WHITE PAPER INTERNAL CONTROL WITH ADRA

Transcription

1 WHITE PAPER INTERNAL CONTROL WITH ADRA

2 About this document The purpose of this document is to discuss Internal Control and how Adra products supports ERM (Enterprise Risk Management), Internal Control and the COSO framework at a high level. The objective is to inspire the reader to learn more about Internal Control and how modern software can support the process. INTERNAL CONTROL - DEFINITION Internal Control is broadly defined as a process, effected by an entity s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to: > Effectiveness and efficiency of operations > Reliability of financial reporting > Compliance with applicable laws and regulations The most used Internal Control framework is the COSO. It addresses a methodology for internal control and guidelines on how to implement Internal Control. (COSO. (2013) Internal Control - Integrated framework) LEGISLATIONS Most companies implement Internal Control because they have to abide by legislations in their own country. Example of relevant laws: REGION LEGISLATION > US SOX - Section 404 > UK The UK Corporate Governance Code - Section 5 > Norway The Accounting Act (Regnskapsloven) 3-3b > Sweden Redovisningslagen Kap 6, 6 > Denmark Årsregnskabsloven 107 b) COSO REPORT - THE FRAMEWORK The Committee of Sponsoring Organizations of the Treadway Commission (COSO) an organization providing thought leadership and guidance on Internal Control, enterprise risk management (ERM) and fraud deterrence. COSO wrote a report in 1992 to describe a framework for Internal Control. It was updated in Adra Whitepaper - Internal Control 2

3 To master Internal Control you have to understand the purpose of the elements in the COSO model. The COSO framework addresses five essential components in internal control: > Control environment > Risk Assessment > Control Activities > Information & Communication > Monitoring Activities To be able to rely on Internal Control, all five components must be working. Control Environment Does the board, management and employees understand the risk in the company? The control environment establishes the attitude of an organization. A good control environment is created by management and focuses on integrity, ethical values and the direction supplied by the board of directors. The COSO Framework defines it as the base for all components of internal control. Risk Assessment It forms a basis for how the risks should be managed, identifying and analyzing relevant risks to achieve objectives. Control Activities Has the entity developed control activities to reduce the identified risk? Examples of Control Activities: > Segregation of duties Separating authorization, custody, and record keeping roles to prevent fraud or error by one person. > Authorization of transactions Review of particular transactions by an appropriate person. > Retention of records Maintaining documentation to substantiate transactions. > IT application controls Controls over information processing enforced by IT app lications, such as edit checks to validate data entry, accounting for transactions in numerical sequences, and comparing file totals with control accounts. Adra Whitepaper - Internal Control 3

4 Information & Communication Systems or processes that support the identification, capture, and exchange of information in a form and period that enable people to carry out their responsibilities. Monitoring A company goes through changes related to IT systems and organization all the time. This will affect the exposed risk. It is important to test the established internal controls and revaluated the risk in the company when changes appears. HOW ADRA PRODUCTS SUPPORT INTERNAL CONTROL Adra products has its strength in bringing the Internal Control out to the users. All Adra products support the COSO component, information and communication, as it provides the organization information of tasks, risk rating, purpose of financial accounts and status. This also gives the opportunity to establish a healthy control environment in the organization. TASK MANAGER functions as an organizer of all tasks in relation to financial reporting and gives the status of internal control. BALANCER works as an operational tool for handling risk related to the balance accounts and gives the users relevant information about procedures and guidelines. ACCOUNTS is a powerful transactions matching system that is an important control activity tool. Adra has a cross product initiative to enhance all products with increased support for Internal Control. Our objective is to provide our customers with solutions that both fulfil the needs for Operational Excellence and smooth Financial Close processes yet at the same time gives solid system support for Internal Control. TASK MANAGER TASK MANAGER is a tool for planning the activities related to Internal Controls. Example of these activities could be: > Conduct risk assessment (Risk assessment) > Test internal controls (Monitoring) > Conduct control activities (Control activities) > Preparing Internal Controls reports for external audit TASK MANAGER is the tool where you plan and delegate the Internal Control tasks to the organization through the year. Additional to this, TASK MANAGER will give you a real-time overview of the status of Internal Control. Adra Whitepaper - Internal Control 4

5 BALANCER In BALANCER, we help the user company to use their established Internal Control or to establish elements of internal controls. As BALANCER just addresses some of the operational components related to risk in the balance accounts of Internal Control, it s important to remember that all the five components has to be working. > Risk Rating BALANCER gives the opportunity to register the risk rating for a balance account based on the company s risk assessment. > Account Purpose This section is usually used to give information to the user what s the purpose of this account. It could be references to relevant laws or the background for the risk rating. > Reconciliation Procedure A procedure description of how the company will mitigate the addressed risk rating. This is the documentation of the control activity related to the account. This could be a description of how the reconciliation is done with ACCOUNTS or other reconciliation software. > Account Roles BALANCER gives the opportunity to implement Segregation of duties related to the financial reporting process. > Activity Log Detailed logs provide the Audit trail of who did what at what time. ACCOUNTS ACCOUNTS is a transaction matching software, which is used for matching transactions in a various number of variants. In relation to Internal Control and COSO, ACCOUNTS will be a handy software to establish Control Activities. Examples for this could be: > Bank reconciliation > Credit card reconciliation > Other risk reducing reconciliations CONCLUSION Both increased legislation and increased shareholder focus on Internal Control has put it high on the agenda within more and more organizations. Finance professionals, auditors and staff are looking at ways to implement COSO frameworks and internal controls throughout their organizations. Modern software can play a key role in both implementing and enforcing good routines and processes and we at Adra provides solid support for Internal Control across all products. Adra Whitepaper - Internal Control 5

6 Brands that trust us: ABOUT ADRA Adra develops and markets software for the Financial Close Process. With over 25 years experience of providing software for the automation of the Month End Close Process, Adra is a market leader with 3000 customers. Our software for the Financial Close helps accounting and finance teams to work smarter and quicker, with better control and accuracy. The solutions streamline and standardise accounts departments and give them an overview of the company s balancing process at all times. Adra has an origin in Scandinavia just like many other financial software companies like Axapta, Navision, IBS, IFS, Jeeves and Visma and today we serve customers in more than 30 countries around the world. Among our customers are Hertz, GE Capital, KPMG, Toyota, IKEA and BMW. Learn more and contact us: Visit our website: Send an to: [email protected] Sources: The Committee of Sponsoring Organizations of the Treadway Commission. (2013). Internal Control - Integrated Framework. Available: Last accessed 13th October Adra Whitepaper - Internal Control - May version 1.0