Big4Guy

Sarbanes Oxley requires a companies management to make an assessment of internal controls over financial reporting. Now, how does a company's management go about assessing internal controls over its financial processes. Different companies are adopting different approaches for assessing internal. I had the opportunity to help many companies set up a step by step plan for assessing internal controls. Though there are many ways of doing it, what may work for one setup may fail for another. Below, you would find 5 steps which normally many companies adopt for assessing internal controls.

1. Planning and Scoping the Evaluation - The first step involves establishing the internal control evaluation process. Project scope, approach, milestones, timelines, resource planning, determining significant accounts, and significant locations are some of the things which occur in the first stage.

2. Documenting Controls - The second stage starts with documenting design of internal controls over relevant assertions relating to significant accounts and disclosures.

3. Evaluating Design and Operating Effectiveness of Controls - Design and operating effectiveness of controls is evaluated in the third stage with the output being documented results of evaluation.

4. Identify, Evaluate and Remediate Deficiencies - Control deficiencies identified using the results of evaluation are consolidated, assessed and corrected.

5. Report on Internal Controls - Lastly, based on the above four steps, a report on internal controls is made which is a written assertion of the effectiveness of internal control over financial reporting.