As you may recall from our Sarbanes /
Oxley Section 404 discussions, the Council of Sponsoring Organizations
(COSO) of the Treadway Commission recommended eight distinct control
areas that need to be present in order for an adequate system of
internal controls to exist in any organization. While the last area of
controls (Business process controls) is the most labor and time
intensive, the first seven areas pertain to what is generally referred
to as “Entity Level Controls”. These seven entity level controls are:
The first four
control areas represent the overall control environment, which generally functions at a higher level within the organization.
Understanding the company’s internal operating / financial environment,
setting clear objectives for the organization, establishing parameters that trigger event identification and risk response scenarios all
represent control areas where management generally oversees
the controls through high level evaluation. Associated controls in these
areas tend to be more analytic in nature and require professional level
individuals to develop and monitor. While most companies have a
“mish-mash” assortment of controls which serve similar purposes, these
are generally not all in place nor are they monitored properly to
accomplish the goal of giving management advance warnings on issues or
events which could materially affect the company. Conversely, the last
three of these “entity level controls” (Risk assessment, monitoring and
information and communications) are direct lines of control which
are essential to preventing or eliminating risk / harm to the company.
They must be evaluated on a more timely basis such as daily, weekly,
monthly or quarterly versus the first four control areas modified or
evaluated on a less frequent basis.
In general, the
latter three areas are more sensitive to environmental change and
day-to-day risks than “overall control environment” controls. Thus
these controls deal primarily with organizational and
environmental risks versus business process controls, which
monitor the daily operations of the organization’s financial processes
and systems. While requiring less time to design, develop, implement
and audit, they are no less critical to an effective
system of internal control than their counter-part.
GTS can assist
you in: 1) Designing; 2) Developing; 3) Implementing; 4) Auditing and
5) Monitoring these “Entity Level Controls”.
Global Technology Solutions, LLC (Your One-Stop SOX