CHAPTER 1: INTERNAL CONTROLS
1.3 Control Environment
A strong control environment is one of the key foundational elements of a good internal control system. Characteristics of the control environment include the integrity, ethics, values, and competence of the personnel. Management will set the tone—good or bad— and can create a strong control environment by providing structure and discipline, as well as by conducting themselves accordingly, with integrity. In essence, the company’s management philosophy, operating style, and accountability will determine the control environment. Since the creation of the control environment must consider the personal traits of individuals, some organizations communicate management expectations through a written code of ethics, which employees must sign. One necessary (personal) commitment is to make sure that policies and procedures (P&P) are not overridden. This is a key ingredient to the control environment. If P&P are overridden on a regular basis, it jeopardizes the control environment. Another important element of the control environment is independent oversight, such as by an independent board of directors or independent audit committee. This is also a SOX requirement, and though not required for privately held organizations, is worth adoption by all organizations seeking to implement best practices in governance and stewardship of assets. A well-defined organizational structure is an important component of a control environment. It provides a clear line of authority, accountability, and responsibility. Moreover, it helps determine how to properly segregate (separate) duties within an organization. Separating certain duties within the organization helps avoid a situation in which, if those duties were combined, there would be potential for irregularities, errors, and fraud. Job descriptions should include lines of authority, authorization limits, and a guide for escalation of issues—with periodic employee reviews of compliance.
1.4 Risk Assessment
Risk assessment is the analysis and identification of internal and external risks affecting the achievement of the organization’s objectives, from which a plan can be created to manage the risks. The assessment includes determining the significance of the risk, the likelihood of the risk occurring, and the actions required to mitigate it. Risks can come in the form of general market risk, such as an economic recession, government instability, or changes in regulations. For instance, if a new regulation is implemented affecting trade among countries, it could have an impact on an organization’s sales and collections of cash. Risk also occurs from within an organization. This can result from investing in a new product or market in order to gain market share. The CMO can challenge the sales team with promotions and terms in order to “get the sale,” while the CFO can enable the credit management team to take more risk when opening lines of credit. Depending on how much of a “financial bet” is being invested, this can put the organization’s financial health at risk.
15
THE ACCOUNTS RECEIVABLE SPECIALIST CERTIFICATION PROGRAM E-TEXTBOOK
Made with FlippingBook - Online catalogs