Internal control according to cost

Internal control is defined differently and, therefore, an attempt has been made to collect in a single definition the different common elements that allow reaching consensus on the matter.

Of these efforts, the most successful and internationally recognized has been COSO, although there are other alternatives among which COCO (Canada) stands out.

COSO defines internal control as a process, executed by the entity's board of directors, senior management, and other personnel, designed to provide reasonable assurance regarding the achievement of the organization's objectives.

Such objectives are: effectiveness and efficiency of operations; Reliability of the financial information; compliance with regulations and obligations; and safeguarding of assets.

The internal control process separates it into five components: control environment, risk assessment; control activities; Information and communication; and monitoring.

COCO is basically quite similar, although it has a different emphasis. It addresses control in a broader sense and is people-centered, thereby emphasizing self-control and self-evaluation.

Internal Control means different things to different people. This causes confusion among business people, legislators, regulators and others. Resulting in poor communications and different perspectives, which causes problems. Such problems intermingle when the term, if not clearly defined, is written in laws, regulations or rules.

The following table summarizes the bases that COSO used to explain this problem and find a definition that is based on common elements.

Basis of analysis of differences on the understanding of Internal Control

1. Many groups use the term "internal control", but it does not mean the same thing. Each group has created different terms and definitions, which are used in the practice of Internal Control.

2. The variety of meanings implies common understanding.

3. It is useful to review the knowledge of the words “control” and “internal”, and then consider the perspectives of the different parties.

4. Existing definitions include: restrictive or directive influence; authority to administer or guide; administration, regulation and coordination of business activities; and a mechanism used to regulate or guide the operation of a system.

Those differences can be grouped into different perspectives, generally associated with specific interests.

The following table summarizes four different perspectives.

Different perspectives on Internal Control.

Administration:

• Your responsibility is to develop the entity's objectives and strategies, to direct its resources to achieve the objectives.

• It meets a wide spectrum, including policies, procedures, and actions to help ensure that an entity meets its objectives.

• Internal controls allow you to take appropriate action when conditions change.

• Internal control helps ensure that you meet your environmental, social and legal responsibilities.

Internal auditors:

• The Institute Of Internal Auditors (IIA) defines internal control as any action taken by management to increase the likelihood that stated objectives and goals will be achieved, as a result of proper planning, organization, and direction.

Independent Auditors:

• They have focused their perspective of internal control on those aspects that support or affect the entity's external financial information.

Legislators and Regulators:

• They have developed different definitions of internal control according to their responsibilities.

• These definitions relate to the types of activities monitored, and may encompass the achievement of the entity's goals and objectives, information requirements, use of resources in compliance with laws and regulations, and the safeguarding of resources against waste, loss and embezzlement.

Additionally, other elements are included that complement the aforementioned perspectives.

1) Professional: One of the first known studies on Internal Control was published in the United States in 1949, under the title “Internal Control. Elements of the coordinated system and their importance for the administration and for the independent public accountant ”.

It contains the first definition that the accounting profession made about Internal control and specifies it as follows:

" Internal Control comprises the organization's plan and all the coordinated methods and measures adopted in a business to safeguard its assets, verify the accuracy and reliability of its accounting data, promote operational efficiency and promote adherence to policies prescribed ”.

For a long time this was the accepted definition of internal control, although a later definition developed by AICPA divided internal control into two components:

a) Administrative Control: Includes the organization's plan and the procedures and records related to the decision processes that refer to the authorization of transactions by the administration.

b) Accounting Control: Includes the organization's plan and the procedures and records related to the safeguarding of assets and the reliability of the financial statements, designed to provide reasonable assurance that:

• Transactions are executed in accordance with general or specific authorizations given by management.

• They are recorded as necessary to allow the preparation of financial statements in accordance with financial reporting standards.

• Access to assets is allowed only in accordance with authorization given by management.

• The liability recorded for the assets is compared with the existing assets, at reasonable intervals, taking the appropriate actions in relation to any different ones.

This was the classic definition that lasted until the 90's. It was widely accepted and disseminated, with the nuances of each application. However, it caused confusion mainly due to the limitation in its scope (operational level, focused only on the accounting function), which left out many elements.

In addition, there is a parallel definition to the elaborated one, which is somewhat complementary to it. It was prepared by The Institute of Internal Auditors:

" Internal Control are the actions taken by the administration to plan, organize and direct the performance of sufficient actions that provide reasonable assurance that the objectives will be achieved."

The Committee of Sponsoring Organizations of the Treadway commission, widely known as COSO, published its report in 1992 and generated a real revolution in internal control, which is still being assimilated.

Defined internal control as a process, performed by the board, management, and other personnel, designed to provide reasonable assurance regarding the achievement of the organization's objectives.

The following table summarizes the main contributions of COSO in relation to internal control, as presented in the documents on internal control published in 1992 and later amended in 1994.

Main contributions of COSO (1992/94) in relation to Internal Control

1. Elaboration of an integrated conceptual structure, solely of the different concepts and practices, from which the design, implementation and improvement of internal control is carried out, on the one hand and on the other the evaluation and reports related to it.

2. Positioning of internal control at the highest management levels (senior management), strategic direction. With a clear focus on business and not so much on operations.

3. Understanding internal control in terms of systems and concentrated as a process, affected by the board, management, and other personnel, designed to provide reasonable assurance regarding the organization's objectives.

4. Combination of business objectives, internal control components and organizational levels: COSO cube and / or pyramid.

5. The business objectives are:

• Effectiveness and efficiency of operations.

• Reliability of the financial reporting process.

• Compliance with applicable laws and regulations.

• Safeguarding of assets.

Main contributions of COSO (1992/94) in relation to Internal Control

6. The components of internal control are:

• Control environment.

• Risk assessment.

• Control activities.

• Information and communication.

• Monitoring.

7. The organizational levels depend on each economic entity but basically three are different:

• The internal (strategic) control system.

• Organizational subsystems (by departments, business units, etc.).

• Operational processes (flow of operations).

2) Regulatory: While it is true that the leadership of the accounting profession is at the origin of the processes of general acceptance and international standardization, it must be recognized that the entities that bring together international regulators have generated pressure for quality and independence of the issuing organizations, which has led to the practice in practice of such standards-issuing organizations including the participation of other institutions and, mainly, the users of the information.

The following table presents the main aspects of the Basel Committee on internal control (Basle committe on Banking Supervision):

Internal Control in Banking Organizations (start)

Central Aspects of the Internal Control Structure:

• Analysis of the problem.

• Definition.

• Goals.

• Elements.

Importance and Scope:

• Critical component of bank administration and for safe and solid operation.

• Helps ensure the achievement of objectives and compliance with laws, regulations, policies, plans, internal rules and procedures, as well as the reduction of risks.

Internal Control in Banking Organizations (concludes)

Solid Internal Controls:

• It has increasingly focused on the importance of strong internal controls, as part of significant results in banking organizations.

Control Deficiencies Classification:

• Lack of adequate supervision and management responsibility, and failure to develop a strong culture of control within the bank.

• Inadequate recognition and assessment of the risk of certain banking activities.

• Absence or lack of key control structures and activities.

• Inadequate communication of information between the levels of administration within the bank.

• Inadequate or ineffective audit programs and monitoring activities.

Definition of Internal Control:

• Process carried out by the board of directors, the main administration and all levels of staff. It is not just a procedure or policy carried out at any given time, but it operates continuously at all levels within the bank.

Main Objectives of Internal Control:

• Efficiency and effectiveness of activities.

• Reliability, completeness and timeliness of financial and managerial information.

• Compliance with applicable laws and regulations.

Interrelated elements:

• Supervision by management and control culture.

• Recognition and assessment of risks.

• Activities of control and segregation of obligations.

• Information and communication.

• Monitoring and correction of deficiencies.

3) Academic: No longer from a professional perspective, such as the definitions of IIA and COSO, or regulatory, such as that of Basel, academic perspectives stand out. Among the latter, those of Wallace, Root and Chorafas have special consideration.

a) Wanda Wallace.

Its starting point is the evaluation that is made of the control for the purposes of the audit. Analyze the components of an organization's control culture (control environment, business planning, the control process and the basic structure of business).

Visualize the emergence of a new definition (based on ethical values) and study the effects that information technology has on control and fraud detection problems.

b) Steven J. Root.

It offers a different perspective, analyzes the impact of COSO and shows developments that go beyond it, especially those derived from new management practices: internal control to enrich corporate governance.

In this perspective, one of the most interesting analyzes it offers are the implications that have now been widely recognized and incorporated:

• The limitations inherent in internal control.

• The levels of internal control.

• The forces that affect internal control (corporate governance, value creation, risk and opportunity, regulation, culture, technology and responsibility).

Thus, the focus of internal control focuses on solving problems (understood as opportunities, threats, strengths and weaknesses) derived from:

• Structure.

• Internal planning.

• Goal setting.

• Competitive benchmarking.

• Innovative solutions.

• Risk taking.

• Processes and methodologies.

• Continuous improvement.

• Information and analysis.

• Orientation to results.

• Ability to generate response.

c) Dimitris N. Chorafas.

He focuses his study on the internal control of the public interest entities and mainly those that participate in the capital markets (financial, insurance and securities). It offers a comprehensive definition:

“ Internal control is a process established by the board of directors and by the highest administration to provide themselves with a dynamic, proactive system on how the institution works. Therefore, it is affected by and affected by all levels of personnel, because it offers transparency ”.

Internal controls allow top executives to:

• Safeguard business assets.

• Assist in compliance and accounting reconciliation.

• Promote personal responsibility.

• Lead to corrective action.

Conceptual structures:

The names "conceptual structures, control criteria and standards" are familiar in the world of accounting (financial information), auditing (assurance) and, of course, internal control.

It must be recognized that it was the Sabrnes - Oxley Act of 2002 (United States) and particularly the Auditing Standard 2 of the US-PCAOB that gave the strongest impetus to these denominations, particularly in the case of internal control. In practice, the standard that has been imposed has been COSO but it has always been in its shadow COCO.

COCO of Canada refers to general control. Like COSO, COCO subsequently developed conceptual structures related to risk management. The following table summarizes the conceptual structure of COCO.

Canada: COCO Control Criterion (start)

Introduction:

• In 1995 the Canadian Institute of Chartered Accountants (CICA) issued the report “Guidance on Control” that presented a control model that is referred to as the “COCO Control Criterion”.

• It is based on COSO and seeks to be friendlier.

Canada: COCO Control Criterion (concludes)

Definition:

• Actions that promote the best results for the organization.

• These actions contribute to the achievement of the organization's objectives.

Components:

• Control comprises the elements of the organization (including its resources, systems, processes, culture, structure, and tasks) that, together, support people in achieving the organization's objectives.

Internal Control Elements:

• Purpose.

• Capacity.

• Commitment.

• Monitoring and learning.

Purposes:

• Objectives established and communicated.

• Risks identified and valued.

• Established policies communicated and practiced by staff.

• Goals and plans should include measurable goals and performance indicators.

Commitments:

• Ethical values established, communicated and practiced by the entire organization.