A primary responsibility of the audit committee is to oversee the integrity of the company’s internal controls over financial reporting.
However, since audit committee members are not involved in operations, they feel that they do not fully understand the internal controls that are in place. As a result, many committee members feel uneasy about overseeing internal controls, and end up relying on the report from the financial statement auditors to make them feel comfortable that internal controls are in good shape.
The scope of the financial statement audit includes a great deal of testing on the numbers in the annual financial statements and only a little bit of testing on internal controls. Additionally, financial statement audits are not designed to detect fraud. Thinking about the process this way illuminates the flawed logic that allows committee members to feel comfortable about internal controls solely on the basis of a good financial statement audit report.
Many organizations have solved this dilemma by implementing an audit of internal controls. Public companies subject to the Sarbanes Oxley Act are required to obtain both types of audits – financial statement and internal controls. However, even though nonprofits are not required to follow this law, some go the extra step and obtain an internal control audit so that their committee members feel more comfortable about their oversight responsibility with respect to internal controls.
Internal Control Services
Reporting on internal control can range from a formal opinion on an entity’s entire control system to management letters detailing suggestions for improvements in specific control activities. The following are examples of services relating to internal control that we provide.
Opinion on the design of controls
Opinion about the effectiveness of internal control
Report on the internal controls of a service organization
Report on internal control in connection with an audit of an entity receiving government funds under the Yellow Book
Communication of recommendations regarding the design of internal controls
In an effective internal control system, the following five components of internal control and all relevant principles must be present and functioning.
Control Environment is the tone at the top. The control environment refers to the policies and procedures in place to communicate the codes of conduct and ethical behavior.
Risk Assessment is the processes in place to identify and assess the risks to the operation in achieving its objectives.
Control Activities are the actions established by the policies and procedures to help management mitigate the risks identified during the risk assessment process.
Information and Communication determines how the control responsibilities are communicated to the organization and how financial reporting is reported.
Monitoring Activities are ongoing evaluations to ascertain whether each of the five components of internal control, including controls to effect the principles within each component, are present and functioning.
A gift acceptance policy is a necessary component of internal control for any organization operating within a philanthropic environment. Having such a policy in place enables an organization to provide [...]
Management is responsible for establishing and maintaining internal controls to prevent and detect material misstatements of the financial statements. However, the responsibility for the oversight of internal controls ultimately rests [...]
By: Jacqueline Bryant, CPA, Partner, Outsourced Services The volume of Automated Clearing House (ACH) and Electronic Funds Transfer (EFT) payments has increased tremendously over the last several years. The trend towards [...]
By: Doug Boedeker, CPA, CMA, Partner One of the top priorities for a not-for-profit organization's (NFP's) Chief Executive Officer (CEO) is the proper stewardship of the NFP's assets. Stories of fraud, [...]