In today’s world of constant security risks, it is critical to have a solid internal control system in place. These systems can not only detect and prevent fraudulent activity, but they also offer protection to the resources in your organization. In addition, regulatory requirements such as Sarbanes-Oxley require that organizations be in compliance and this also leads to disciplined organizational governance.
Start from the Beginning
Before implementing a good internal control system, we must understand what that means. BusinessDictionary.com defines Internal Controls as: Systematic measures (such as reviews, checks and balances, methods and procedures) instituted by an organization to (1) conduct its business in an orderly and efficient manner, (2) safeguard its assets and resources, (3) deter and detect errors, fraud, and theft, (4) ensure accuracy and completeness of its accounting data, (5) produce reliable and timely financial and management information, and (6) ensure adherence to its policies and plans. As we can see, this covers a lot of territory so a thorough internal control system is needed.
The Devil is in the Details
Now we need to figure out what all this means. The Committee of Sponsoring Organizations of the Treadway Commission (COSO), published a report in 1992 titled, “Internal Control – Integrated Framework.” They developed this document to help organizations design and deploy impactful internal control systems. COSO determined that there are five components that make up internal controls:
- Control Environment
- Risk Assessment
- Information and Communication
- Control Activities
It is important to understand that internal control is really a process impacted by people, and assisted by systems. By properly utilizing your team and your technology, your organization can achieve solid internal control to reduce confusion and be in compliance.
Developing Your Structure
In defining strong internal controls, one must first understand the structure of its staffing and evaluate where system or process controls need to be implemented to ensure separation of duty. Smaller organizations certainly have a greater challenge in maintaining this separation of duty. As a result, an important component of strong internal controls is to build in processes that provide for periodic review of reports, logs and supporting documentation.
Structure = Foundation
In general, ERP systems such as
It is also a good idea to utilize the latest technology for audit tracking, which provides detailed information on record/transaction changes, time/date/user identification as well as reports tracking the history of all the changes made.
Despite all the technology and rules that are established, it is important to note that every single person in your organization should take responsibility, to some extent, for maintaining internal control. The most effective approach takes the best from your people, processes and technology to create a strong, stable internal control system.
To find out how Dynamics GP can benefit your organization, contact Steve Kane (301-634-2404 and [email protected]) at BroadPoint Technologies,
by Broadpoint, Microsoft Dynamics Partner