Kral Ussery LLC, Certified Public Accountants
TX Office: (817) 416-6842
NV Office: (702) 565-2727

Controls

Paving a trail of advice and support services to best reach objectives:

  • Operational, Reporting & Compliance
  • Internal Controls over Financial Reporting (SOX-404)
  • Information Technology General Controls
  • Entity-Level Controls via the COSO Frameworks
  • Cybersecurity Accountability
  • Control Design, Documentation & Testing

Control Activities

Control activities mitigate risks to help ensure that operating, reporting and compliance objective are met. A lapse in awareness, judgment, or action can prove disastrous. Identifying proper controls for you size, industry and operating environment is essential for success.  While financial reporting control often gleam much of the attention, controls are necessary to help reach all corporate objectives, including regulatory compliance and strategic planning initiatives.

Internal Controls over Financial Reporting (SOX-404)

Popularized by Section 404 of the Sarbanes-Oxley Act (SOX), internal control over financial reporting (ICFR) continues to demand a lot of attention, and costs.  Specifically, U.S. public companies must include in their annual 10-K report as filed with the SEC, a report entitled Management's Annual Report on Internal Control Over Financial Reporting (Annual Report on ICFR). There are four disclosure requirements to the Annual Report on ICFR as follows:

  1. A statement of management's responsibility for establishing and maintaining adequate ICFR for the registrant;
  2. A statement identifying the framework used by management to evaluate the effectiveness of the registrant's ICFR;
  3. Management's assessment of the effectiveness of the registrant's ICFR as of the end of the registrant's most recent fiscal year, including a statement as to whether or not ICFR is effective; and
  4. If the registrant is an accelerated filer or a large accelerated filer, or otherwise includes in its annual report a registered public accounting firm’s attestation report on ICFR, a statement that the registered public accounting firm that audited the financial statements has issued an attestation report on the registrant’s ICFR.

This effort, like any, involves risks and opportunities.  Done correctly, management’s assessment of ICFR will help keep the company within the good graces of the SEC, investors, creditors and other stakeholder groups.  However, this involves understanding and applying the wide variety of controls that collectively define ICFR.  This includes entity-level controls, manual accounting controls, IT general controls and software application controls. The Kral Ussery team brings a complete set of tools and knowledge basis to assist management in virtually any aspect of the ICFR evaluation.

Information Technology General Controls and Cybersecurity Accountability

Robust IT general and application controls are critical for any organization.  We apply a variety of frameworks, including COSO’s Internal Control – Integrated Framework and ISACA’s Control Objectives for Information and Related Technologies (COBIT framework) in helping clients design and test their IT controls.  This includes access, security (i.e., cybersecurity) and change management that often rise to the top of external auditors’ concerns in evaluating risks.  Cybersecurity is one of the hottest topics in boardroom and management circles, and rightfully so.  We can help you develop an effective cybersecurity risk management strategy.

Entity-Level Controls via the COSO Frameworks

The heart-beat of strong controls is clearly in the hands of people. While the movement to automate controls has appropriately gained momentum in an effort to reduce testing efforts and maximize operating effectiveness, the majority of entity-level controls rely upon people. Investing in your people and culture, which is the essence of entity-level controls, is a company’s safest bet to avoid material weaknesses and gain cost efficiencies. Competent people working within a healthy control environment will do more to reassure your external auditors than anything you can provide on the costly documentation front.

Entity-wide controls include the control environment, risk assessments, information, communication and monitoring activities. This include the infamous “tone-at-the-top.”  Indeed, it is ultimately people who establish and oversee company objectives and the underlying controls to reach them. Unfortunately, the reality is that many companies continue to struggle on this front.  Here are some suggestions in addressing risks through control assessments:

  • Begin with entity-level controls
  • Hire the right caliber of people and give them the tools to succeed, including training and mentoring
  • Commit to a schedule of periodic risk assessment sessions that include robust brainstorming amongst a diverse range of managers and process owners
  • Look for red-flags, such as: disgruntled employees, missed deadlines, concerns of overwhelming workloads, confusion over roles, high staff turnover, and excessive absences.
  • Invest in monitoring activities since controls tend to deteriorate over time when there is little or no monitoring

The Internal Control – Integrated Framework, created by The Committee of Sponsoring Organizations of the Treadway Commission (COSO) is by far the most common framework used by SEC registrants for evaluating ICFR.  We believe that this is an extremely powerful framework for addressing all types of controls, including entity-level controls.

Boardroom Controls

As the shareholders’ eyes and ears on management, the board of directors must provide oversight to help ensure corporate objectives are met. Many governance experts agree that while board members should not be micro-managing their companies, they should ensure sufficient monitoring of management’s key decisions and actions. Kral Ussery LLC understands these dynamics and works with boards and their committees to provide a healthy degree of monitoring through special reviews, controls and internal auditing.

Boards must keep a pulse of the most significant risks to the entity’s business model as well as executive management performance. Likewise, the C-Suite needs to know what risks may be hidden from view today that can cause problems tomorrow. All board members and managers with governance, risk and compliance responsibilities need to be comfortable that their controls are well established and operating as designed. The proper alignment of people, process, technology and data is essential in growing shareholder value. We work with boards and management teams in helping ensure that controls are effective through robust design, accountabilities and communications. 

Board and Committee Assessment Tools

While many tools exist for evaluating boards, most of them simply evaluate whether the organization meets basic fiduciary or regulatory requirements. Compliance with legal regulations is a must, but boards wishing to make a real difference need to set the bar even higher.

Kral Ussery offers a suite of board-evaluation tools ranging from self-administered questionnaires to anonymous surveys and facilitated sessions. Our tools assess entire boards, both statutory or advisory, individual directors, or specific committees such as audit, compensation and nominating. Our evaluations address critical success factors such as:

  • Culture
  • Independence
  • Accountability
  • Stakeholder relationships
  • Director expertise
  • Risk awareness
  • Code of conduct
  • Orientation and training
  • Management oversight
  • Information dependency

Get In Touch With Us

Governance Issues TM

A Newsletter to Help You
Protect & Grow Shareholder Value

Free Subscription     View Previous Articles
IPO FAQs | IPO Process | Detailed IPO Process Steps
Home | Privacy Policy | Disclaimer | Site Map

Copyright © , Kral Ussery LLC, Certified Public Accountants All Rights Reserved

Web Presence By Netphoria Inc