The accomplishments of businesses should be determined by how efficient its managers are in handling risk. Therefore, acquiring successful risk management helps to shield the company from losses because of inadequate accounting practices along with errors or fraudulent activities. The internal control methods start with upper management and lower management and the approach that management exposes throughout the company. The controller, job, is to be accountable for the accounting operations of the business by overseeing the accounting department. The responsible of cash and risk management also falls under this job function. Manager duties include implementing the policies and procedures used within the company, these policies and procedures are used to build the structure that is found within the internal control environment. By using good controls, this can protect managers from problems that can arise when verifying financial statements used in yearly reports because after these reports are published, they become an image of the establishment’s internal controls. Internal reporting options are necessary for keeping investors and regulators informed and show how they operate and how controls are in place.
Internal reporting should include the committee of sponsoring organizations of the Treadway Commission (COSO), Integrated Framework (workflow), document management, real-time compliance and data mining tools. The Sarbanes-Oxley Act in 2002 has made an effort to address a number of companies’ weaknesses. It has an important provision (Section 302 or 404) that states certain key companies certify the financial statements. The controller will have to ensure these rules are enforced. These reports will indicate if the financial statements are reported in compliance with generally accepted accounting principles. The reports will be used to convey useful evidence about the company to decision makers that may not see it on the financial statements (Louwers, T. J., et al., 2007, Chapter 2).
The risk evaluation criteria should first review significant background information to help with defining evaluation criteria. The controller will look at strategic or operational plans that form the business objectives of the organization and the legal requirements, regulations, and standards the company must comply with, and other risk management processes. By developing, an understanding of existing managerial risk limits founded by the liability, operational plans, and insurance-related issues. The comptroller will define evaluation criteria by discussing area of impact. What is high, medium, and low risks on the organization, and then record this information. Some information that should be recorded is productivity, finances, reputation, and legal penalties and some another risk measures are probabilities or a threat profile, because risk factors are continually changing Alberts and Dorofee (2014).
Many Chief Executive Officers CEOs and CFOs of public companies are aware of their obligations to certify the competence of their establishment's internal controls throughout its financial reporting. They sometimes can inadvertently put their information technology (IT) controls on the back burner by