We’ve heard it referred to as the “tone at the top.” The character and behavior of an entity’s management sets the standard for other personnel. Despite elaborate codes of conduct, sanctions and whistle-blowing provisions, employees will follow their leaders. Even when leaders use the “do as I say, not do as I do” philosophy of management, subordinates will do as their leaders do.
From the five elements of internal control developed by the Treadway Commission in the late 1970s, we recognize management’s role as the “control environment.” The control environment of an entity is the backbone of its internal control. The smaller the entity, the more directly management’s practices affect control risk. The existence of key, or entity level, controls performed diligently by an owner or manager can reduce control risk, even when there is limited or no segregation of duties.
Key controls, such as inspecting supporting documents when signing checks or receiving and reviewing bank statements before a bookkeeper reconciles an account, can provide some assurance that misstatements due to error or fraud will not go undetected. In other words, control risk can be less than high!
Based on the assumption management’s integrity is high, a simple matrix attached illustrates a good system of internal control for a small entity. Do you believe these controls can be audited? Why or why not? Post your comments below.