Entity-level controls codify the attitudes and behaviors around financial integrity and accuracy within an organization. They reflect the "tone at the top," or how an organization's executives and Board of Directors feel about financial integrity and accuracy, and the policies and procedures in place to support those feelings. For this reason, they provide the foundation for an organization's internal controls over financial reporting.
Entity-level controls deal with an organization's policies and procedures around governance, financial analysis, and compliance/legal responsibilities. These controls mostly target the behavior of an organization's executives and Board members, but all employees are affected by them.
Documentation and activies around entity-level controls include:
- Mission, vision, or values statement
- Board of Directors policies and procedures
- Finance department policies and procedures
- Whistleblower policies and hotline
- Annual review of internal controls over financial reporting
- Compliance training
- Existence of an internal audit department that reports to audit committee
We need only look at the accounting scandals of the past few years to understand why entity-level controls matter. Companies like Enron and Lehman Brothers did not implode because a few rogue mid-level managers cooked the books. Accounting irregularities, fraud, and financial misdeeds were rampant across these companies, suggesting corporate cultures that did not value financial integrity and compliance with accounting standards and federal laws. And who established this culture? The C-suite and Board members of those companies, through their entity-level controls - or perhaps, lack thereof.
For more information about entity-level controls, download the Vibato tipsheet "3 Important Aspects of Entity-Level Controls".
And for specific examples of why entity-level controls matter, take a look at a recent blogpost by Francine McKenna, who blogs for Forbes.