An Evaluation of Internal Control Compliance

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

Internal control compliance is a very critical component for the success of businesses, especially in maintaining the integrity of financial statements and accounting practices. This paper will provide an overview of the internal control framework and the laws concerning internal control compliance. It will discuss in detail the roles of senior managers and auditors concerning internal control compliance as well as the users of internal control reports. It will further discuss material weaknesses identified in internal reports and how they contribute contribute in the development of accurate financial statements. Finally, it will address the need for organizations to embrace internal control as a vital part of daily business operations.

Internal control has to do with processes and procedures in an organization that ensures reliability of financial reporting, efficient and effective operations, and compliance with laws and regulations (Hubbard, 2003). The significant growth of the importance of internal control compliance since the beginning of this decade has resulted out of several corporate scandals and failures. Although its growth has emerged from financial breakdowns, internal control has become one of the driving forces for success in businesses today. This success is highly dependent on a corporation's adherence to the internal control framework and the federal laws such as Sarbanes Oxley and FCPA (Cangemi, 2007). There are two sets of players that perform a vital role in an organization's compliance to internal control and they are: senior management and auditors. Senior managers are responsible for developing and implementing the internal control framework. Auditors are responsible for monitoring and testing the integrity of the implementation as well as ensuring operational compliance with federal laws.

The results of internal control audits come in the form of audit reports that are submitted to senior managers by auditors. Managers use these reports to formulate solutions for material weaknesses identified by auditors. A material weakness in internal control is defined as a substantial inadequacy or several inadequacies in an organization that leads to either a material misstatement or failure to detect misstatements of annual or interim financial statements (Doyle, Ge, & McVay, 2007). Appropriate solutions to these material weaknesses can have a significant effect on the accurate development of financial statements thus reflecting an organization's success in adhering to Internal Control compliance. This success can result in a stronger financial position for an organization amongst its competitors and greater trust from its investors about the integrity behind its operations. However, in order to maintain this success for the long-term, an organization must embrace internal control as a vital part of daily business operations.

Internal Control Framework and Federal Laws for Internal Control Compliance

The foundation for Internal Control Compliance rests in a solid internal control framework as well as adherence to the laws established by the Federal Government towards Internal Control. The internal control framework for many organizations is based on the COSO framework. The Committee of Sponsoring Organizations (COSO) was formed in 1987 to study and define the internal control framework. This committee, in 1992, defined the COSO framework (also known as the Internal-Control Integrated framework) which is basically the highest standard for any organization's internal framework to be modeled after (Campbell, Campbell & Adams, 2006). The three objectives of COSO are efficient and effective operations, accurate financial reporting and compliance with laws and regulations (Applegate and Willis, 1999). The five essential components of an effective internal control framework are: the control environment, risk assessment, control activities, information and communication, and monitoring (Applegate and Wills, 1999). These components define the tasks for mangers and auditors to develop, implement and monitor the internal control framework for their organization.

The Federal laws that continue to play a strong role in the adherence of internal control are the FCPA Act of 1977 and Sarbanes Oxley Act of 2002. The FCPA Act requires publicly traded companies to sustain records that precisely and honestly represent their financial transaction as well as have an acceptable system of internal controls (LaCroix, 2007). The Sarbanes Oxley Act of 2002 requires senior management to report on the effectiveness of their organization's internal control along with their financial statements (Savage, Norman & Lancaster, 2008). It also holds senior management legally responsible for their actions in the development of their organizations' financial statements (Savage, Norman & Lancaster, 2008).

Roles of Senior Managers and Auditors

As mentioned earlier, senior managers are responsible for developing and implementing the internal control integrated framework and auditors are responsible for testing the validity of internal control compliance as it relates to these federal laws. According to D'Aquila (2001), the integrity and ethical values of senior managers serve as a foundation for organization's internal control framework. The first four essential components of the COSO framework define the tasks of senior managers in developing and implementing an internal control framework. The fifth component which is monitoring is primarily done by auditors.

It starts with the control environment where senior managers lay the foundation for an internal control system by providing the essential authority and configuration for a framework. This includes developing a disciplined management philosophy, establishing values centered on ethics, allocating efficient leaders, attaining staff competencies at all levels, and fostering an environment where authority and responsibility is eagerly accepted (Campbell, 2006). The next step is risk assessment where senior managers detect and evaluate relevant risks to achieving predetermined objectives (Hubbard, 2003). After risk assessment, senior managers establish control activities which are the policies, procedures, and practices that ensure management goals are achieved and risk is alleviated (Applegate and Wills, 1999). After establishing control activities, senior managers focus their attention to information and communication. This is where they enable pertinent employees to understand their control responsibilities and ensure that they receive timely and applicable reports that facilitate effective investigation and decision making (Rittenberg, Martens & Landes, 2007). Once this step is complete, senior managers allow auditors to take over a significant portion of the fifth component of the COSO framework which is monitoring.

According to Curtis and Wu (2000), monitoring is the process of judging the quality of an organization's internal control performance over a given period. The auditors involved in internal control are both internal and external auditors. The internal auditors examine, evaluate and monitor the effectiveness and efficiency of the internal control system while the external auditors provide assurance on the financial reporting process and assess the adequacy of the internal control system (Rezaee, 1995). The monitoring component of the COSO framework relates to internal auditors. Internal auditors do a careful review of the annual and interim financial statements with a focus on quality of earnings, make sure that risk management processes developed my senior managers are working properly, and oversee that codes of conduct concerning ethical practices are in compliance with both FCPA and Sarbanes Oxley Acts (Harris, 2006). They also maintain close relationship with external auditors to make sure that these external auditors have a clear understanding of an organizations internal control structure (Rezaee, 1995). Senior managers also play a role in the monitoring component by establishing on-going monitoring activities of internal control. These include consistently reviewing operations and financial reports for any deviations, monitoring any customer related complaints, enabling employees to monitor each other, and doing physical inventories and asset reconciliation when appropriate (Moeller, 2009).

Users of Internal Control Reports

The internal control or audit reports that are generated by both external and internal auditors reflect the core principles found in both FCPA and Sarbanes Oxley acts. These reports contain the results of the internal control audits and are sent back to senior management. Senior managers are the users of these reports and they use these reports to formulate solutions for material weaknesses identified by auditors. If managers ignore material weaknesses, it is considered a criminal offense (Doyle et al., 2007). Hence it is vital for managers to place a high importance on addressing these material weaknesses quickly as they receive those details in the internal control reports generated by auditors.

Material weaknesses and their contribution to financial statements

Material weaknesses are very critical to address because they signal that an organization is facing significant control problems that will lead to material misstatements of financial statements as well as material misstatements that internal auditors failed to detect (Hamersley, Myers & Shakespeare, 2008). These weaknesses can be as detailed as inaccurate account balances or as general as a company's overall financial reporting process (Doyle et al., 2007). While auditors have an easy time tracking down account level weaknesses, they have a tough time sufficiently testing for company level deficiencies as they relate directly to the inefficiency of management to control their organization. This is mainly evident in smaller organizations that do not have the resources to maintain a robust internal control process. However, another type of material weakness which has to do with trouble of interpreting and applying complex accounting standards can be seen in large and diversified businesses (Doyle et al., 2007).

A final type of material weakness has to do with the detection of inadequate revenue policies or control flaws in the period-end reporting process. This weakness allows senior managers a greater opportunity to manage earnings as it has a direct effect on the accuracy of financial statements (Doyle et al., 2007). Research indicates that managers like to tweak their revenue recognition policies at an end of a period to boost their earnings (Ge & McVay, 2005). This is because they are trying to meet or exceed the expectations set by financial analysts for an organizations' performance over a given period. Ge and Mcvay (2005) suggest that larger organizations tend to create some leeway into their revenue recognition policies because they could face greater demands to manage their earnings well. Thus this material weakness could lead to a strong likelihood of revenue fraud in these organizations.

All these material weaknesses are covered in detail on the internal control reports. Thus appropriate solutions to these weaknesses should have a significantly positive effect on the accurate development of financial statements. An organization's financial position over its competitors as well as trust with its investors is greatly enhanced when financial statements are accurate. This also instills confidence in the employees of an organization concerning the integrity behind their operations. But for this to last for the long-haul, organizations must do more than just efficiently adapt and monitor their internal control process. They must embrace them as an essential factor for sustained organizational success.

Embracing Internal Control

In order to maintain consistency for the long-term concerning internal control, organizations must embrace internal control as a vital part of daily business operations. It should go beyond than just compliance to federal laws. It should be part of an organizational culture. Two examples of embracing internal control can be implementing internal controls beyond financial operations and delegating ownership and accountability to operating personnel in each functional area an organization (Langer and Popanz, 2006). Organizations that are successful in implementing internal control frameworks emphasize the value of genuinely embracing the frameworks' principles which allow an organization to be flexible to organizational changes of in future (Brune, 2004). Embracing internal control can result in cost savings, process improvement efficiencies, exceptional risk management and limit needless surprises for an organization (Langer and Popanz, 2006). With the current economic environment, all those factors will play a critical role in the long-term survival of any organization.


Applegate, D., & Willis, T. 1999. Integrating COSO. Internal Auditor, 56(6): 60-66.

Brune, C. 2004. Embracing internal controls. Internal Auditor, 61(3): 75-81.

Campbell, D., Campbell, M., & Adams, G. 2006. Adding significant value with internal controls. The CPA Journal, 76(6): 20-25.

Cangemi, M. 2007. Internal controls: Where we've been and where we need to go. Financial Executive, 23(10): 6.

Curtis, M.B., & Wu, F.H. 2000. The components of a comprehensive framework of internal control. The CPA Journal, 70(3): 64-66.

D'Aquila, J.M., 2001. Financial accountants' perceptions of management's ethical standards. Journal of Business Ethics, 31: 233-244.

Doyle, J., Ge, W., & McVay, S. 2007. Determinants of weaknesses in internal control over financial reporting. Journal of Accounting and Economics, 44(1/2): 193-223.

Ge, W., & McVay, S. 2005. Market reactions to the disclosure of internal control weaknesses and to the characteristics of those weaknesses under section 302 of the Sarbanes Oxley Act of 2002. Accounting Horizons, 19(3): 137-158.

Hamersley, J.S., Myers, L.A., & Shakespeare, C. 2008. Market reactions to the disclosure of internal control weaknesses and to the characteristics of those weaknesses under section 302 of the Sarbanes Oxley Act of 2002. Review of Accounting Studies, 13(1): 141-165.

Harris, M. 2006. How good audit committees get the job done. CA Magazine, 139(1):16.

Hubbard, L.D. 2003. Understanding internal controls. Internal Auditor, 60(5): 23-25.

Lacroix, K. 2007. Foreign corrupt practices act: A '70s revival and growing D&O risk. National Underwriter Property & Casualty, 111(13): 21-25.

Langer, D.B., & Popanz, T. 2006. Sustainable compliance. Internal Auditor, 63(1): 54-58.

Moeller, R. 2009. Sarbanes-Oxley Internal Controls: Effective Auditing With AS5, CobiT and ITIL. Hoboken, NJ: John Wiley & Sons, Inc.

Rezaee, Z. 1995. What the COSO report means for internal auditors. Managerial Auditing Journal, 10(6): 5-10.

Rittenberg, L.E., Martens, F., & Landes, C.E. 2007. Internal control guidance: Not just a small matter. Journal of Accountancy, 203(3): 46-50.

Savage, A., Norman, C.S., & Lancaster, K.A.S. 2008. Using a movie to study the COSO internal control framework: An instructional case. Journal of Information Systems, 22(1): 63-76.