Quality Assurance: A Necessary Ingredient for Internal Control

Management’s ability to fulfill its financial reporting responsibilities often depends on the design and effectiveness of the processes and safeguards it has put in place over accounting. While no control system can absolutely assure that financial reports will never contain material errors or misstatements, companies must discuss how a quality assurance process can substantially reduce the risk of inaccuracies and can lead to an effective system of internal control over financial reporting.

An increased focus on the adequacy of internal control systems by a wide variety of regulators is causing organizations to take a more systematic, risk-focused approach to managing their compliance efforts. A well-designed quality assurance program supports the process by which accounting judgments and estimates are made, and in turn the reliability of the financial reports. Considering the new standards on revenue recognition and lease accounting, it will become even more important for companies to have a robust system of controls. Most companies tend to have their upstream processes such as AP, AR, fixed assets, covered, but it’s the downstream processes such as financial statements, footnotes, and MD&A that are often questioned.

Below are general best practices to discuss internally when executing this strategy:

  • A Quality Assurance (QA) program should be considered when an organization wants to minimize the risk/impact to Financial Reporting, Operations, and Reputation
  • A risk based approach should be utilized when designing and implementing controls as well as establishing your QA program.
  • Build effective relationships with Internal and External Auditors – leverage them as a “sounding board”

QA Key Points:

  • Be sure the individual(s) performing the QA are knowledgeable enough about the organization to identify when items should be questioned further or if the control was performed correctly
  • As part of the QA review process, it is important to document the following:
    • Key attributes or data points reviewed
    • Items requiring additional follow-up
    • Steps taken to address/resolve items requiring follow-up
    • Timely resolution of items requiring additional follow-up
    • Evidence to support the QA individual(s) review and approve the follow-up items have been resolved
    • Include this information as part of the support to evidence the QA review occurred
  • As part of the QA review process, it is also important the individual(s) performing the review validate the underlying data used to perform the control is complete and accurate.  For example, the reviewer can inspect the parameters/filters used to obtain the data from a particular system for accuracy of the data that is included or excluded.

Also, it’s worth mentioning that QA processes are needed at various levels of an organization, and if a company does not have resources, they should outsource competent QA resources. A good independent set of eyes can make all the difference with success in this endeavor.