You may be familiar with the COSO (Committee of Sponsoring Organizations of the Treadway Commission) framework for internal control. COSO has received significant attention when referenced by the Securities and Exchange Commission (SEC) and the Public Company Accounting Oversight Board (PCAOB) as an example of an “internal control” system as required by Sarbanes-Oxley Act (SOX) sections 302 and 404.
These COSO internal controls are then documented in your finance policies and procedures manual template. SOX, in general, has generated a lot of discussion about internal controls even requiring financial policies and procedures.
Historically, for business finance and accounting processes, controls have typically referred to preventing fraud and abuse. Increasing regulatory requirements have caused compliance to tax & public company financial reporting regulations to become part of control system goals.
In this view, a financial control system of policies and procedures identifies who approves expenditures, signs checks, and reviews ledgers to accounts, as well as listing the required records and who keeps them. Is this really all an internal control system does?
Financial reporting and compliance are two areas which COSO explicitly claims to address with its integrated framework. However, COSO also lists a third area where internal controls play a vital business role – effectiveness (reaching objectives) and efficiency (required resources) of operations.
If you develop and implement an internal control system and your only financial objectives are to prevent fraud and comply with laws and regulations, then you are missing an important opportunity for improvement.
The same internal controls can also be used to systematically improve your business, particularly in regard to effectiveness and efficiency.
COSO lists five components that must be in place to some degree for an internal control system to be effective:
Let’s look at how effectiveness and efficiency of operations is played out using one example of the five components in the internal control framework – Control Environment.
The Control Environment of an organization is described as the foundation for the other components of internal control. It is the tone and culture of the organization upon which all other activities are conducted, and in most organizations it flows from the top. More specifically, how involved is management in setting realistic goals and then ensuring the organization has the resources to carry them out?
We can look at two contrasting styles. In the first, organizational goals fall from the sky with no involvement from those tasked with carrying out activities to reach objectives. Then results are either ignored altogether, or they are ignored until the end of the period; upon which you receive a nod of the head or a wag of the finger – depending on performance.
On the other end of the spectrum, management sets goals and objectives using a corroborative process. Management regularly reviews progress and performance along with leading indicators to determine if objectives will be met, and if not, identify if any corrective action should be taken.
Sometimes there may be valid reasons for missing objectives: how well they are considered and absorbed into the organizational knowledge is also a function of the Control Environment. Participative management is one of the most important ways to set a proper environment or tone where using resources to reach objectives actually means something, not empty phrasing.
We could find examples of how control systems improve performance in all components. Through Control Activities, for example, policies and procedures can also incorporate the idea of setting process objectives along with regular measurement and review, as well as creating communication channels between key departments. In fact, all the procedures found in our policies and procedures manuals follow the Plan-Do-Check-Act philosophy of continually improving processes, including our Finance Policies and Procedures Manual.
Communication activities can be built into the processes and procedures, creating communication channels that seem to frequently be lacking in organizations. These communication channels help create and communicate strategic level goals and objectives, which inform departments and segment level goals and objectives (which are also created as part of the control system). This kind of strategic alignment of objectives creates synergistic power in an organization.
COSO certainly fits our philosophy of control systems – where control isn’t only about preventing fraud and complying with regulations. Control is about having the philosophy and tools in place to be effective and efficient: and that is about doing things a little better tomorrow, next week, next month, and next year.
Download a free procedure from the finance manual right now with no obligation. You will get the entire table of contents and one actual policy and procedure set from the manual. Or, if you are ready to buy now, place your order using our secure server and you’ll be able to download immediately. With our money-back guarantee, your purchase is risk-free!