Are you in control? Preparing the internal control documentation required by the COSO framework can be difficult and daunting for some financial institutions. In our work with clients who are preparing to meet COSO requirements, we see a handful of areas banks can address to keep their implementation on track:
- Control environment
- Risk assessment
- Control activities
- Information and communication
- Monitoring activities
Because the framework is not highly prescriptive about specific internal controls, there are several practical considerations and actions to take that can help you focus on areas that are easily overlooked. Spreadsheet controls, sample sizes, exception monitoring, testing, and commonly missed controls make up the bulk of the what to consider. By focusing your efforts on these areas, you can more efficiently reduce potential audit findings by making changes to your internal control process.
My colleagues and I provide more detail about specifically how and what to address in our white paper "INTERNAL CONTROL OVER FINANCIAL REPORTING: Best Practices & Useful Strategies for Creating an Effective System of Internal Control."
The bottom line? Prepare now to save time -- and potentially reduce audit findings -- later. Once you have your process in place, you won't have to scramble to implement controls during the year you become subject to an integrated audit under SOX 404 / FDICIA. Learn more about improving your institution's internal controls: Download our whitepaper and get ready now!