Part 1 Section E.1.2. Internal Control 内部統制

Who Cares about Internal Control?

  • Investors
  • External auditors
  • legislative and regulatory bodies
  • Limit and direct employees’ authority and discretion
  • Customers

Internal Control Definition 内部統制の定義

COSOによる定義

Internal control is a process, effected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance.

Internal Control – Integrated Framework copyright 1992, 1994, and 2013 by the Committee of Sponsoring Organizations of the Treadway Commission
  • Operations objectives relate to the effectiveness and efficiency of operations.
  • Reporting objectives pertain to internal and external financial and non-financial reporting.
  • Compliance objectives relate to the organization’s compliance with applicable laws and regulations.

Fundamental Concepts 基本コンセプト

  1. The purpose of internal control is to help the company achieve its objectives.
    1. Operations
    2. Reporting
    3. Compliance
  2. Internal control is an ongoing process.
  3. Internal control is effected by people.
  4. Internal control procedures can provide reasonable assurance only – not absolute assurance and not a guarantee.
    • reasonable assurance 合理的保証 ⇔ absolute assurance 絶対的な保証
  5. Internal control must be flexible.

How internal control provide reasonable assurance?

  • Segregation of duties
    • assigning different employees to perform function
  • Reconciliation of recorded accountability with assets
  • Safeguarding controls
    • limit access to an organization’s assets to authorized personnel.

Internal control objectives

  • Operations objectives
    • Operations should be as efficient as possible; the company’s resources should be used effectively and efficiently. Assets should be safeguarded against loss.
  • Reporting objectives
    • Internal and external financial and nonfinancial reporting objectives include reliability, timeliness, transparency, and other requirements of regulators, standard setters, or the entity’s policies.
  • Compliance objectives
    • Care should be taken to follow and be in compliance with all applicable laws and regulations to which the company is subject.

Responsible for Internal Control

  • The board of directors is responsible for overseeing the internal control system.
  • The CEO is ultimately responsible for the internal control system and the “tone at the top”.
  • Senior managers delegate responsibility for establishment of specific internal control policies and procedures to personnel.
  • Financial officers and their staffs are central to the exercise of control.
  • Internal auditors pay a monitoring role.
  • All employees are involved in internal control.
  • External parties provide information that is useful to effective internal control.

Transaction Control Objectives

  • Authorization
  • Completeness
  • Accuracy
  • Validity
  • Physical safeguards and security
  • Error handling
  • Segregation of duties

Types of Transaction Control Activities

  • Authorization and approvals
  • Verifications
  • Physical controls
  • Controls over standing data
  • Reconciliations
  • Supervisory controls

Safeguarding Controls

  • Segregation of duties
  • Physical protection and controlled access to records and documents
  • Physical protection measures to restrict access to assets
  • Effective supervision and independent checks and verification

Segregation of Duties

以下の4つの業務は必ず別人が担当すること!

  1. Authorizing a transaction.
  2. Recordkeeping: Recording the transaction.
  3. Keeping physical custody.
  4. The periodic reconciliation.

コメント