Skip to main content
Rehmann
Pay Bill
Rehmann
Solutions
Audit and AssuranceConsultingFinance and AccountingTaxTechnology ServicesWealth Management View all solutions
No matter the organizational need, our experienced and focused team is ready and eager to help. We invite you to put our expertise to work.
Welcome to the AI Primer: Unraveling the Tapestry of Artificial Intelligence 
Article
Welcome to the AI Primer: Unraveling the Tapestry of Artificial Intelligence 
Update: Corporate Transparency Act Reporting Requirements
Article
Update: Corporate Transparency Act Reporting Requirements
Industries
CannabisConstructionFinancial ServicesHealthcareManufacturingPublic SectorPrivate Equity View industries we serve
We understand where you’re coming from. Rehmann professionals provide expertise in a wide range of industries to help you address challenges and seize opportunities.
Resources
ArticlesGuidesPodcastsWebinars View all resources
Our team is focused on helping clients through consultation and connection. We’re also dedicated to sharing our knowledge and insights. Feel free to browse our wealth of information.
Hold on to Top Talent: Key Strategies That Won’t Break the Bank
Article
Hold on to Top Talent: Key Strategies That Won’t Break the Bank
Webinar
Series: Thriving with AI
About Us
Who We AreLocationsNewsThe Rehmann TeamEventsThe Rehmann Foundation
Our mission is to bring energy, focus, and integrity to every interaction — relentlessly pursuing expertise to accelerate our clients’ and associates’ goals. Take a look at the world of Rehmann.
Resources  >  Articles

Robust internal controls are essential today

Related Solutions: Audit and Assurance

October 27, 2022

Contributors: Thomson Reuters

Abstract: Internal controls have been a hot button issue during the COVID-19 pandemic, especially as remote working arrangements have become more common. Many companies spent significant time assessing and improving internal controls in 2021 — and this audit season, auditors are likely to conduct additional inquiry and testing procedures related to internal controls. This article discusses the importance of evaluating internal controls over financial reporting.

5 Components

A solid system of internal controls translates into more reliable financial reporting and can help companies prevent, detect and correct financial misstatements. In contrast, weak controls can result in costly errors — and even fraud.

According to the Committee of Sponsoring Organizations of the Treadway Commission (COSO), internal controls should be “designed to provide reasonable assurance [of] the achievement of objectives in the effectiveness and efficiency of operations, reliability of financial reporting, and compliance with laws and regulations.”

COSO lists five components of internal controls:

  1.  Control environment,
  2. Risk assessment,
  3. Control activities,
  4. Information and communication, and
  5. Monitoring.

Companies must continually review and improve internal control performance. AICPA auditing standards also require external auditors to evaluate their client’s internal controls as part of their audit risk assessment procedures. Private auditors tailor audit programs for potential risks of material misstatement, but they aren’t required to specifically perform procedures to identify control deficiencies, unless they’re hired to perform a separate internal control study.

Management letters

Statement on Auditing Standards (SAS) No. 115, Communicating Internal Control Related Matters Identified in an Audit, requires auditors to consider whether controls are sufficient to prevent and detect misstatement, as well as whether they enable management to correct misstatements in a timely manner. Under SAS 115, management letters must identify the following types of internal control deficiencies that have been unearthed during audit procedures:

Material weaknesses. Such shortcomings refer to “a deficiency, or combination of deficiencies, in internal control, such that there is a reasonable possibility that a material misstatement of the entity’s financial statements will not be prevented, or detected and corrected on a timely basis.”

Significant deficiencies. This type of concern is “less severe than a material weakness, yet important enough to merit attention by those charged with governance.” Note that a control deficiency is dependent on the potential for misstatement; misstatement need not actually have occurred.

SAS 115 permits significant leeway in how auditors classify internal control weaknesses, such as lack of segregation of duties, inadequately trained accounting personnel, restated prior period financial statements, and material audit adjustments.

When classifying deficiencies as material or significant, auditors evaluate the probability and magnitude of the potential misstatement. They also consider “compensating controls,” which are substitute procedures that limit the severity of a deficiency.

Public company SOX compliance

In addition to SAS 115, Section 404 of the Sarbanes-Oxley Act (SOX) requires a public company’s management to assess its internal control over financial reporting (ICFR). The provision also requires the company’s external auditor to attest to the effectiveness of management’s internal controls.

In addition to increased vulnerabilities caused by remote working arrangements during the pandemic, the following conditions have caused public companies to spend more time checking ICFR than they had in previous years:

  • Accounting standard changes (in particular, the new guidance on credit losses and reporting leases),
  • The use of technology (such as robotic process automation and artificial intelligence) that requires testing of new controls, and
  • Rigorous inspections of controls by the Public Company Accounting Oversight Board (PCAOB).

Strong internal controls aren’t just important for public companies. Privately held companies are often less resilient to frauds caused by weak controls. Plus, they tend to have less sophisticated internal audit and accounting departments than public companies.

We Can Help

Our auditors have seen the best — and worst — in internal control practices. Contact us if you need help brainstorming cost-effective ways to improve your existing internal controls system.

© 2022