Leadership confrontation of controller questions regarding internal control system

Internal Controls

Organizations have the responsibility of accounting for all of their financial and operational data in an effective and efficient manner that is in compliance with all regulations as well as industry practices. Having a set of internal controls in place can help streamline an operation which provides a level of efficiency as well as offers protections again various risks. The SEC has been in an increasingly important role and has received increased power in 2002 when legislation for the Sarbanes-Oxley Act was passed. Although most of the rules and regulations under this act affect only publically held companies, many of the required accounting procedures can serve as best practices for companies that are not publically owned.

Quality assurance is generally one of the most important aspects to constructing a set of internal controls. Internal controls can assist with analyzing processes and monitoring operations to ensure that high quality standards are being met at all times. There are many types of internal controls that can be used to meet these objectives and to monitor quality. By keeping data on internal procedures and constructed dashboards, management can quickly minimize the chances of such problems occurring. Problems in the insurance industry can escalate quickly if there is any errors and having a set of internal controls helps protect the organization from these risks.

There different categories of risk objectives which include strategic objectives, operational objectives, reporting objectives, and compliance objectives (COSO, 2004). Any organization can adopt a COSO Enterprise Risk Management (ERM) framework, or parts of such a framework, for risk management. The COSO can be constructed in a way that complements the existing organizational goals. It is also important that the internal controls processes become integrated into the organizations culture. Most organizations will have a limited number of internal controls that are focused on the organizations top priorities and the relevant risks associated with those.

To construct a set of internal controls most organizations will designate a steering committee or put together a project team to guide the implementation. This group will be ultimately responsible for first building an inventory of the operating procedures, potential risks, and the internal controls to guide the organization's operations in the future. The group can consider the organizations risks based on the different risk objectives; strategic objectives, operational objectives, reporting objectives, and compliance objectives (COSO). The most effect controls will work to minimize organizations liability in a comprehensive manner will necessarily incorporate all four goals.

Internal controls are generally unique since no two organizations will have identical risk management profiles. Therefore it is necessary for the organization to include many different perspectives when building internal controls. COSO framework can be a very useful tool in designating best practices and identifying potential risks. In some case it can also be useful to include external stakeholders such as legislators, consultants, auditors, and suppliers. In many cases, there can be a large number of risks that are difficult to identify by a limited number of perspectives.

The overall objective of the internal control is to ensure, to a reasonable degree, that the Company's operational strategies and targets are followed up and that the owners' investments are protected (SSAB, N.d.). Building the risk profile first will allow the organization to construct its internal controls in systematic way so that it can effectively address the organizations goals.