Internal Controls & Ethics

Level: Beginner Module: Accounting Foundations 5 min read Lesson 7 of 67

Overview

  • What you’ll learn: The principles of internal controls, segregation of duties, the fraud triangle, the Sarbanes-Oxley Act (SOX), and the ethical foundations of accounting.
  • Prerequisites: Lesson 6 — Accrual vs. Cash Basis Accounting
  • Estimated reading time: 16 minutes

Introduction

The Grand Historian records: The annals of accounting are littered with cautionary tales — Enron, WorldCom, Tyco, Wirecard — empires built on fabricated numbers, brought low by the inevitable reckoning. In each case, the failure was not merely technical; it was moral. The ledgers did not cook themselves. Human beings, faced with pressure, opportunity, and rationalization, chose to deceive.

Internal controls and professional ethics are the twin pillars that prevent the treasury from being plundered. Controls create systems that make fraud difficult; ethics create cultures that make fraud unthinkable. Without both, even the most sophisticated accounting system is merely an elaborate tool for concealment.

What Are Internal Controls?

Internal controls are the policies, procedures, and practices an organization implements to:

  • Safeguard assets from theft, loss, or misuse
  • Ensure accuracy and reliability of financial records
  • Promote operational efficiency
  • Ensure compliance with laws, regulations, and company policies

The Five Components (COSO Framework)

The Committee of Sponsoring Organizations (COSO) defines five integrated components of internal control:

Component Description
Control Environment The tone at the top — management’s commitment to integrity and ethical values.
Risk Assessment Identifying and analyzing risks that threaten the achievement of objectives.
Control Activities The policies and procedures that carry out management directives (approvals, authorizations, verifications, reconciliations).
Information & Communication Ensuring relevant information is identified, captured, and communicated in a timely manner.
Monitoring Activities Ongoing evaluations to ensure controls are functioning properly.

Segregation of Duties

The most fundamental internal control principle: no single person should control all phases of a transaction. Divide responsibilities among different people so that one person’s work serves as a check on another’s.

The three functions that must be separated:

  1. Authorization: Approving transactions (e.g., approving a purchase order)
  2. Custody: Physical control of assets (e.g., handling cash or inventory)
  3. Record-keeping: Recording transactions in the books (e.g., making journal entries)

When one person handles all three — authorizing, holding assets, and recording — the opportunity for undetected fraud is enormous. The accountant who approves invoices, signs checks, and records payments can create fictitious vendors and pay himself with impunity.

The Fraud Triangle

Criminologist Donald Cressey identified three conditions that are present in virtually every case of fraud:

  • Pressure (Motivation): Financial difficulties, gambling debts, substance abuse, living beyond one’s means, or unrealistic performance targets.
  • Opportunity: Weak internal controls, lack of oversight, excessive trust without verification, or a position with both custody and record-keeping authority.
  • Rationalization: “I’m just borrowing it.” “The company owes me.” “No one will notice.” “Everyone does it.” The mental justification that makes the act seem acceptable.

Remove any one leg of the triangle, and fraud is far less likely. Internal controls primarily target opportunity — making it harder to commit fraud and harder to conceal it.

The Sarbanes-Oxley Act (SOX)

In 2002, in the smoking ruins of the Enron and WorldCom scandals, the United States Congress enacted the Sarbanes-Oxley Act — the most significant overhaul of financial regulation since the Securities Acts of the 1930s.

Key provisions:

  • Section 302: CEO and CFO must personally certify the accuracy of financial statements. No more “I didn’t know.”
  • Section 404: Companies must document, test, and report on the effectiveness of internal controls over financial reporting.
  • Section 802: Criminal penalties for altering, destroying, or concealing documents to obstruct investigations (up to 20 years in prison).
  • Section 906: Criminal penalties for certifying financial statements known to be inaccurate (up to 20 years in prison).
  • PCAOB: Created the Public Company Accounting Oversight Board to oversee the auditing profession.

Professional Ethics in Accounting

The accounting profession rests on public trust. If investors cannot trust the numbers, the capital markets collapse. The major professional codes include:

  • Integrity: Be honest and straightforward in all professional relationships.
  • Objectivity: Do not allow bias, conflict of interest, or undue influence to override professional judgment.
  • Professional Competence: Maintain knowledge and skill at the level required for competent service.
  • Confidentiality: Do not disclose information acquired in the course of professional work without proper authorization.
  • Professional Behavior: Comply with laws and regulations; avoid actions that discredit the profession.

Key Takeaways

  • Internal controls safeguard assets, ensure accurate records, promote efficiency, and ensure compliance.
  • The COSO framework defines five components: control environment, risk assessment, control activities, information/communication, and monitoring.
  • Segregation of duties separates authorization, custody, and record-keeping among different people.
  • The fraud triangle (pressure, opportunity, rationalization) explains why fraud occurs; controls target opportunity.
  • SOX requires CEO/CFO certification of financial statements and documented internal controls.
  • Professional ethics — integrity, objectivity, competence, confidentiality — are the bedrock of public trust.

What’s Next

In Lesson 8, you will survey the major accounting standards and frameworks — IFRS vs. GAAP, the roles of the FASB and IASB — and understand why the world has not yet agreed on a single set of accounting rules.

繁體中文

概述

  • 學習目標:內部控制原則、職責分離、詐欺三角形、沙賓法案(SOX)、會計倫理基礎。
  • 先決條件:第 6 課——權責發生制 vs. 現金制
  • 預計閱讀時間:16 分鐘

簡介

太史公曰:會計之編年史中,警示之事不勝枚舉——安隆、世界通訊、泰科、威卡——皆為建築於虛構數字之上的帝國,終為不可避免之清算所摧毀。每一案例中,失敗不僅是技術性的,更是道德性的。帳簿不會自己造假,是人在壓力、機會與自我合理化面前,選擇了欺騙。

什麼是內部控制?

  • 保護資產免於竊盜、損失或濫用
  • 確保財務記錄的準確性與可靠性
  • 促進營運效率
  • 確保法規遵循

COSO 架構五大組成部分

組成部分 說明
控制環境 高層的態度——管理階層對誠信與倫理的承諾。
風險評估 識別與分析威脅目標達成之風險。
控制活動 核准、授權、驗證、對帳等政策與程序。
資訊與溝通 確保相關資訊被及時識別、捕獲與傳達。
監督活動 持續評估以確保控制正常運作。

職責分離

必須分離的三項職能:

  1. 授權:核准交易
  2. 保管:實際控制資產
  3. 記錄:在帳簿中記錄交易

詐欺三角形

  • 壓力(動機):財務困難、賭債、績效壓力。
  • 機會:內部控制薄弱、缺乏監督。
  • 合理化:「我只是借用」「公司欠我的」「沒人會發現」。

沙賓法案(SOX)

  • 第 302 條:CEO 及 CFO 須親自認證財務報表之準確性。
  • 第 404 條:公司須記錄、測試並報告內部控制之有效性。
  • PCAOB:設立公眾公司會計監督委員會。

重點摘要

  • 內部控制保護資產、確保記錄準確、促進效率、確保合規。
  • 職責分離將授權、保管、記錄分散於不同人員。
  • 詐欺三角形(壓力、機會、合理化)解釋詐欺為何發生。
  • SOX 要求 CEO/CFO 認證財報並記錄內部控制。

下一步

在第 8 課中,您將概覽主要會計準則與框架——IFRS vs. GAAP、FASB 與 IASB 的角色。

日本語

概要

  • 学習内容:内部統制の原則、職務分離、不正のトライアングル、SOX法、会計倫理の基礎。
  • 前提条件:レッスン6——発生主義vs.現金主義
  • 推定読了時間:16分

はじめに

太史公曰く:会計の年代記は警告の物語で溢れている——エンロン、ワールドコム、タイコ、ワイヤーカード——捏造された数字の上に築かれた帝国は、避けられない清算により崩壊した。すべての事例において、失敗は技術的なものだけでなく、道徳的なものであった。

内部統制とは

  • 資産の保全
  • 財務記録の正確性と信頼性の確保
  • 業務効率の促進
  • 法令遵守の確保

COSOフレームワークの5つの構成要素

構成要素 説明
統制環境 経営陣の誠実さと倫理的価値観への姿勢。
リスク評価 目標達成を脅かすリスクの識別と分析。
統制活動 承認、認可、検証、照合の方針と手続。
情報と伝達 関連情報の適時な識別、捕捉、伝達。
監視活動 統制の機能を確保する継続的評価。

職務分離

  1. 承認:取引の承認
  2. 保管:資産の物理的管理
  3. 記録:帳簿への取引記録

不正のトライアングル

  • 圧力(動機):財務的困難、業績圧力。
  • 機会:弱い内部統制、監督不足。
  • 正当化:「借りているだけ」「会社が悪い」。

SOX法

  • 第302条:CEOとCFOが財務諸表の正確性を個人的に証明。
  • 第404条:内部統制の有効性を文書化・テスト・報告。
  • PCAOB:公開会社会計監視委員会を設立。

重要ポイント

  • 内部統制は資産を保全し、記録の正確性を確保する。
  • 職務分離は承認・保管・記録を異なる人員に分散する。
  • 不正のトライアングル(圧力・機会・正当化)が不正の発生を説明する。
  • SOX法はCEO/CFOによる財務諸表の証明と内部統制の文書化を要求する。

次のステップ

レッスン8では、主要な会計基準とフレームワーク——IFRSとGAAP、FASBとIASBの役割——を概観する。

You Missed