Академический Документы
Профессиональный Документы
Культура Документы
Internal controls perform three important functions: 1) Preventive controls deter problems before they arise. Examples include hiring qualified personnel, segregating duties, and controlling physical access to assets and information. 2) Detective controls discover problems that are not prevented. Examples include duplicate checking of calculations and preparing bank reconciliations and monthly trial balances. 3) Corrective controls identify and correct problems as well as correct and recover from the errors, and resubmitting transactions for subsequent processing. Internal controls are often segregated into two categories: 1) General controls make sure an organizations control environment is stable and well managed. Examples include security; IT infrastructure; and software acquisition, development, and maintenance controls. 2) Application controls make sure transactions are processed correctly. They are concerned with the accuracy, completeness, validity, and authorization of the data captured, entered, processed, stored, transmitted to other systems, and reported. Four levels of control to help management reconcile the conflict between creativity and controls (by Robert Simons): 1) A belief system describes how the company creates value, helps employees understand managements vision, communicates company core values, and inspires employees to live by those values. 2) A boundary system helps employees act ethically by setting boundaries on employee behavior. Employees are not told exactly what to do. Instead, they are encouraged to creatively solve problems and meet customer needs while meeting minimum performance standards, shunning off-limit activities, and avoiding actions that might damage their reputation. 3) A diagnostic control system measures, monitors, and compares actual company progress to budgets and performance goals. Feedback helps management adjust and fine-tune inputs and processes so future outputs more closely match goals. 4) An interactive control system helps managers to focus subordinates attention on key strategic issues and to be more involved in their decisions. Interactive system data are interpreted and discussed in face-to-face meetings of superiors, subordinates, and peers.
After SOX was passed, the SEC mandated that management must: - Base its evaluation on a recognized control framework. - Disclose all material internal control weaknesses. - Conclude that a company does not have effective financial reporting internal controls if there are material weaknesses.