Nov 13th 2008
By Dave Burt, CPA -
When the owner came to me shortly after I was hired two and a half years ago and told me she wanted me to write control procedures for the company, you know, I was just a little bit surprised. This was a privately owned company and not really subject to all the hoopla surrounding Sarbanes Oxley. Besides, I said, I’m a bean counter, I don’t have experience doing stuff like that. So, I asked, where and how do you want me to start? And, of course, she had no clue. All she knew was that she wanted them done and you know the old saying, “She that has the gold, rules.” I would find out later that she is a board member of some large bank and sat on the audit committee. Maybe she wanted bragging rights.
Okay, so she was no help, so where does one start? Well, I started by looking to see if the company had any written already. I did find one that was a fairly detailed how-to for purchasing a wide range of items and also a whole bunch related to quality control---which I found out I couldn’t conflict with since they were subject to quality audits. You see, I was hoping that I could just morph them into something that would pass for original work. But, here again, I wasn’t that talented or lucky.
As I looked around, I realized that I didn’t know what it was and what it wasn’t. I mean, is a control procedure the same thing as an internal control procedure or different. If different, how was it different? If not so different, how was it not so different? And what are accounting control measures? Are they different or similar? Anyway, you get the idea. I needed a working model or definition or, actually, I needed someone to point the way and do all the work. And, you know that didn’t happen!
I should know this. Wasn’t I an auditor once upon the pre-Lotus times? I searched the deep, dark and dusty recesses of my memory for something that would help me with this project and came up with nothing.
So, I did my research and came up with a definition from COSO’s Internal Control Integrated Framework, 1992. To paraphrase them, internal control was a process designed to provide reasonable assurance in the achievement of 1) effective and efficient operations 2) reliable financial reports and 3) compliance with applicable laws and regulations. That’s fine and dandy, but it doesn’t tell me how to design those damn things. For heaven sakes, man, I needed examples to follow. You know, fill-in-the-blanks sort of stuff. So, back to my research mouse again and, after much toll and trouble, I found the answer right there in front of me, i.e., on my screen. The internet gods have finally answered my prayers! And for only $75 dollars I could have it all! My boss would be so proud and the owner would shower me with much money while I cranked out those control procedures left and right! Yes, old boy, I could just see my career taking off like a rocket into the sky! (To be continued.)