As a result of the recent scandals of companies such as Enron and WorldCom, the Sarbanes-Oxley Act (SOX) was enacted to preemptively curb fraudulent financial reporting. Since its enactment, SOX has strengthened requirements of both internal controls and procedures for financial reporting. Internal control is a process where a common goal is achieved by management and personnel to ensure safe guarding assets, as well as the attainment of realistic objectives such as operation, reporting and compliance. (COSO, May, 2013) Strong internal controls assist ...view middle of the document...
These activities are carried out at all levels with varying degrees. Examples of control activities include segregation of responsibilities, human resources control, physical control, documentation procedures, establishment of responsibilities and independent internal verification.
4. Information and communication - The management’s responsibility to gather relevant information from external and internal resources in order to then communicate necessary information to the organization and to external parties. Effective communication requires an ability to relay appropriate information to key personnel.
5. Monitoring - Management reviews the organization’s activities periodically to evaluate whether all five internal controls are effective and functioning according to the organizational mission and objectives.
Internal control is most effective when all five components are woven together and work simultaneously. The use of internal controls is not limited to publicly held companies. Below is an application of the COSO internal control framework to a government program.
Naval Reactors Example
Naval Reactors (NR) is the United States Navy’s program responsible for the cradle to grave operation of the Navy’s nuclear reactors. To maintain the safe and reliable operation of reactors, the program has instituted many internal controls. Consistent with the framework discussed above the following provides examples of NR’s internal controls.
1. NR Control Environment - The NR environment was conceived by Admiral Rickover at the very start of the program in 1949. While many attributes set the program’s environment apart from other government programs, the Program’s best example is the prototypical NR engineer. The process by which engineers are selected is rigorous and is perhaps the most defining internal control. The selection process includes a series of five interviews culminating with a one-on-one session with the Admiral. The interviews consist of behavioral questioning, elemental reasoning, and, arguably the most notorious, random yet specific engineering questions. Once selected, the engineers must complete a military officer indoctrination course and a six-month engineering “deep-dive” before finally becoming a productive member of the NR team. This internal control was established by Admiral Rickover to develop the program’s engineering aptitude to a level in which the use of nuclear power could be utilized safely and reliably. While engineering aptitude mitigates some programmatic risk, there are other risks to the viability of nuclear power that must be identified and assessed.
2. NR Risk Assessment - The program has many risks that need to be identified, evaluated, and managed. A microcosm of this internal control can be seen in the project management process of major construction projects (MCP). MCPs are construction projects greater than $10M and are susceptible to any number of risks including, funding...