A recent study found that fewer public companies are reissuing financial statements due to errors or omissions, in large part due to stronger internal controls. Want to upgrade your controls and reduce your risk of restatement? Savvy business owners and managers borrow best practices from the framework auditors use to evaluate their clients’ internal controls.
Drop in restatements
Research firm Audit Analytics found that the total number of restatements dropped to 6.83 percent (or 671 of 9,831 companies) in 2016. That is the lowest number of restatements in 15 years. Why? The Audit Analytics study attributes the decrease in restatements, at least partially, to regulatory oversight.
“I believe that the decrease in the number of restatements … is a result, to some extent, of improved internal controls over financial reporting,” said Don Whalen, director of research at Audit Analytics. Companies institute internal controls primarily to deter accounting fraud.
One resource used to improve internal controls is the Committee of Sponsoring Organizations of the Treadway Commission (COSO). COSO first published its Internal Control — Integrated Framework in 1992 to help prevent a repeat of the types of accounting frauds that occurred in the 1980s. In 2013, COSO revised its framework to reflect changes to business and financial reporting that have taken place over the last two decades.
The updated COSO framework outlines five basic components of internal controls, including:
- Control environment. A set of standards, processes, and structures is needed to provide the basis for carrying out internal controls across the organization.
- Risk assessment. This dynamic, iterative process identifies stumbling blocks to the achievement of the company’s objectives and forms the basis for determining how risks will be managed.
- Control activities. Policies and procedures are necessary to help ensure that management’s directives to mitigate risks to the achievement of objectives are carried out.
- Information and communication. Relevant and quality information supports the internal control process. Management needs to continually obtain and share this information with people inside and outside of the company.
- Monitoring. Management should routinely evaluate whether each of the five components of internal controls is present and functioning.
External auditors generally rely on the framework’s concepts when they assess internal controls. Likewise, business owners and managers can use the framework as a guide to establish, strengthen, and assess their company’s controls. Following this framework can help safeguard your operations from inadvertent financial reporting errors and fraud.
COSO offers 81 ‘points of focus’ that provide practical guidance in designing and implementing effective internal controls. Our audit team can help you turn the framework’s abstract concepts into actionable items. Contact us for more details.