Corporate Compliance
Corporate Compliance
Internal control means different things to different people. This causes confusion among businesspeople, legislators, regulators and others. Resulting miscommunication and different expectations cause problems within an enterprise. Problems are compounded when the term, if not clearly defined, is written into law, regulation or rule. (COSO, 2006) Internal control over financial reporting has always been a major area in the governance of an organization, and this importance has been magnified in recent years. This tool is intended to give audit committees basic information about internal control to understand what it is, what it is not, how it can be used most effectively in the organization, and the requirements of management with respect to the system of internal control over financial reporting. (AICPA, 2006)
UTC delivers a premium internal audit service that enables its business segments to achieve superior performance. UTC seeks effective risk management, identify opportunities for enhanced efficiencies, foster compliance and facilitate constructive change. The aim of corporate governance at UTC is an ethical culture in which 100 % compliance with laws and regulations is the standard. UTCs internal audit teams conduct risk-based audits and recommend strategic solutions to the UTC business units. These controls are designed to provide reasonable assurance that the Corporation’s assets are safeguarded, that transactions are executed in accordance with management’s authorizations and that the financial records are reliable for the purpose of preparing financial statements. In making its assessment, management has utilized the criteria set forth by the Committee of Sponsoring Organizations (COSO) of the Tread way Commission in Internal Control — Integrated Framework. Management concluded that based on its assessment, UTC’s internal control over financial reporting was effective as of December 31, 2006. (2006, UTC)
Internal control consists of five interrelated components. These are derived from the way management runs a business and are integrated with the management process. The components are:
Control Environment -The control environment sets the tone of an organization, influencing the control consciousness of its people. It is the foundation for all other components of internal control, providing discipline and structure. (COSO, 2006)
Risk Assessment – Risk assessment is the identification and analysis of relevant risks to achievement of the objectives, forming a basis for determining how the risks should be managed. (COSO, 2006)
Control Activities – Control activities are the policies and procedures that help ensure management directives are carried out. They help ensure that necessary actions are taken to address risks to achievement of the entitys objectives. (COSO, 2006)
Information and Communication – Pertinent information must be identified, captured and communicated in a form and timeframe that enable people to carry out their responsibilities. Information systems produce reports, containing operational, financial and compliance-related information, that make it possible to run and control the business. They deal not only with internally generated data, but also information about external events, activities and conditions necessary to informed business decision-making and external reporting. (COSO, 2006)
Monitoring- Internal control systems need to be monitored–a process that assesses the quality of the systems performance over time. This is accomplished through ongoing monitoring activities, separate evaluations or a combination of the two. Ongoing monitoring occurs in the course of operations. It includes regular management and supervisory activities, and other actions personnel take in performing their duties. (COSO, 2006)
If there were no controls in our manufacturing process, the product would not perform as expected once it reached the consumer. Due to having controls in place each manufactured unit is put through a vigorous cycle of testing. With each process of the operation inherent risk is involved. No matter what steps are incorporated in the process, missteps will occur due to human error and machinery breakdowns that can occur. Machinery malfunctions can cause risk to increase likewise. Controls are capable of ensuring that manufacturing