Internal Controls for Financial Internal Decision Support Information

Should financial information used for internal decision support have an internal control structure?  This is sometimes a criticism of using financial information not tightly tied to the required financial reports.

This really isn’t a tough question.  The COSO Internal Control Integrated Framework is not written just for Internal Controls over Financial Reporting (though it is often talked about in that way); the Internal Control Framework is written to support controls over all information that is important to an organization achieving its strategic performance goals.

So….if the financial internal decision support models, processes, and information are important to your organization achieving its goals, there should be some internal controls in place to insure the processes are working as designed.  The first control question I would ask most organizations is: Do you have a financial internal decision support model and process?   Most would fail at this point.  But, let’s set the sarcasm aside.

Let’s look at the issue more broadly.  Why are internal controls so vital to financial accounting/reporting information? 

1. Finance and accounting is normally very close to cash which makes fraud easier and more likely.  (Though fraud controls are much different than financial reporting controls in many cases,  see the COSO Fraud Risk Management Guide.)

2. The primary reason is that lots of mistakes can happen deep in accounting systems and processes, and no one would know for a long time.    Things like failures to reconcile and correct many types of general ledger accounts simply can go unnoticed for long periods.  Some issues get quick response such as: Payment errors are usually noticed by a vendor or the part of the organization whose budget paid for something.  Payroll errors, especially under payment, get noticed quickly.

   
   

Why aren’t internal controls as prominent in operational information?

1. Most operational errors or failures are noticed very quickly by a customer or downstream processor.

2. Some, such as quality issues, may be hidden for a while.  But quality is an area of operations that typically has internal controls.

3. Internal controls should be in place to ensure reports are prepared accurately because higher level users may not have a strong connection to the operational reality.

   
   

Where does financial internal decision support information fall?

1. Financial internal decision support information should reflect resources and operations; therefore, if the information is used widely and frequently, errors should be quickly obvious.

2. The information may not need to be controlled, but the processes associated with models should be controlled to avoid hidden errors that will corrupt the information.  For example, if a financial internal decision support model is not updated to reflect operation process changes regularly or key operational data is not updated regularly….difficult to notice errors may creep into the information.

   
   

This blog really covers 2 topics.  The application of internal controls should go well beyond financial reporting in an organization; internal controls should be used around organizational goal achievement and most management and external reporting processes.   And financial internal decision support information and processes need internal controls, but not in the same way as financial accounting information.

Agree?   Disagree?   Have a different perspective? I welcome your thoughts on this topic.