Internal Controls and Best Practice Policies and Procedures

Today more than ever businesses of all sizes are recognizing the importance of a strong internal control structure. It is a critical component to success and if your organization is intent on becoming a public entity, it is the law under the Sarbanes-Oxley Act of 2002.

As discussed in Internal Control – Integrated Framework on Internal Control , published by the Committee of Sponsoring Organizations of the Treadway Commission (COSO), internal control consists of the five interrelated components depicted this illustration.

Control Environment–at its foundation, internal controls must encompass the highest ethical standards and those standards must be communicated throughout the organization. Responsibility has moved from the back office to the Board Room and starts with the Board of Directors and the Chief Executive Officer.

Risk Assessment–once the right ethical culture exists, a study should be undertaken to understand and document what risks face the organization and how those risks could adversely affect operational and compliance objectives. An effective risk assessment will consider internal factors (i.e. people, systems, business processes) and external factors (i.e. industry, economic factors, and technological advances). Equally as important, this assessment should not be a static, one-time process. It must be dynamic. “The only thing certain is change itself.” Change is inevitable and risks will also change. Thus management must have in place procedures to constantly reevaluate risk.

Control Activities–once the risk assessment has been completed, control activities should be in place to address those risks. Accountability should be established at every level in the organization to provide assurance that policies and procedures are being enforced and are effective. These control activities include top level review, appropriate controls over the activities in specific departments, physical control over assets, and a system of approvals, authorizations, verification and reconciliation.

Monitoring–finally, from the Board Room, to the lowest level of review the effectiveness of the internal control system must be continually monitored. If the system of internal control is structured properly, this monitoring should be going on every day, and be part of the system. Integrating the system of internal control into the operating environment facilitates this on-going monitoring process.

CoreVision's approach to helping you develop your internal control structure embodies these four key principles. Among the ways we might assist include:

• Providing an overall review and assessment of your current structure, or review and assessment of a particular department (e.g. Accounts Receivable or Accounts Payable).
• Assisting with the documentation of your current control structure in accordance with the requirements of Sarbanes-Oxley
• Designing, on a project bases, a plan to help you make change were required; and
• Helping you implement that plan