GlobalFinance                  DESIGNING EFFECTIVE  360                         FINANCIAL CONTROLS                        ...
About Global Finance 360Global Finance 360 covers theworld of corporate finance andaccounting and how these               ...
About Global Finance 360Global Finance 360 covers the       Communication and Informationworld of corporate finance andacc...
Upcoming SlideShare
Loading in …5

Designing Effective Financial Controls - Leveraging the Internal Control Framework to Achieve Control Objectives


Published on

Published in: Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Designing Effective Financial Controls - Leveraging the Internal Control Framework to Achieve Control Objectives

  1. 1. GlobalFinance DESIGNING EFFECTIVE 360 FINANCIAL CONTROLS LEVERAGING THE INTERNAL CONTROL FRAMEWORK TO ACHIEVE CONTROL OBJECTIVES Author: Stephen G. Lynch Every year corporations lose millions of dollars due to poor internal controls. The“A strong internal failures include inadequate segregation of duties, lax control over vendor mastercontrol framework records and incorrect customer invoices. Additionally, poor controls around the flow of data in an organization’s ERP system can result in manual rework tois the result of clear correct improper accounting entries. Taken to the extreme, inadequate controlscontrol objectives can result in material misstatements in financial reporting and the associated regulatory submissions.and a commitment With the continued guidance of Section 404 of the Sarbanes-Oxley Act,by a company’s management is required to publish in their annual reports a statement concerningBoard, the scope and adequacy of the internal control structure and procedures for financial reporting. Additionally, the company’s auditors must attest to and reportmanagement, and on the assessment of the effectiveness of the internal control structure andemployees to create procedures for financial reporting. An investment in strong internal controls is essential for the effective governance and protection of the corporation.and maintain a Control Objectivesstrong control In designing an effective internal control structure, three objectives must be kept inenvironment. It mind as the controls are designed, tested and maintained. These objectives are:also requires a 1. Ensure that corporate assets are safeguarded against malfeasance and usedcommitment to only for business purposes,properly assess 2. Provide accurate business information to management, investors, creditors, regulators and other relevant stakeholders, andorganizational risk, 3. Ensure that employees comply with all applicable laws and regulations.establish and With these objectives established, the internal control structure can be developed andconduct appropriate maintained using the COSO internal control framework.control activities, The Internal Control Frameworkgenerate and The Internal Control - Integrated Framework report, published by the Committee ofcommunicate Sponsoring Organizations of the Treadway Commission (COSO), provides atimely, relevant and framework that consists of five interrelated components. All of these components must be in place and operating effectively for there to be an effective internal controlreliable information, structure. These five components are:and participate in Control Environmentregular monitoring Risk Assessmentactivities.” Control Activities Communication and Information Monitoring Global Finance 360 | Copyright 2010 | All Rights Reserved 1
  2. 2. About Global Finance 360Global Finance 360 covers theworld of corporate finance andaccounting and how these Control Environmentactivities are impacted by The control environment is the foundation of a company’s internal control structure andglobalization. Focus areas is centered on the attitudes, actions and awareness of the company’s internalinclude Finance Delivery stakeholders, including the Board of Directors, management and front-line personnel.Strategy, Shared Services, The level of importance these stakeholders place on strong internal controls will greatlyBusiness Process Outsourcing,Process Improvement and influence the existence and effectiveness of those controls.Organizational Design. The control environment is core to a company’s approach to daily business activitiesGlobal Finance 360 is run by and the way it assesses risk in conducting those activities. According to COSO, controlSteve Lynch. Mr. Lynch is a environment factors include the “integrity, ethical values and competence of the entitysPrincipal in the Finance people; managements philosophy and operating style; the way management assignsTransformation practice of a authority and responsibility, and organizes and develops its people; and the attentionglobal consulting company. He and direction provided by the board of directors”.is responsible for the marketing,sales and delivery of Finance Risk AssessmentTransformation services in NorthAmerica and serves as a key As part of the control structure, a company should have a process in place to assessliaison for his company’s global risk in relation to its corporate objectives. The risk assessment applies to all areas ofFinance practice. He brings the company and should involve most activities within the organization. According tomore than 15 years of the COSO framework, risk assessment is a 3-step process:experience advising globalcompanies on their service Estimate the significance of the risk,delivery strategies and hasserved over 60 clients in avariety of industries including Access the likelihood or frequency of the risk occurring, andconsumer product and industrialmanufacturing, aerospace & Consider how the risk should be managed and assess what actions must bedefense, transportation, takentechnology, entertainment andfinancial services. He has also An effective risk assessment system will incorporate both internal and external factors.served as a Controller in private Internal factors can include people, systems and processes. External factors canindustry and as an auditor in include economic developments, regulatory changes and industry advances. It is thepublic accounting. responsibility of the company’s management to properly assess risk and then toMr. Lynch is an active content develop and maintain a program that will effectively mitigate the risk identified.contributor on the topics ofFinance Transformation and Control Activitiesglobalization and has presentedat various forums including the Control activities are the policies and procedures put in place by management toIQPC Shared Services & ensure that the processes put in place to address risk are being carried out. ThisOutsourcing conference. He can component of the COSO framework is wide-ranging and includes controls designed tobe found on the web at prevent errors as well as controls to detect errors after the fact and enable action to be taken. Examples of preventive controls include segregation of duties and physical controls such as locking down cash. Detective controls are focused onContact Information: reporting, reconciliations, management reviews and periodic audits to detect errorsSteve Lynch needing correction.Toll-free: +1.800.216.2512 A key aspect of the COSO framework is its emphasis on information system controls. This includes financial, operational and compliance related systems. All of theseOffice: +1.719.481.2599 systems should have both general and application controls. As the name implies,1042 W. Baptist Road general controls pertains to all systems and covers issues such as physical access toSuite 194 the systems. Application controls are specific to a particular system and includesColorado Springs, CO 80921 individual security profiles and business logic that would prevent unreasonable from passing through Global Finance 360 | Copyright 2010 | All Rights Reserved 2
  3. 3. About Global Finance 360Global Finance 360 covers the Communication and Informationworld of corporate finance andaccounting and how these Communications and information are actually two distinct components of internalactivities are impacted by control. Information must be readily available to organizational stakeholders and theglobalization. Focus areas information must be of sufficient quality that personnel can act on the information,include Finance Delivery confident that it is reliable. This information should also be suitable for communicatingStrategy, Shared Services, with external stakeholders such as investors, creditors and regulators.Business Process Outsourcing,Process Improvement and COSO recognizes that information can be both structured and unstructured.Organizational Design. Structured information comes from the company’s formal information systems and can be financial, operational or compliance related. Unstructured information can consistGlobal Finance 360 is run by of conversations with customers and suppliers.Steve Lynch. Mr. Lynch is aPrincipal in the Finance A strong internal control structure enables communication to flow through anTransformation practice of a organization, from top to bottom and from the bottom upwards, as well as horizontallyglobal consulting company. He through the various departments. These communication channels are created andis responsible for the marketing, maintained to ensure that information flows to those departments and individualssales and delivery of Finance requiring information for their financial, operational and compliance related reportingTransformation services in North and analysis responsibilities.America and serves as a keyliaison for his company’s globalFinance practice. He brings Monitoringmore than 15 years of Nothing ever stays the same and internal controls are no different. Due to changingexperience advising global factors both internal and external, there is an ongoing need to monitor internal controlscompanies on their service to assess their effectiveness and to determine if any changes in the internal controlsdelivery strategies and has are warranted.served over 60 clients in avariety of industries including Monitoring takes two basic forms: ongoing monitoring as part of a company’sconsumer product and industrial continuous operations and periodic monitoring based on specific control objectives.manufacturing, aerospace & COSO lists various means of ongoing monitoring which includes reviews bydefense, transportation, management and supervisory personnel to identify errors and make corrections astechnology, entertainment and necessary. It also includes the regular reconciliation of physical and financial assetsfinancial services. He has alsoserved as a Controller in private such as inventory and cash.industry and as an auditor in In addition to ongoing reviews, it is usually beneficial to make periodic reviews ofpublic accounting. specific control procedures. Although a company’s internal audit group may beMr. Lynch is an active content involved in the testing and evaluation of internal controls, it is also acceptable for linecontributor on the topics of management to initiate their own review of internal controls and make updates to theFinance Transformation and control structure as necessary to remediate any deficiencies found.globalization and has presentedat various forums including the ConclusionIQPC Shared Services &Outsourcing conference. He can A strong internal control framework is the result of clear control objectives and abe found on the web at commitment by a company’s Board, management, and employees to create maintain a strong control environment. It also requires a commitment to properly assess organizational risk, establish and conduct appropriate control activities,Contact Information: generate and communicate timely, relevant and reliable information, and participate inSteve Lynch regular monitoring activities.Toll-free: +1.800.216.2512Office: +1.719.481.25991042 W. Baptist RoadSuite 194Colorado Springs, CO Global Finance 360 | Copyright 2010 | All Rights Reserved 3