What is Internal Control Over Financial Reporting ?
Understanding Internal Control Over Financial Reporting requires a broad understanding of the following:
- Internal Control System,
- corporate goals and objectives – the reasons why businesses are established,
- business operating models and
- factors that can mar or enhance a company’s abilities to achieving the goals and objectives.
Internal Control has been broadly defined differently by many sources. The Wikipedia defines Internal Control as “everything that controls risks to an organization”. (myaccountingcourse.com) defines Internal Control as “a procedure or policy put in place by management to safeguard assets, promote accountability, increase efficiency, and stop fraudulent behavior”. (investopedia.com) defines internal control as “accounting and auditing processes used in a company’s finance department that ensure the integrity of financial reporting and regulatory compliance, and prevent fraud, improve operational efficiency, ensure that budgets are adhered to, policies are followed, capital shortages are identified, and accurate reports are generated for leadership”. The Securities and Exchange Commission, Nigeria Act (ISA) 2007 section 61(3) defines internal control as ” policies, procedures and practices put in place by management to ensure safety of assets, accuracy of financial records and reports, achievement of corporate objectives and compliance with laws and regulations”.
COSO defines Internal Control as “a process, effected by an entity’s board of directors, management and other personnel designed to provide reasonable assurance to the stakeholders of the achievement of the organizational goals and objectives. They help to safeguard stakeholders’ investments and corporate assets, and achieve operational efficiencies through improved business performance, increased productivity, cost savings, credible financial and non-financial reporting and compliance to laws and regulations.
For me, an Internal Control system is defined as “a system comprising of policies, procedures, and practices adopted by the business management and approved by the company board to ensure that the negative risks that will impact the day to day business operations and mar the achievement of the corporate goals and objectives are prevented, timely detected and root causes properly addressed while ensuring that the positive risks and success opportunities are maximized for the best interest of the organization”.
Regardless of some differences in the definitions by the different sources, the common theme is that internal controls are essential for the achievement of corporate goals and objectives.
ICRF Exists to Prevent or Mitigate the Risks of Missing the Achievement of Corporate Reporting Goals and Objectives.
Businesses are established to achieve specific goals and objectives, and there are numerous goals and objectives a business can achieve. The Committee of Sponsoring Organizations of the Treadway Commission (COSO) has classified the business goals and Objectives into four, namely:
- Strategic goals and objectives,
- Operational goals and objectives,
- Reporting goals and objectives, and
- Compliance goals and objectives.
COSO also, classified the risk events that can prevent or enhance the achievement of the business goals and objectives as Strategic risks, Operational risks, Reporting risks and Compliance risks. Negative risks mar the achievement of the corporate goals and objectives while positive risks enhance the opportunities for the achievement of the corporate goals and objectives. Producing accurate, timely and helpful Financial Reports which include the Financial Statements is part of Reporting Objectives and Producing inaccurate or untimely financial reports is part of reporting risks that can mar the reporting objectives. Presented in figure 1 below is a brief description of the COSO perspectives of the corporate goals and objectives and some examples of the risk factors that can negatively impact the achievement of the corporate goals and objectives.
It is important to note that there are several risk management standards that have their own unique risk categorization that may be different from that of COSO framework perspectives. Examples: The BASEL Framework classified the risks for banks to be Market Risks, Credit Risks, Capital Risks and Operational Risks. The Solvency Framework for the insurance business has classified the insurance risks to include Market Risks, Credit Risks, Liquidity Risks, Operational Risks and Underwriting risks. Regardless of the differences in the risk classifications, they all agree that goals and objectives are key in every business and that negative risks are the key reasons why the achievement of the corporate goals and objectives may be seriously impacted.
Thank you for this insightful post. And thanks for creating awareness as some companies are not even aware of the the immense benefits of ICFR
Thank you for free lecture.