Internal controls over financial reporting are designed to provide reasonable assurance that: accurate records supporting the financial statements are maintained; transactions are appropriate, complete and correctly recorded; and errors or fraud are detected timely. A lack of control over financial reporting, including the inability to prepare full disclosure financial statements, is one area that commonly generates a comment in the auditors’ management recommendation letter.
Effective Controls over Financial Reporting
Thanks to a series of auditing standards issued in recent years (i.e., SAS No. 112, SAS No. 115), individuals frequently equate controls over financial reporting solely with the controls governing the year-end financial statements. Financial statements, however, are only one piece of the process; all financial reporting flows to the general ledger, from which organizations produce their financial statements. Effective controls over financial reporting are actually much broader, encompassing five key areas:
1. Establishing Policies and Procedures
Management should be involved in designing and approving the organization’s policies and procedures as they relate to the financial statement preparation process and in addressing departures from them. If an employee departs from the established process for financial reporting, regardless of his position in the organization, management should quickly correct the problem and make it clear that such violations will not be tolerated. Significant policies and procedures should be documented in writing and periodically reviewed and updated. An organization should also have a fraud prevention policy, designed to address potential fraudulent financial reporting risks. An effective fraud prevention policy allows an organization to identify possible risks and to implement controls and procedures to mitigate those risks, thereby reducing the possibility of fraud occurring.
2. Tone at the Top
Policies and procedures are of the utmost importance; however, the tone at the top is the foundation for an organization’s internal control system. Management should lead by example and demonstrate integrity and high ethical values. Management should concern itself with financial reporting and regularly review financial reports.
3. Processing Transactions and Financial Data
Transactions and financial data are what ultimately end up being reported in an organization’s financial statements. The systems, processes and internal controls over transactions are crucial to having accurate financial statements. Processing transactions and financial data generally has three phases: (1) initiating and authorizing, (2) recording and processing, and
(3) reconciling and reporting. In the first phase, initiating and authorizing, it is important that transactions are appropriately authorized; for example, an organization may require a manager’s approval prior to the payment of an invoice. In the second phase, recording and processing, the transaction will be recorded in the general ledger. In the third phase, reconciling and reporting, amounts will be included on financial reports and reconciled to supporting schedules. Management should oversee the process and review these reports.
4. Monitoring and Communication
Management should monitor the organization’s internal controls. Any shortfalls identified should be remedied so the internal control system can be improved. There should also be open communication between an organization’s management and its employees, and employees should have a clear understanding of what issues should be reported to management.
5. Controls over Year-end Financial Reporting
At the end of each fiscal year, many organizations are required to prepare full disclosure financial statements. Whether the organization prepares the financial statements or it looks to an outside accountant to draft the financial statements, the organization is expected to have the expertise and controls to be able to prepare the financial statements, including the disclosures. The organization should also have controls in place to identify and record all year-end closing entries and financial statement disclosures.
Is it possible to uniformly apply these five components, regardless of the size of the organization? Absolutely not. The elements of an organization’s system of internal control will depend on its size, structure and complexity. However, these five areas provide a framework for management to develop a robust system of internal control over financial reporting.
Jasmine Baker, CPA, is a senior manager in the San Ramon, California, office of Lindquist LLP. She has nine years of experience in audit and accounting services for employee benefit plans, labor organizations and not-for-profit entities. Jasmine trains staff and helps develop technical guidance for the firm. Jasmine is a member of the American Institute of Certified Public Accountants. She received a bachelor of science degree in accounting from St. Mary's College. Contact her at (925) 277-9100 or firstname.lastname@example.org.
Our firm provides the information in this e-newsletter for general guidance only. It does not constitute the provision of legal advice, tax advice, accounting services, investment advice, or professional consulting of any kind. The information provided herein should not be used as a substitute for consultation with professional tax, accounting, legal, or other competent advisers. Before making any decision or taking any action, you should consult a professional adviser who has been provided with all pertinent facts relevant to your particular situation. Tax articles in this e-newsletter are not intended to be used, and cannot be used by any taxpayer, for the purpose of avoiding accuracy-related penalties that may be imposed on the taxpayer. The information is provided "as is," with no assurance or guarantee of completeness, accuracy, or timeliness of the information, and without warranty of any kind, express or implied, including but not limited to warranties of performance, merchantability, and fitness for a particular purpose.