Internal Controls

What are Internal Controls?

Internal controls are the system of checks and balances that companies put in place to:

  • Ensure accurate and reliable financial reporting
  • Maintain proper compliance with laws, regulations, and policies
  • Achieve operational objectives
  • Reduce losses associated with fraud
  • Mitigate risk

Types of internal controls include detective controls, designed to detect errors in the business; corrective controls, used to correct errors that are discovered; and preventive controls, used to keep errors from happening in the first place. Common controls include requiring reviews, approvals, verifications, and well-documented reconciliations. Other types of controls used are segregation of duties and periodic reviews or audits.

Internal controls are main components of both the Foreign Corrupt Practices Act (FCPA) of 1977 and the Sarbanes–Oxley Act (SOX) of 2002. These acts require public companies in the United States to maintain proper internal controls.

What is the purpose of Internal Controls?

The purpose of internal controls is to minimize or control risks. As such, internal controls play an important role in detecting and preventing fraud in and organization. They are also the means by which a company protects its resources. This includes both physical resources such as machinery and property and intangible resources such as reputation or intellectual property.

What are the Different Levels of Internal Controls?

In defining controls, the Security and Exchange Commission (SEC) states: “A control consists of a specific set of policies, procedures, and activities designed to meet an objective. A control may exist within a designated function or activity in a process. A control’s impact may be entity-wide or specific to an account balance, class of transactions or application.”

At the entity-wide, or company or organizational level, internal controls focus on the reliability of financial reporting, achievement of strategic or operational goals, compliance with laws and regulations, and any other areas of organizational risk or exposure.

At the transaction level, internal controls refer to business concerns such as ensuring that payments made to suppliers are valid for supplies received or that refunds paid for returned goods match the inventory of goods returned.

What is the Process for Implementing Internal Controls?

The first step in implementing internal controls is to perform a risk assessment to identify all areas of risk and exposure in the business. Next, controls are designed to address these risks. A recommended approach for designing internal controls is to utilize a controls framework, such as the COSO framework. To be effective, an internal control system must also be monitored and assessed regularly to ensure that the system is working properly. This includes performing internal audits and external audits.

How Does Internal Controls Assurance Software Work?

Controls assurance software is meant to “control your controls.” It establishes a process for verifying internal controls; properly documenting their design, testing, and verification; and mapping such controls to compliance frameworks. It acts as a centralized database or repository of all control activities, with integrated storage for documentation on their design and testing. This software software also utilizes templates, checklists, and workflows to ensure that controls procedures are properly followed.

What Solutions Does BlackLine Offer for Internal Controls and Controls Assurance?

The BlackLine Finance Controls and Automation Platform adds enhanced controls to all accounting and finance processes. Each product contains internal controls components designed specifically for the processes the product covers, including:

  • Account Reconciliations: Validation of account balances; standardized format and procedures for reconciliations; proper documentation of reconciliations; visibility into the reconciliation process; segregation of duties between preparer, reviewer, and approver
  • Journal Entry: Standardized journal entry format and procedures; proper documentation of journal entries; segregation of duties between preparer, reviewer, and approver; validation rules and relational look-up tables prevent failed entries that require follow up; automatic posting and status tracking
  • Transaction Matching: Transaction level validation of account balances; identification of unmatched transaction between systems, statements, and reports, for investigation
  • Variance Analysis: monitoring of account balances for unusual fluctuations; customizable risk thresholds based on the risk profile of each account
  • Consolidation Integrity Manager: verification of the integrity of financial consolidation; system-to-system reconciliation, particularly useful for companies with multiple ERP systems or General Ledgers

In addition, The BlackLine Controls Assurance solution is designed to streamline all aspects of the controls assurance process. This solution utilizes the BlackLine Task Management product, with templates for control activities and compliance frameworks. It establishes automated processes for the design, testing, and verification of control activities.