Welcome to CCI Magazine_March
An internal control is a process of interlocking activities that use properly designed policies and procedures .
control. It is as follows. “A process of interlocking
dismay, most people can’t. Before I give you Marks’
of internal controls to the door of some weak business process like İÕĆõÕê�ŖĔİăÕİĴ�²õİʴÑİĔĭĭõčë�ĴŁĭĭĆõÕĴ� onto a suffering population. That’s not what really happens, however. What really happens is that we adjust the weak business process to (ideally) make it stronger. If the process is particularly bad — one might even call it materially weak — we make multiple adjustments at once. That’s what Marks captures in his ĔĭÕčõčë�ĆõčÕʝ��č�õčļÕİč²Ć�ËĔčļİĔĆ�õĴ�²� process rather than a thing, and the raw materials the process uses are policies and procedures. The mission of the audit or compliance executive is to see that those raw materials are properly designed so that they work together effectively and the internal ËĔčļİĔĆ�ļñÕč�êŁĆţĆĆĴ�õļĴ�ČõĴĴõĔčʣ ǵƉŧǠхŘƺưǵǠƺƥхşŧɭưƎǵƎƺưǨ \²İăĴʿ�ÑÕţčõļõĔč�Ĕê�õčļÕİč²Ć� control didn’t emerge from a vacuum. The COSO framework for internal control and federal securities law have their own ÑÕţčõļõĔčĴʞ�ļĔĔʨ�²čÑ�ļñĔĴÕ� ÑÕţčõļõĔčĴ�ĆĔčë�ĭİÕËÕ ded Marks. For example, Section 13(b)(2)(B) of the Exchange Act �ÑÕţčÕĴ�êĔİ� ÕĆÕČÕčļĴ�Ĕê�õčļÕİč²Ć�ËĔčļİĔĆʝ • System of internal accounting
ÑÕţčõļõĔčʞ�ĆÕļ�ČÕ� offer what raced through my head when he put the įŁÕĴļõĔč�ļĔ�ČÕʝ��č�õčļÕİč²Ć�ËĔčļİĔĆ� is something a company uses that’s intended to reduce the chance of an unwanted risk outcome. E�ÑÕĆõÊÕݲļÕĆŘ�ăÕĭļ�ČŘ�ÑÕţčõļõĔč� broad, because a control can take Č²čŘ�êĔİČĴʝ�²�ĴĔêļŖ²İÕ�İĔŁļõčÕ�ļñ²ļ� blocks a payment to unapproved ĭ²İļõÕĴʨ�²�ĭĔĆõËŘ�ʰŖõļñ�ËÕİļõţ˲ļõĔč� required) against bribing foreign ëĔŕÕİčČÕčļ�ĔêţËõ²ĆĴʨ�²�ĴĭÕÕËñ�êİĔČ� ļñÕ��&c�²ĴĴŁİõčë� employees that it’s better to miss your monthly Ĵ²ĆÕĴ�įŁĔļ²�ļñ²č�ţŗ�²�ËĔčļݲËļʣ Those examples are all different in form and substance — but controls they all are. In sequence, they are a transaction control (block the payment), a process control (train employees) and an entity control (senior executive issues guidance on corporate priorities). They all work together toward the objective of reducing corruption risk. ļõĆĆʞ�ČŘ�ÑÕţčõļõĔč�õĴ�ʲĴÕÑ�Ĕč� examples more than anything else. I know a control when I see it — but is that the same as understanding the abstract concept of a control and how ĔčÕ�ţļĴ�õčļĔ�²�ËĔČĭĆõ²čËÕ�ĭİĔëݲČʤ Enter the Marks şŧɭưƎǵƎƺư Over the years, Marks has êĔİČ²ĆõşÕÑ�ñõĴ�ĔŖč�ÑÕţčõļõĔč�Ĕê�²�
activities that use properly designed policies and procedures which are preventive, corrective, directive, corroborative, along with training and continuous monitoring, to assure the achievement of an organization’s objectives in operational effectiveness and ÕêţËõÕčËŘʞ�ëÕčÕݲļõčë�İÕĆõ²ÊĆÕ� (complete and accurate) books and records in compliance with laws, regulations and policies, which ultimately reduces risk of fraud, waste and abuse.” ñ²ļ�ÑÕţčõļõĔč�õĴ�²�ČĔŁļñêŁĆʞ� but it hits on all the right points, including the most important one right in the top line. An internal control is a process of interlocking activities that use properly designed policies and procedures . The rest is all correct but is more about helping you to understand what a control does. His opening lines explain what an õčļÕİč²Ć�ËĔčļİĔĆ�õĴʝ�EļʿĴ�²�ĭİĔËÕĴĴʣ�Eļ� does something. That might be why people hesitate to ÑÕţčÕ�²�ËĔčļİĔĆʣ�cŁİ� ÊݲõčĴ�ñÕ²İ�ʼÑÕţčÕ�²�ËĔčļİĔĆʽ�²čÑ� instinctively we envision a noun — a thing unto itself. In everyday language, we say sentences like, “This control isn’t working” or “We need stronger internal controls in our accounting process,” as if we could deliver an extra shipment
ËĔčļİĔĆĴ�ĴŁêţËõÕčļ�ļĔ�ĭİĔŕõÑÕ� reasonable assura čËÕĴ�ļñ²ļʝ
• Transactions are executed
with management’s general or
10 | March 2024
Opinion
CCI Magazine
Made with FlippingBook Ebook Creator