17 Principles of Internal Control

Seventeen internal control principles may seem like a lot to act on, but for many public companies these principles serve as a necessary framework for assessing the effectiveness of their internal controls on financial reporting, as required by Sarbanes-Oxley. Private companies, although not directly affected by Sarbanes-Oxley, could benefit by assessing themselves against these principles.

As background, the Sarbanes-Oxley Act of 2002 introduced major changes to public company financial practices and corporate governance in response to major accounting scandals at Enron, WorldCom, and other firms. Among other things, the Act mandates independent audit of corporate internal control practices on financial reporting and requires management to produce an annual report which must assess the effectiveness of the internal control structure and procedures.

That’s where an internal control framework introduced by COSO* comes into play. COSO’s original framework, which identified five components of internal control, became widely adopted for use in assessing the effectiveness of internal controls. Its more recently updated framework identifies 17 principles mapped to the original components.  Here they are:

Component 1: Control Environment

  1. Demonstrates commitment to integrity and ethical values
  2. Exercises oversight responsibility
  3. Establishes structure, authority, and responsibility
  4. Demonstrates commitment to competence
  5. Enforces accountability

Component 2: Risk Assessment

  1. Specifies suitable objectives
  2. Identifies and analyzes risk
  3. Assesses fraud risk
  4. Identifies and analyzes significant change

Component 3: Control Activities

  1. Selects and develops control activities
  2. Selects and develops general controls over technology
  3. Deploys through policies and procedures

Component 4: Information & Communication

  1. Uses relevant information
  2. Communicates internally
  3. Communicates externally

Component 5: Monitoring Activities

  1. Conducts ongoing and/or separate evaluations
  2. Evaluates and communicates deficiencies

These principles are broad enough to apply to all sorts of business activities and they provide an excellent complement to other ethics initiatives, useful for public and private entities alike. They’re worth considering further, don’t you think?

Ethical Advocate can assist companies of all sizes in meeting Sarbanes-Oxley requirements and in creating a culture of ethics and accountability. Contact us for more information.

*COSO: Committee of Sponsoring Organizations of the Treadway Commission. In 1985, COSO was formed to sponsor the National Commission on Fraudulent Financial Reporting. In 1992, COSO published Internal Control – Integrated Framework, which was updated and reissued in May 2013. Learn more at http://www.coso.org/ic.htm