Please explain controls 537
kysmith last edited by
I’m trying to research this whole SOX thing and I keep reading about controls, and implementation of them being undefined. I can’t for the life of me figure out what a control is. I have gathered that it is some way to test the accuracy of an accounting measure but I really need a better definition and maybe an example.
Thanks in advance and sorry about the newbie question
MikeE last edited by
A very good place to start on this subject would be the COSO* website.
gives a few basic definitions which should help.
(*COSO : You’ll see them cited frequently in this forum and elsewhere - basically they’re the people who wrote what is widely accepted to be the ‘bible’.)
SOX-Migration last edited by
Start by thinking ‘what can go wrong?’ with respect to the financial information. An example of this would be that the company sends out goods to a customer but fails to invoice them. All the things that can go wrong are RISKS.
To address a risk, we have controls, which are the things that people in the company do to address the risks. For example someone could match up all the sales invoices to a dispatch note, to make sure that every dispatch of goods is invoiced. There may be several controls that address this same risk at different stages in the sales process.
The example above is manual and very simple. You will find many controls that are automated and these can be a little harder for a novice to identify. I suggest that if you will be doing much more of this work you get some training to help you along.
lekatis last edited by
There are many definitions of controls.
Control is a process or an action that prevents a loss. For SOX, processes and actions that ensure that financial statements are accurate and compliant with accepted standards
What SEC says about controls is important to SOX.
'A process designed by, or under the supervision of , the registrant’s principal executive and principal financial officers, or persons performing similar functions, and effected by the registrant’s board of directors, management and other personnel, to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles and includes those policies and procedures that:
- Pertain to the maintenance of records that in reasonable detail accurately and fairly reflect the transactions and dispositions of the assets of the registrant
- Provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with generally accepted accounting principles, and that receipts and expenditures for the registrant are being made only in accordance with authorizations of management and directors of the registrant
- Provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use or disposition of the registrant’s assets that could have a material effect on the financial statements.’