Internal control system: How is your accountability?
In COSO’s updated Internal Control – Integrated Framework, one of the 17 principles they present is that the organization holds individuals accountable for their internal control responsibilities in the pursuit of objectives. Have you considered how your control system enforces accountability?
Internal control is a process put in place by the board of directors, senior management and all levels of personnel to provide reasonable assurance that the company’s objectives will be achieved. Internal control includes all measures and practices that are used to mitigate exposures to risks that could potentially prevent the company from achieving its objectives. Internal control is not solely a procedure or policy that is performed at a certain point in time, but rather it is continually operating at all levels within an organization. Given this, you can understand how important accountability is to functioning controls.
Consider these “Points of Focus” from COSO’s study:
- Enforces accountability through structures, authorities and responsibilities: Management and the board of directors establish the mechanisms to communicate and hold individuals accountable for performance of internal control responsibilities across the organization and implement corrective action as necessary.
- Establishes performance measures, incentives and rewards: Management and the board of directors establish performance measures, incentives and other rewards appropriate for responsibilities at all levels of the entity, reflecting appropriate dimensions of performance and expected standards of conduct, and considering the achievement of both short-term and longer-term objectives.
- Evaluates performance measures, incentives and rewards for ongoing relevance: Management and the board of directors align incentives and rewards with the fulfillment of internal control responsibilities in the achievement of objectives.
- Considers excessive pressures: Management and the board of directors evaluate and adjust pressures associated with the achievement of objectives as they assign responsibilities, develop performance measures and evaluate performance.
- Evaluates performance and rewards or disciplines individuals: Management and the board of directors evaluate performance of internal control responsibilities, including adherence to standards of conduct and expected levels of competence and provide rewards or exercise disciplinary action as appropriate.
How does your company measure up? Any problems in this area require attention by the board of directors and the president or CEO. Internal control truly starts at the top.