Let’s face it, dealing with internal controls from time to time can be a headache and can certainly get out of hand. The power of an organized internal control structure yields a plethora of benefits in terms of cost efficiency, reduced workload, fewer headaches, and happier employees – You know what they say, Organized People Play™.
Tags: Internal Controls, segregation of duties, control reduction, SOX, auditing standards, audit costs, Controls Testing, SOX Compliance Made Simple, internal audit, Process Improvement, software, sox compliance, internal control, Sarbanes-Oxley, Vibato, audit scope, internal control tips
Google SAS 104-115 and you will find mostly articles by us (Vibato) discussing the need for auditors to pay special attention to internal controls as part of their audit. Why? Because the AICPA & the PCAOB dictates standards that the auditors must adhere to in order to perform their audits. Parts of these requirements include reviewing your internal controls and this applies to ANY COMPANY THAT IS AUDITED – public, private, non-profit; it doesn’t matter. If you are audited, your auditors must look at your internal controls as part of your audit. If you do not have any documented internal controls then be prepared for a higher audit bill because your auditors will have to go looking for internal controls at your company on your dime year-over-year. Moreover, due to independence issues, they are not allowed to share their work with you to use going forward so they will do this work each year and all you will see for it is a higher bill. Period.
We are often asked how long company's must keep their internal controls documentation and when we tell them, we are often met with shocked stares but here is your answer:
Determining a correct sample size is an important first step in your internal controls testing efforts. Below is Vibato's approach to sample size determination, which we've used with great success for years.This approach has been vetted with all Big 4 and most regional external auditing firms.
An internal control deficiency can be caused by a number of issues but it is primarily defined as an error discovered during internal controls testing (e.g., a payment was coded to utilities when it should have been coded to inventory) or during a review of the internal control evidence (e.g., the internal or external auditors discover the coding mistake rather than management finding it as part of their closing activities). An internal control deficiency may also occur simply from someone forgetting to execute one of their internal controls entirely.
Tags: Internal Controls, Compliance tools, risk assessment, audit, SOX, 404 audit, best-practice, Controls Testing, 10k, Product Information, Sarbanes-Oxley Training, compliance, risk management, Sarbanes-Oxley, audit deficiency, Internal Control Deficiency
NOTE: This blog, originally published in May, 2010, was updated on August 29, 2011, to reflect the replacement of SAS 70 reports with Service Organization Reports (SOCs) prepared under SSAE no. 16 and AT 101.
"Could Codification Weaken Internal Controls? Maybe. And here's what you can do to mitigate the effect on your accounting policies, disclosures, and error detection.
I hear stories daily about people who are paying incredible amounts of money to have a third-party implement their internal control infrastructure and then test their internal controls on an annual basis.
We have just posted a significant amount of FAS 123(R) ASC 718 Compensation - Stock Compensation codification cross reference information to our Codification Tools page.