The term internal controls is used to describe a set of company policies established to ensure that fraud and waste does not occur. Internal controls help companies improve both the quality and reliability of information used in the decision making process.
Internal controls always played a critical role in ensuring financial statements were prepared in an accurate manner. However, the Sarbanes-Oxley Act increased awareness and prominence of these controls. Companies are required to assess the potential of theft or fraud and institute policies to protect against these risks.
For example, when certain transactions occur, it’s often desirable to have more than one person involved at some point in the process, thereby reducing the risk of fraud. Monitoring systems are put in place to identify problems before they materially affect an organization. These systems can include reports or managerial approvals of transactions. This is the idea behind delegation of authority, which is a set of rules outlining the ability of various levels of management associates to approve transactions below certain dollar thresholds.
Large companies oftentimes have an internal auditing group that provides an independent assessment of a control’s effectiveness. This is in addition to that of an Independent Registered Public Accounting Firm, which also conduct audits aimed at determining the effectiveness of a company’s internal controls.