Update of internal controls. Internal control over financial reporting is a process designed to give reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes by generally accepted accounting principles.
Update Of Internal Controls
Additionally, Internal controls over financial reporting or ICOFR is deemed to include all policies and procedures that:
- Pertain to the maintenance of records hat has reasonable details accurately and fairly reflect the transactions and dispositions of the assets of the company;
- Provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements following generally accepted accounting principles and that receipts and expenditures of the company are being made only following authorizations of management and directors of the company; and
- Provide reasonable assurance regarding the prevention or timely detection of unauthorized acquisition, use, or disposition of the company’s assets that could have a material effect on the financial statements.
Examples of internal controls and the related releases and standards include:
- Controls over initiating, authorizing, recording, processing, reconciling, and reporting significant account balances, transactions, and disclosures included in the financial statements;
- Controls related to the prevention, identification, and detection of fraud;
- Controls related to the initiating and processing of non-routine and non-systematic transactions;
- Controls related to the selection and application of appropriate accounting policies.
Management’s Report On Internal Controls
The provisions need management to acknowledge its responsibility for the company’s ICOFR and to assess the operating effectiveness of those controls. As a result, public companies must issue an additional internal control report within their annual report. The report on internal control should contain a statement of management’s responsibility for establishing and maintaining adequate ICOFR, and a statement identifying the framework that management used to assess of the effectiveness of the company’s ICOFR.
The report should also contain the management’s assessment of the effectiveness of the company’s ICOFR as of the end of the company’s most recent fiscal year, including disclosure of any material weaknesses identified in the company’s ICOFR and an explicit statement as to whether the ICOFR is effective. A statement that the company’s independent auditor has issued an attestation report, which must also be filed with the annual report, covering management’s assessment of the company’s ICOFR.
Management’s Assessment Of Internal Controls
In performing the ICOFR assessment, management must choose a suitable internal control framework against which to evaluate the design and effectiveness of the company’s ICOFR. It provides five components of effective internal controls: control environment, control activities, risk assessment, information and communication, and monitoring.
Additionally, management should carry out the following tasks:
- Determine which internal controls to test in performing the assessment, considering the significance of each control both individually and in the aggregate;
- Evaluate whether the failure of control could result in a misstatement to the financial statements, the likelihood and magnitude of any resulting misstatement and whether other controls are in place to mitigate this occurrence;
- Determine which locations or business units to include in the assessment, if applicable;
- Evaluate the design and operating effectiveness of the internal controls using the internal control framework chosen as a guide;
- Evaluate the probability of occurrence and the size of potential misstatements resulting from the internal control deficiencies identified and determine whether they, either individually or in the aggregate, constitute material weaknesses (any deficiency where the likelihood of potential misstatement is more than remote) or significant deficiencies (any deficiency where the likelihood of potential misstatement is more than remote and the magnitude is more than inconsequential);
- Provide sufficient documentation to support the assessment of ICOFR, including documenting the design of the internal controls and the results of management’s testing and evaluation;
- Communicate the assessment findings to the independent auditor and other applicable parties. Recognizing that each company differs in the internal control structure, the rules state that the nature of the testing performed by management will depend on the specific circumstances of the company and the significance of the control being tested. However, the rules also assert that inquiries are generally not a sufficient basis for management’s assessment.
Final Thoughts
Administrative management is responsible for ensuring that an adequate internal control system is in place. As part of a control environment, management is responsible for communicating the expectations and duties of employees. They must also ensure that the other major areas of an internal control framework are addressed.
