According to the COSO Framework, everyone in an organization has responsibility for internal control to some extent. Virtually all employees produce information used in the internal control system or take other actions needed to effect control. Also, all personnel should be responsible for communicating upward problems in operations, noncompliance with the code of conduct, or other policy violations or illegal actions. Each major entity in corporate governance has a particular role to play:
Chief executive officer (CEO): The CEO has ultimate responsibility and ownership of the internal control system. The individual in this role sets the tone at the top that affects the integrity and ethics and other factors that create the positive control environment needed for the internal control system to thrive. Aside from setting the tone at the top, much of the day-to-day operation of the control system is delegated to other senior managers in the company, under the leadership of the CEO.
Chief financial officer (CFO): Much of the internal control structure flows through the accounting and finance area of the organization under the leadership of the CFO. In particular, controls over financial reporting fall within the domain of the chief financial officer. The audit committee should use interactions with the CFO, and others, as a basis for their comfort level on the internal control over financial reporting.
This is not intended to suggest that the CFO must provide the audit committee with a level of assurance regarding the system of internal control over financial reporting. Rather, through interactions with the CFO and others, the audit committee should get a gut feeling about the completeness, accuracy, validity, and maintenance of the system of internal control over financial reporting.
Controller/director of accounting or finance: Much of the basics of the control system come under the domain of this position. It is key that the controller understands the need for the internal control system, is committed to the system, and communicates the importance of the system to all people in the accounting organization. Further, the controller must demonstrate respect for the system though his or her actions.
Internal audit: A main role for the internal audit team is to evaluate the effectiveness of the internal control system and contribute to its ongoing effectiveness. With the internal audit team reporting directly to the audit committee of the board of directors and/or the most senior levels of management, it is often this function that plays a significant role in monitoring the internal control system. It is important to note that many not-for-profits are not large enough to employ an internal audit team. Each organization should assess the need for this team, and employ one as necessary.
Board of director/audit committee: A strong, active board is necessary. This is particularly important when the organization is controlled by an executive or management team with tight reins over the organization and the people within the organization. The board should recognize that its scope of oversight of the internal control system applies to all the three major areas of control: over operations, over compliance with laws and regulations, and over financial reporting. The audit committee is the board's first line of defense with respect to the system of internal control over financial reporting. All other personnel: The internal control system is only as effective as the employees throughout the organization that must comply with it. Employees throughout the organization should understand their role in internal control and the importance of supporting the system through their own actions and encouraging respect for the system by their colleagues throughout the organization.
Chief executive officer (CEO): The CEO has ultimate responsibility and ownership of the internal control system. The individual in this role sets the tone at the top that affects the integrity and ethics and other factors that create the positive control environment needed for the internal control system to thrive. Aside from setting the tone at the top, much of the day-to-day operation of the control system is delegated to other senior managers in the company, under the leadership of the CEO.
Chief financial officer (CFO): Much of the internal control structure flows through the accounting and finance area of the organization under the leadership of the CFO. In particular, controls over financial reporting fall within the domain of the chief financial officer. The audit committee should use interactions with the CFO, and others, as a basis for their comfort level on the internal control over financial reporting.
This is not intended to suggest that the CFO must provide the audit committee with a level of assurance regarding the system of internal control over financial reporting. Rather, through interactions with the CFO and others, the audit committee should get a gut feeling about the completeness, accuracy, validity, and maintenance of the system of internal control over financial reporting.
Controller/director of accounting or finance: Much of the basics of the control system come under the domain of this position. It is key that the controller understands the need for the internal control system, is committed to the system, and communicates the importance of the system to all people in the accounting organization. Further, the controller must demonstrate respect for the system though his or her actions.
Internal audit: A main role for the internal audit team is to evaluate the effectiveness of the internal control system and contribute to its ongoing effectiveness. With the internal audit team reporting directly to the audit committee of the board of directors and/or the most senior levels of management, it is often this function that plays a significant role in monitoring the internal control system. It is important to note that many not-for-profits are not large enough to employ an internal audit team. Each organization should assess the need for this team, and employ one as necessary.
Board of director/audit committee: A strong, active board is necessary. This is particularly important when the organization is controlled by an executive or management team with tight reins over the organization and the people within the organization. The board should recognize that its scope of oversight of the internal control system applies to all the three major areas of control: over operations, over compliance with laws and regulations, and over financial reporting. The audit committee is the board's first line of defense with respect to the system of internal control over financial reporting. All other personnel: The internal control system is only as effective as the employees throughout the organization that must comply with it. Employees throughout the organization should understand their role in internal control and the importance of supporting the system through their own actions and encouraging respect for the system by their colleagues throughout the organization.
No comments:
Post a Comment