Sarbanes Oxley Internal Controls
Internal control involves everything that controls risks to an organization. In accounting and auditing, internal control is a process for assuring achievement of an organization’s objectives in operational effectiveness and efficiency, reliable financial reporting, and compliance with laws, regulations and policies.
Internal control plays an essential role in spotting and preventing fraud and protecting organization’s both physical and intangible resources. It is a means by which resources of an organization are directed, monitored and measured. Apart from preventing fraud and complying with laws and regulations, an important aspect of internal controls is to systematically improve businesses in regard to effectiveness and efficiency.
Also referred to as operational controls, internal control is a key element of the Foreign Corrupt Practices Act (FCPA) of 1977 and the sarbanes oxley certification Act of 2002, which required improvements in internal control in United States public corporations. Under the Sarbanes-Oxley Act, companies are required to perform a Business Fraud Certification risk assessment and assess related controls. This normally includes identifying series of events in which loss, theft or fraud could occur and discovering if the existing control procedures manage the risk to an acceptable level effectively. The risk of manipulating financial reporting by senior management is also a key area of focus in fraud risk assessment. The AICPA, IIA, and ACFE also sponsored a guide published during 2008 that includes a framework for helping organizations manage their fraud risk.
Internal control accounting systems are the policies and procedures used to ensure accuracy and reliability across accounting reports to:
Prevent fraud and control risk
Proactively identify financial issues
Protect resources (both tangible and intangible) from theft and waste
Operate efficiently and measure progress towards business objectives and goals.
Generate timely, reliable reporting
Comply with applicable laws and regulations
Secure outside funding
Reassure investors
Controls can either be preventative, deterring fraud and mistakes, or detective, identifying issues after they have happened. Working together they can remedy existing problems and help to avoid future ones to strengthen ongoing business activities.
Common types of internal control certification include:
Separation of Duties
A basic control system to ensure that the people responsible for financial reporting are separate from the people tasked with making cash deposits and purchases is by assigning specific duties to each employee that divide accounting responsibilities. Because fraud can occur at any level of an organization, separation of duties is crucial at not just the top, among executive leadership, but at every step of the organizational hierarchy.
Access Controls
An important and easy to implement control that safeguards data and physical assets by setting permission levels and control access to different parts of an accounting system via passwords and electronic access logs to keep unauthorized users out of the system is access control. This provides a way to audit the usage of the system to identify the source of errors or discrepancies.
Approvals
Authorizing a manager to approve certain transactions and make purchase decisions is an internal control system that prevents unnecessary expenses at every level to minimize waste and reduce incidence of fraud. In larger organizations required approvals may follow a hierarchy requiring multiple layers of agreement being finalized.
Physical Audits of Assets
The most widely used internal accounting control is auditing. Financial audits like cash reconciliations are performed regularly to verify that actual balances match accounting balances. Differences can be analyzed and investigated, where necessary, to result in accurate financial reports. Physical audit of assets is also necessary to be performed daily, monthly, quarterly or annually depending on the asset being audited. Additionally, utilizing surprise or random cash counts, for instance, helps to keep employees honest and focused on performing work meticulously.
Templates
Using standard documents formats, used for financial transactions, such as invoices, Internal controls certification materials requests, inventory receipts and travel expense reports, can help to maintain consistency in record keeping over time.
Trial Balances
Trial balances should be used in conjunction with double-entry accounting to ensure that records are always balanced in order to mitigate errors and frauds that may still exist in a double-entry accounting system. Calculating trial balances on daily or weekly can provide regular insight into the state of the system, allowing to discover and probe discrepancies early on.
Data Backups
Backing up computer files to the cloud safeguards data from loss when computers become corrupted or servers fail. Data backups are one of the most important internal accounting control systems. Loss of financial inputs, past reports and important data or failure in technology can delay reporting and impairing essential accounting functions.
Unless employees are well equipped and trained to act when they notice any suspicious activity or risk, implementing the proper accounting controls is worthless. An organization must create policies to educate its employees on all levels on how to respond if an issue arises, or in case of a malicious activity, they can tell to and what response to expect. Anonymity of employees needs to be protected after doing so.














