Are you in compliance?

Don't miss out! Sign up today for our weekly newsletters and stay abreast of important GRC-related information and news.

Internal Controls

What are internal controls?

In 1992, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) published a report called The Internal Control Integrated Framework, also known simply as the COSO Report, or as the COSO Framework. It has become a widely accepted definition of internal control as: “a process, effected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance.”

What is the COSO Framework for internal controls?

The COSO framework for internal controls was originally published in the 1992 COSO Report, but has since been updated. According to the 2013 version of the COSO report, internal controls are defined by 17 guiding principles broken down into five categories: 

  • Control environment
    • Commitment to integrity and ethics
    • Oversight responsibility
    • Establishing structure, authority and responsibility
    • Commitment to competence
    • Enforcement of accountability
  • Risk assessment
    • Specification of objectives
    • Risk identification and analysis
    • Fraud risk assessment
    • Identification and analysis of significant change
  • Control activities
    • Selection and development of risk mitigation activities
    • Selection and development of general technology controls
    • Deployment of controls-based policies and procedures
  • Information and communication
    • Use of relevant, important information
    • Internal communications
    • External communicaitons
  • Monitoring
    • Ongoing or separate evaluations of processes
    • Evaluation and communication of known deficiencies in program

What is an internal control framework? 

A control framework is an organization’s individual implementation of its own sense of internal control, most often guided by the general principles and procedures laid out by the COSO Framework.

How do internal controls pay a part in accounting? 

In accounting, internal controls often focus on seven operational principles identified as being conducive to best practices in accounting:

  • Separation of duties of bookkeeping, deposits, reporting, and auditing
  • Access controls to different parts of the accounting system to prevent any unauthorized access to it and its data
  • Physical audits of cash and assets
  • Documentation used for financial transactions, inventory receipts and expenses
  • Trial balances to test the accuracy and balancing of financial books
  • Reconciliations to ensure that accounting balances match up with balances held by external entities, such as banks and suppliers
  • Approval authority to prove that transactions have been adequately reviewed and approved at all levels
Accounting & Auditing Update Blog

Calling out usual audit ills, PCAOB also ponders next steps

Tammy Whitehouse | November 14, 2017

While acknowledging audit firms have taken measures to address adverse inspection findings, the PCAOB also is starting to ask if the firms are doing enough.

Accounting & Auditing Update Blog

Adverse internal control findings tapered off in 2016

Tammy Whitehouse | November 6, 2017

For the first time since 2012, a slightly smaller number of companies in 2016 reported adverse findings on internal control, according to a new analysis.

Accounting & Auditing Update Blog

Audit leaders issue another year-end alert on key risks

Tammy Whitehouse | October 13, 2017

Audit leaders have handed out yet another alert to auditors to dig into high-risk areas as they prepare for the upcoming year-end audit cycle.

News Article

Auditors tasked to study revenue readiness at year-end

Tammy Whitehouse | October 17, 2017

Auditors are under clear orders from their regulators to show no mercy in their assessment of corporate transition to the new revenue recognition rules.

Accounting & Auditing Update Blog

PCAOB alerts auditors to scrutinize revenue recognition

Tammy Whitehouse | October 6, 2017

The PCAOB is putting auditors on notice to take a careful look at the work companies have done to implement the new revenue recognition standard.

Accounting & Auditing Update Blog

With revenue adoption lagging, grim predictions unfold

Tammy Whitehouse | October 2, 2017

Evidence is mounting that companies are way behind in complying with new revenue rules, prompting predictions of late filings, internal control weaknesses, even restatements.

News Article

For 2017 close, expect auditors to queue up queries on 2018

Tammy Whitehouse | October 3, 2017

In preparing for the year-end close, companies should brace for auditors’ questions about the riskiest reporting areas, especially accounting rules taking effect in 2018.

News Article

Companies gear up for Q4 dash to revenue rule ready date

Tammy Whitehouse | September 26, 2017

As the fourth quarter approaches, companies are expected to break into a sprint to complete their efforts to adopt new revenue recognition requirements.

Tom Fox

Compliance lessons from hurricanes

Tom Fox | September 26, 2017

Recent natural disasters underscore the importance of being prepared, and of practicing crisis response. Compliance officers must do the same for their own hurricane-level crises.

The Man From FCPA Blog

Written protocols for compliance

Tom Fox | September 17, 2017

Tom Fox explores written protocols, the foundation upon which an effective compliance program is built.