Close

Are you in compliance?

Don't miss out! Sign up today for our weekly newsletters and stay abreast of important GRC-related information and news.

Internal Controls

What are internal controls?

In 1992, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) published a report called The Internal Control Integrated Framework, also known simply as the COSO Report, or as the COSO Framework. It has become a widely accepted definition of internal control as: “a process, effected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance.”

What is the COSO Framework for internal controls?

The COSO framework for internal controls was originally published in the 1992 COSO Report, but has since been updated. According to the 2013 version of the COSO report, internal controls are defined by 17 guiding principles broken down into five categories: 

  • Control environment
    • Commitment to integrity and ethics
    • Oversight responsibility
    • Establishing structure, authority and responsibility
    • Commitment to competence
    • Enforcement of accountability
  • Risk assessment
    • Specification of objectives
    • Risk identification and analysis
    • Fraud risk assessment
    • Identification and analysis of significant change
  • Control activities
    • Selection and development of risk mitigation activities
    • Selection and development of general technology controls
    • Deployment of controls-based policies and procedures
  • Information and communication
    • Use of relevant, important information
    • Internal communications
    • External communicaitons
  • Monitoring
    • Ongoing or separate evaluations of processes
    • Evaluation and communication of known deficiencies in program

What is an internal control framework? 

A control framework is an organization’s individual implementation of its own sense of internal control, most often guided by the general principles and procedures laid out by the COSO Framework.

How do internal controls pay a part in accounting? 

In accounting, internal controls often focus on seven operational principles identified as being conducive to best practices in accounting:

  • Separation of duties of bookkeeping, deposits, reporting, and auditing
  • Access controls to different parts of the accounting system to prevent any unauthorized access to it and its data
  • Physical audits of cash and assets
  • Documentation used for financial transactions, inventory receipts and expenses
  • Trial balances to test the accuracy and balancing of financial books
  • Reconciliations to ensure that accounting balances match up with balances held by external entities, such as banks and suppliers
  • Approval authority to prove that transactions have been adequately reviewed and approved at all levels
     
News Article

SEC, FASB issue changes aimed at simplifying disclosure requirements

Tammy Whitehouse | September 11, 2018

Companies need to update their disclosure controls and procedures now that the SEC and FASB are starting to trim unnecessary bulk out of disclosure requirements.

Enforcement Action Blog

Moody’s to pay $16.25M for internal controls failures and ratings symbols deficiencies

Jaclyn Jaeger | September 10, 2018

The SEC has filed its first-ever enforcement action involving rating symbol deficiencies, hitting Moody’s Investors Service with $16.25 million in penalties to settle charges involving internal control failures and failing to clearly define and consistently apply credit rating symbols.

Enforcement Action Blog

Citigroup will pay $10.5 million for internal controls failures

Joe Mont | August 16, 2018

The SEC says Citigroup has agreed to pay $10.5 million in penalties to settle two enforcement actions involving its books and records, internal accounting controls,and trader supervision.

Accounting & Auditing Update Blog

SOX-related audit costs rise again in 2017, poll says

Tammy Whitehouse | August 9, 2018

Half of the largest public companies saw SOX-related audit costs rise in 2017, driven by regulatory pressure, M&A activity, and new accounting rules.

Accounting & Auditing Update Blog

Companies plan to automate internal controls, poll says

Tammy Whitehouse | July 17, 2018

Companies are migrating toward automating their internal control over financial reporting, according to a recent survey by Financial Executives Research Foundation.

The Man From FCPA Blog

Payroll controls and compliance

Tom Fox | July 9, 2018

How can payroll help when operationalizing a compliance program? Tom Fox explores payroll’s role and the four key areas that should be considered when reviewing compliance goals.

Accounting & Auditing Update Blog

COSO publishes ERM examples to show case studies

Tammy Whitehouse | June 27, 2018

COSO has published an addendum to its ERM framework to illustrate examples of how to apply the framework to real situations.

News Article

Auditors plan deeper dives into outsource provider reports

Tammy Whitehouse | May 16, 2018

As guidance changes and regulators continue to hammer on internal controls, auditors are starting to dig deeper into reports provided by outsourced service providers.

News Article

India’s garment industry put through the wringer

Neil Hodge | March 27, 2018

A recent report illustrating substantial environmental issues in India’s garment industry offers a roadmap all companies could benefit from when monitoring and auditing supply chains.

The Man From FCPA Blog

Kinross and internal controls

Tom Fox | March 27, 2018

There are some important lessons that can be garnered by CCOs when examining recent FCPA internal control violations made by Canadian gold and silver mining company Kinross.