Internal controls are an important part of a business and the lack of internal controls can lead to devastating consequences for a company. Not only do internal controls help protect the company’s financial and management data, but there are also various regulations and industry standards that require reliable financial reporting particularly with public companies. Internal controls help manage the process of receiving and reporting monetary transactions as well as helping to protect against financial and strategic risks.
The Committee of Sponsoring Organizations of the Treadway Commission (COSO) created a framework that outlines five types of internal controls that businesses should focus on:
- Control Environment: The organizational structure of a company that sets expectations and holds individuals accountable due to segregation of duties.
- Risk Assessment: Analyze internal and external risks as well as creating preventative strategies to mitigate those risks.
- Control Activities: Internal policies and procedures that the organization has put into place to help identify, prevent or monitor the internal and external risks.
- Information and Communication: To help support and improve internal controls, an organization needs to obtain quality information and then communicate that information between all aspects of the organization such as staff, management and Board of Directors.
- Monitoring: Organizations must monitor the internal controls to verify they are working appropriately and potentially improve the control if it is improperly working. Ongoing measurement and evaluations are necessary to update for the Board of Directors.
By establishing internal controls, owners give employees protocols that should be followed in their daily work duties. These controls also help to prevent fraud or theft by mitigating the risk of misappropriated assets through management or employees. The controls also help provide financial data timely and accurately to help business owners make informed decisions about a business through meaningful information.
There are three factors that can help to explain the motivation an individual’s decision to commit fraud within an organization: pressure, opportunity and rationalization. Opportunity is the only factor that a company can control and having appropriate internal controls in place reduces the opportunity for an individual to commit fraud.
Some business owners feel like certain individuals that work at their company are very trustworthy which can lead a business owner to have inadequate internal controls in place; however, a business owner should be cautious in this situation as there are many pressures and rationalizations that may distort the trusting employees motivations. That individual may take advantage of the business owner’s trustworthiness and the only factor left to deter from fraud are the internal controls that help protect against the opportunity of that individual.
No matter the size of the business, every business should have internal controls in place to help protect against loss and theft of assets and data. Reach out to Samantha Lass or another member of our forensic accounting department if you would like to discuss ways to improve the internal controls of your business, or use the contact form below.