Internal controls protect the company’s assets as well as their shareholders’ investments in the company. Therefore, the SEC requires companies to report on internal controls as part of Management’s Report of Responsibilities.
The Committee of Sponsoring Organizations (COSO) of the Treadway Commission defines internal control as “a process, effected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding achievement of objectives in the following categories:
- compliance with applicable laws and regulations;
- effectiveness and efficiency of operations;
- reliability of financial reporting.”
The COSO emphasizes the importance of the company’s top management’s values and integrity. Top management will set the course in which the rest of the company’s employees follow. Their operating style and ethical values influences the rest of the company’s behavior. They themselves must set a good example and work by a high ethical standard.
In addition to management’s incorruptibility, COSO recommends internal controls should be monitored regularly and updated when necessary in order to remain highly effective components of a company.
COSO advises the report of internal controls summarizes the following information:
- the type of controls reported on
- the inherent limitations of the internal controls in place because no system is foolproof and without fault
- the established procedures for supervising controls and for reacting to any known deficiencies
- concluding remarks about the control system and details about its shortcomings
Along with the recommendations of the COSO, the Sarbanes-Oxley Act also states its requirements for the formal reporting on the effectiveness of internal controls.