Printer Friendly

Integrating concepts of internal control.

The members of the Advisory Council for the newly released exposure draft, "Internal Control: Integrated Framework," discuss why the project is important to them, to their professions, and to their companies.

Help is on the way for companies wanting to evaluate and improve their internal control systems. Earlier this month, the committee of organizations sponsoring the Treadway Commission (the National Commission on Fraudulent Financial Reporting) released an exposure draft reporting the findings of a year-and-a-half-long study on internal controls.

The project actually dates back to 1987, when the Treadway Commission requested that its sponsoring organizations-the American Accounting Association, American Institute of Certified Public Accountants, Financial Executives Institute, Institute of Internal Auditors, and National Association of Accountants-work together to integrate the many concepts of internal control used in accounting literature and in practice, and to develop a framework to help companies improve their internal control systems.

In 1989, the Committee of Sponsoring Organizations (COSO) charged Financial Executives Research Foundation with the responsibility for conducting a study that would meet the Treadway Commission's recommendations. FERF engaged Coopers & Lybrand to perform the study. In recognition of the importance of the project and of the need to assure application of the framework throughout the entire business community, COSO decided to submit the final report to a three-month exposure process.

To learn more about the project and what COSO expects the exposure draft to accomplish, Financial Executive spoke with those who know it best-the members of the project's Advisory Council, who represent the five sponsoring organizations.

We began by asking the corporate members of the Advisory Council what are the most important objectives of their companies' internal control systems. They agreed on some basic points: that internal control systems, in the words of John Stewart, "provide reasonable assurance that transactions are executed in accordance with management's authorization and objectives, and that they are appropriately recorded for preparation of financial statements in conformity with generally accepted accounting principles." Stewart went on to say that, "Explicit in IBM's objectives is the commitment to conduct our business in conformity with relevant laws and regulations and with principles of ethical conduct."

Roger Carolus puts a somewhat different emphasis on how his company views its internal control systems: "Our objectives are to make certain that the company's resources, including its people and reputation, are adequately protected; that employees' actions are in compliance with company policies, plans, systems, and standards, and the laws and regulations of the land; that financial, operating, and managerial information is accurate, reliable, and timely; that company resources are acquired economically and used profitably and cost-effectively; and that our organizational goals and objectives are achieved."

Gaylen Larson points out the primary objective of internal controls in his company, which has a "complex, decentralized organizational structure tied together by strong centralized accountability and control processes," is to make certain that operating controls are efficient and effective. "Our ongoing reviews of control processes are custom-tailored to each business activity," he says. "Internal and external financial and regulatory reporting are but just one element of these reviews."

How will companies use the integrated framework?

Obviously, the companies that will derive the greatest benefit from the integrated framework are those that do not now have effective internal controls or that have struggled with developing cost-effective, efficient operating controls. But even those companies that already have carefully designed and closely monitored systems will recognize the value of measuring their systems against integrated concepts and criteria.

According to Gaylen Larson, the primary benefit of the integrated framework is the creation of standardized benchmarks to help his company, and others, measure the adequacy of its controls and to strengthen support for its internal and external control representations.

John Stewart addresses the importance of internal control in a rapidly changing business environment: "The dynamic environment in which we conduct business requires continuing evaluation of our systems to ensure that today's controls are appropriate for tomorrow's needs. Risk assessment and change management, two issues that are addressed in the exposure draft, are particularly important, given the emphasis these days on market-driven quality and on the structural changes necessary to encourage creativity and initiative and to enhance competitiveness. But that means increasing the delegation of authority. Empowerment can mean risk."

Another benefit, according to Roger Carolus, is education: "I believe the concepts outlined in the report will be used to educate those managers and directors who may not fully understand the underlying concepts of controlling an organization and achieving its objectives, for which they are accountable."

We asked Vincent O'Reilly what Coopers & Lybrand learned about the effectiveness of present internal control systems during the course of the study, and about how companies can improve their systems using the guidance provided in the exposure draft. He explained that, like the members of the Advisory Council, most corporate executives Coopers & Lybrand contacted feel they are in control of their business and that their internal control systems are effective. But it is very clear there is no consistency in how companies assess the effectiveness of their control systems. According to O'Reilly, the study has made very apparent the need for internal control guidance and specifically for common criteria to assess internal control effectiveness.

On what companies can do to improve their systems, O'Reilly says: "While each of the nine interrelated components specified in the exposure draft are essential and should be in place, some components-integrity, ethical values and competence, the control environment, establishing objectives, communications, and managing change-are more important in preventing failures and surprises. Companies should give these components closer scrutiny. The exposure draft highlights the importance of these components, and we hope that all interested parties will focus on these areas during the public exposure process."

Good controls are good business

What will companies learn by reexamining the effectiveness of their internal control system using the guidance provided in the exposure draft? The corporate members of the Advisory Council are unanimous: greater effectiveness and greater efficiency.

Perry Colwell emphasizes how the guidance will help his company compete: "We operate in a fiercely competitive environment, and I believe good controls are good business. Reexamining the effectiveness of our internal control system helps to ensure that company objectives are understood and policies are carried out. In this and many other ways, it will enhance our overall business effectiveness."

John Stewart, on the other hand, focuses on the effect it will have on individual managers: "The most useful lesson we will learn will be which of our managers are `the best of the breed,' how they got to be that way, and what processes they use to maintain their effectiveness. Competent people are essential to effective control, and a comprehensive program to educate and train employees and management is paramount. The control environment differs by industry and by company size, but if the integrated framework gains broad acceptance, we'll all benefit for years to come from the focus this project puts on control structures."

Roger Carolus talks about risk: "The framework and guidance will help our managers identify and evaluate exposures to risk that would result in loss or failure of their mission and help them establish a cost-effective control process to reduce or mitigate those exposures. It will also help them assess what is an acceptable level of risk."

The effect on the accounting profession

When we asked the members of the Advisory Council how the integrated framework will affect internal and public accounting, their responses reflected the views of the organizations they represent. Here are their answers:

SIERS: The report takes the position that internal control is, in essence, management control. This position reinforces the role of the internal accountant as an important member of the management team. At issue here is the willingness of internal accountants to use the definition of internal control provided in the report to improve the quality of internal operational accounting and management reporting.

LANDSITTEL: A significant benefit of this project to the public accounting profession will be the development of a common understanding among auditors, their clients, the regulators, and others as to what constitutes an effective system of controls. We all need to be singing out of the same hymnal. So, for the public accounting profession, the principal concern is that the exposure draft identify the right attributes of an effective system and spell them out with enough specificity.

O'REILLY: The guidance materials will help the independent public accountant plan a financial statement audit in accordance with generally accepted auditing standards (GAAS). Under existing GAAS, independent accountants are required to obtain an understanding of the internal control structure and assess control risk in planning the audit. This knowledge is used to determine the nature, timing, and extent of audit testing, which may or may not include tests of internal control. The accountant can use the guidance materials to obtain a more in-depth understanding of a client's internal control structure, which will assist in planning the appropriate audit strategy.

IHLANFELDT: I agree that internal control probably means different things to all the people discussing it, writing about it, and drafting legislation about it. I suspect that there are many situations in which a company's management and its external auditor do not even agree on their definitions of what makes up the company's system of internal controls.

Why the exposure process?

The purpose of the exposure process is to gain widespread support for the integrated framework and guidance. in the words of Howard Siers, "The objectives of the project are to help managements control their organization's activities and, for the first time, integrate internal control concepts into a framework acceptable to all constituencies. The accounting profession's endorsement of the internal control framework is critical to the success of the project. Our objective can be achieved only if all entities, large and small, use the framework to conduct an ongoing assessment of the quality and effectiveness of their internal control systems. This is what we hope the exposure process will achieve.

"The exposure draft emphasizes the importance of competent people, integrity, ethical values, and the control environment as a foundation for the other components. Can the nine components of internal control identified in the exposure draft be reduced to these four? Perhaps, but we feel that by identifying all nine, companies will be encouraged to give the right amount of attention to each of these areas.

"But are the nine components the `right' components? Are any important elements missing? And, most important, can management, and particularly the internal accountant, use these nine components effectively in evaluating the effectiveness of their internal controls? Does the number of components aid or hinder the evaluation process?

"We will find the answers to these questions only if companies are willing to take the time to evaluate their internal control systems using the integrated framework as a guide. This hands-on experience will help all of us determine if the proposed framework will accomplish its objectives."

According to John Stewart, "Hundreds of people from professions have contributed to this project. All their effort will be for naught if we don't achieve broad-based consensus and support for the integrated framework. I expect the exposure process to add to the quality of the guidance, which in turn will increase the base of support. And I have high hopes that the integrated framework will eventually result in U.S. business enterprises being more competitive."

Gaylen Larson adds that the purpose of the exposure process is to increase the likelihood that COSO's ultimate recommendations will be practical and viable. "It is especially important," Larson continues, "that the concepts be useful to a broad spectrum of enterprises-profit and not-for-profit; domestic and global; large and small; regulated and unregulated; manufacturing and service."

Academic accountants have a different perspective on the project, according to Andrew Bailey. "As academics, we look at things in a more abstract, conceptual way than do practitioners, and we tend toward solutions that are conceptually sound and that are based on the best results of past practice and research. We are sometimes less than sympathetic to the political processes of problem-solving often necessary to create a generally accepted 'solution' for practice.

"So, as I see it, the most significant contribution academic accountants can make to the internal control project is to analyze every explicit and implicit assumption in the integrated framework, identify and suggest corrections for any inconsistencies, and propose new structures and test them in a variety of settings. The best of all this effort will contribute to the strengthening of the framework in the future. While my comments may sound to many practitioners as less than supportive, this is the role that we as academics can play most effectively in the process of improving the practice of accounting and auditing.

"I'd like to add that I think the internal control project is of particular significance at this time because of the perception, and no doubt in some instances the fact, that poor internal controls contributed to significant losses and perhaps to the failure of business enterprises. While it is unlikely that internal controls alone would have prevented these failures, they may have prevented some and reduced the impact of others."

What about public reporting by company management?

Some believe that the exposure draft places too much emphasis on public reporting. The views of the Advisory Council members are clear: public reporting must be addressed. Here are their comments:

COLWELL: Public reporting on internal controls is a major public issue. Many legislators and regulators have a perception that such reporting is necessary to address problems such as the savings and loan crisis and business failures. Regardless of whether one agrees with this perception, any work intended to provide integrated guidance to business and the accounting profession on internal controls needs to discuss the public reporting issue head-on, even though it is controversial. Personally, I believe management has the obligation to state publicly its responsibility for the financial statements and the systems of internal controls that assures the integrity of those statements.

LANDSITTEL: There has been a growing recognition of the importance of good systems of internal control, and investors are becoming more interested in determining that effective systems are being maintained. it is not enough to arm management with guidance explaining what is needed to have effective controls. The project must also provide follow-on guidance on how best to communicate the status and findings to the investing public.

CAROLUS: The chapter on public reporting closes the loop, so to speak, between a basic concern of the Treadway Commission (dealing with fraudulent financial reporting) and the material developed by this project. External financial reporting does need to be controlled, and the concerns of the regulators and legislators do need to be addressed. This is the place for it.
COPYRIGHT 1991 Financial Executives International
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 1991, Gale Group. All rights reserved. Gale Group is a Thomson Corporation Company.

Article Details
Printer friendly Cite/link Email Feedback
Publication:Financial Executive
Date:Mar 1, 1991
Previous Article:Your retiree health benefits plan: good design, safe funding.
Next Article:Outdoor training: can you afford teamwork?

Related Articles
Reporting on internal control: the SEC's proposed rules; implementation will bring substantial changes in reporting and auditing.
What the Treadway Commission's Internal Control Study means to you.
Can honesty be legislated?
Does the COSO report pass muster?
Reader calls for alternatives to POB report.
Reaching consensus: the GAO's acceptance of the COSO report.
Internal control matters...again: Motorola's senior vice president and controller tells Financial Executives Research Foundation (FERF) how "COSO"...
Evaluating internal controls and auditor independence under Sarbanes-Oxley.
Section 404 opens a door: the requirement to evaluate a company's internal controls has created a service niche.
Theory to practice: continuous auditing gains.

Terms of use | Copyright © 2017 Farlex, Inc. | Feedback | For webmasters