CHAPTER 1: INTERNAL CONTROLS
Examples of risk-assessment steps to help review and identify potential areas of concern include:
1. Assign groups or individuals to specifically address internal and external risk factors. 2. Create a communication process that ensures the appropriate level of management is aware of significant risks to the organization. 3. Perform periodic internal or external reviews of your processes used for risk assessment. 4. Implement processes to ensure that all functions of the accounting department are made aware of significant operating or regulatory changes in order to determine the impact on the organization’s accounting practices.
Risk assessment should cover several areas:
1. Control environment (including management behavior, enforcement, and override environment); 2. Department-specific risk (segregation of duties, accuracy of data, and prevention irregularities through access restrictions and compliance with federal/state regulations); 3. Data and information (data access, reporting of internal and external data, timeliness of data reporting, and accuracy of data); 4. Control activity (ensuring that control directives are carried out, preventing over- ride of internal controls, and implementing planning and budgeting controls); and 5. Monitoring (determining whether controls are functioning as established, ongoing quality review, and establishing company assets safeguards).
1.5 Control Activities
Control activities are the specific set of procedures and policies required by management to achieve the organization’s objectives. It is important to remember that internal controls are: 1. A set of processes and procedures; 2. Designed and implemented by management and the organization’s employees; 3. Not an absolute assurance, but a reasonable assurance; and 4. Focused on achieving the organization’s objectives.
There are three main kinds of controls:
1. Preventive —designed to prevent irregularities and errors; 2. Detective —aimed at finding irregularities or errors that have already occurred; and 3. Corrective —changes are made to P&Ps to correct for problems that have occurred. Most organizations use the detective method, whereby errors that occur are generally identified by the customer, researched, and fixed. This can reflect the following attitude: “We don’t have time to do it right, but we have time to do it over.”
16
THE ACCOUNTS RECEIVABLE SPECIALIST CERTIFICATION PROGRAM E-TEXTBOOK
Made with FlippingBook - Online catalogs