, organizations can: eliminate redundancies, prevent loss, stay compliant with regulations and ensure they’re audit-ready. It’s also important that control or internal processes are in place as companies grow and their assets and processes are handled by more individuals. Some processes accountants may need to evaluate or put in place include: revenue cycle, procurement cycle, payroll cycle, financial reporting cycle, computer system controls (and cybersecurity controls), and loss prevention cycles.
Internal controls should be in place for:
- Operations: address the entity’s mission, directed toward the effectiveness and efficiency of operations, safeguarding assets.
- Reporting: external financial reporting objectives, external nonfinancial reporting objectives, internal financial and nonfinancial reporting objectives.
- Compliance: conduct activities, and take specific actions, in accordance with applicable laws and regulations.
The COSO Internal Control Framework
The COSO Framework was originally developed in 1992 and was revised in 2013. Member organizations that are part of COSO include: The American Institute of Certified Public Accountants (IACPA), The American Accounting Association (AAA), The Institute of Management Accountants, The Institute of Internal Auditors, and Financial Executives International (FEI). The COSO Internal Control Framework has five main components:
- Control Environment
- Control Activities
- Risk Assessment
- Information and Communication
It’s also important, as part of the COSO Framework, that accountants document for audit. It is necessary for the external auditors to document their understanding of the internal control environment for all audits and reviews of financial statements, regardless of whether or not they intend to test the controls. The internal control documentation can be in the form of narratives, flowcharts, checklists or memos.
4 possible outcomes when evaluating internal controls
When evaluating internal controls there are four possible outcomes:
- The control is properly designed and operating
- There is a deficiency in the internal control
- There is a significant deficiency in the internal control
- There is a material weakness in the internal control
If the control is properly designed and operating, ideally it will fit in the COSO Framework.
Deficiencies in Internal Controls
A deficiency in internal control over financial reporting exists when the design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent or detect misstatements on a timely basis. There may be a deficiency in design, operation or significant deficiency. A significant deficiency is a deficiency, or a combination of deficiencies, in internal control over financial reporting that is less severe than a material weakness, yet important enough to merit attention by those responsible for oversight of the company’s financial reporting.
Material Weakness in Internal Controls
Which brings us to material weakness. A material weakness is a deficiency, or a combination of deficiencies, in an internal control over financial reporting. With this deficiency, or these deficiencies, there is a reasonable possibility that a material misstatement of the company’s annual or interim financial statements will not be prevented or detected on a timely basis. Indicators of material weaknesses in internal control over financial reporting include:
- Restatement of previously issued financial statements to reflect the correction of a material misstatement;
- Ineffective oversight of the company’s external financial reporting and internal control over financial reporting by the company’s audit committee.
This has been an overview of how to evaluate internal controls for accountants. To go more in-depth with our resident expert’s (Bob K Minniti) additional insights, check out the Accounting Basics: Evaluating Internal Controls course on Accounting Ed!
AccountingED is made up of a growing library of over 200 hours of NASBA registered, SelfStudy Courses, Live Webinars & Seminars, and Micro Courses that offer a broad level of industry leading accounting, fraud, and cybersecurity training. CPE topics include governmental accounting, auditing, ethics, specialized knowledge, and much more. Organizations can develop their own, secure, organization branded, white label academy complete with the organization’s look and feel. Migrate the entire AccountingED.com content library or create their own learning paths by selecting specific content from AccountingED.com and CyberTraining365.com to meet your training needs.