An internal control deficiency can be caused by a number of issues but it is primarily defined as an error discovered during internal controls testing (e.g., a payment was coded to utilities when it should have been coded to inventory) or during a review of the internal control evidence (e.g., the internal or external auditors discover the coding mistake rather than management finding it as part of their closing activities). An internal control deficiency may also occur simply from someone forgetting to execute one of their internal controls entirely.
Tags: Internal Controls, Compliance tools, risk assessment, audit, SOX, 404 audit, best-practice, Controls Testing, 10k, Product Information, Sarbanes-Oxley Training, compliance, risk management, Sarbanes-Oxley, audit deficiency, Internal Control Deficiency
NOTE: This blog, originally published in May, 2010, was updated on August 29, 2011, to reflect the replacement of SAS 70 reports with Service Organization Reports (SOCs) prepared under SSAE no. 16 and AT 101.
"Could Codification Weaken Internal Controls? Maybe. And here's what you can do to mitigate the effect on your accounting policies, disclosures, and error detection.
I hear stories daily about people who are paying incredible amounts of money to have a third-party implement their internal control infrastructure and then test their internal controls on an annual basis.
We have just posted a significant amount of FAS 123(R) ASC 718 Compensation - Stock Compensation codification cross reference information to our Codification Tools page.