Better understanding internal control risk

Better understanding internal control risks

Performing a policy and procedure evaluation is one way to identify such risk. The comprehensive evaluation should address these areas.

Internal control risk is present in all organizations, and organizations of all sizes are looking for ways to better manage such risk. Performing a policy and procedure evaluation is one way to identify risks, such as profit fade or cash leakage.

A financial statement audit is not designed to be a test of the internal control system. One way to identify internal control risk is to perform a comprehensive evaluation of the adequacy and effectiveness of the entity’s internal financial controls, processes and procedures, including a comparison to industry metrics and best practices.

A comprehensive evaluation should address the following areas:

  • Evaluation of existing controls
    To evaluate the suitability of the design of internal control, procedures should be performed to understand controls placed in operation to meet expected objectives. Controls should be documented through an understanding of the processes as they relate to authorization, initiation and recording processing and reporting of a transaction. We will identify and start with key processes such as contracts and cash.
  • Segregation of duties
    Procedures performed by accounting personnel involved in each transaction cycle should be analyzed for possible overlaps that might create a lack of segregation of duties. People should perform functions and have access only to the extent necessary. Based on this analysis, risks can be identified and controls can be implemented to help reduce control risks from a lack of segregation of duties.
  • Identification and testing of financial controls
    The best designed system of controls is only as good as the employees who carry out the controls. In order to corroborate the evaluation of existing controls, a sample of transactions for each set of identified controls is tested to ensure that controls are operating as intended. Again, we start with the key processes and the associated risks.
  • Recommendation for improvements
    Improvement recommendations are given based on identified weaknesses and risks. Results of these procedures are summarized and existing control risks are identified. Results are accompanied by industry best practices or control recommendations to help the organization mitigate future control risk and mature the entity’s control environment.

Financial controls, procedures and processes are a key element of sound fiscal administration. When controls are effective, they can preserve or enhance the fiscal health and wealth of the organization, create efficiencies for staff members and add value for owners.


For more information on policy and procedure reviews, contact Tyler Walden using the information below.

Tyler Walden

Vice President
Assurance Services

Bringing four years of prior financial institution experience to AGH, Tyler Walden now serves clients in a variety of industries, including banking, manufacturing, private equity, vehicle dealerships, aerospace, retailers, agribusiness and energy. Tyler joined AGH in 2013.

He is a certified public accountant and member of the American Institute of CPAs and Kansas Society of CPAs. In addition, he is active in the Community Bankers Association of Kansas, Young Bank Officers of Kansas and a young professionals board member of the Risk Management Association, Kansas Chapter. Tyler earned a bachelor’s degree in accounting and finance from Kansas State University as well as a certificate in integrated investment management. He is a member of Young Professionals of Wichita (YPW) and a graduate of YPW’s Leadership Academy.

Needing access to capital?
See how our audits and reviews can help.