Internal Control Frameworks
Compliance models. Internal controls are processes that are designed to offer reasonable levels of assurance that objectives can be met in several important areas, including the reliability and security of financial reporting, the efficiency and effectiveness of operations, and legal and regulatory compliance. Many versions of compliance models exist that can serve as the foundation for organizational compliance initiatives. These compliance models are more suitable for certain industries than for other industries. The following description explores two compliance models and identifies relevant industries in which the models could be successfully employed.
Domain model for internal controls compliance. A close relation exists between business process management (BPM) and internal controls management (Namiri & Stojanovic, 2007). The process of constructing the architecture between the two entities entails identification of the significant accounts in the company and identification of the business processes that affect the accounts (Namiri & Stojanovic, 2007). Control objectives are identified for each business process and the risks that the enterprise faces are linked to relevant control objectives (Namiri & Stojanovic, 2007). When the domain model has been designed and executed based on the risk assessment, the set of controls will prevent or detect the occurrence of the identified risks (Namiri & Stojanovic, 2007). The domain model is appropriate for any business enterprise that is subject to the Sarbanes-Oxley Act (SOX), particularly where database technology is utilized.
CobiT framework model for internal controls compliance. The IT Governance Institute's Control Objectives for Information and related Technology (CobiT) is a commonly used framework for achieving compliance (Pabrai, 2006). The model is comprehensive and utilizes controls designed to ensure that business practices and regulatory requirements are aligned (Pabrai, 2006). The CobiT framework is a turnkey model that assures compliance readiness as regulations change (Pabrai, 2006). A noteworthy attribute of the CobiT framework is compliance with the Committee of the Sponsoring Organizations of the Treadway Commission -- which facilitates the ability of enterprises to meet SOX requirements (Pabrai, 2006).
What Are Controls?
Addressing material weakness. When an internal control is not sufficient to prevent substantive irregularities -- such as in financial statements -- it is considered to ineffective and a material weakness. The reference to material weakness is an acknowledgement that the ineffective control can lead to a material misstatement in the financial statements provided by a company. It is entirely possible that the control is not a good match for the risk, which would indicate a flaw in the compliance control model. Changes can be made to the compliance control model that adjusts or substitutes the control, such that the material weakness is eliminated or diminished to an acceptable level of risk.
Five Categories of Controls
The rationale for internal controls has matured from one that strictly focuses on compliance to a one that recognizes the gains in value proposition to be had by enterprises that develop a compliance control plan and master the execution of controls and monitoring. To whit,
You’re 85% through this paper. Sign up to read the full paper.
Sign Up Now — Instant Access Already a member? Log inAlways verify citation format against your institution’s current style guide requirements.