 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
The Fluffiness of Entity Level Controls Internal controls are pretty black and white generally, which is why compliance testing can be oh-so-satisfying: It’s either operating or it’s not. It either passes or it fails. There is either evidence, or there isn’t. We got all kinds of tried and true sampling methodologies, and hey, if that’s not enough, we can even test the whole darn population sometimes. But when it comes to entity level controls and corporate governance, things get soft and fluffy (but not cuddly) fast. Sure, some of them are still pretty straight forward (existence of an annual budget creation process!). But then we start to get into fostering of the corporate mission, upholding the code of conduct, keeping fair promotion practices, and it’s like trying to stuff a cloud into a box. Why is there so much emphasis placed upon organizational leaders from regulatory bodies on something so amorphous and so invisible? Because the overall philosophy and high level beliefs are what shapes the company. The company culture is defined by management and then it seeps down into everything from product and sales, to support and spending, to how we compete and how we treat customers. It’s hard to quantify yet deeply felt by every person. We tend to model ourselves to be like those around us. We take cues from our leaders and perceive what they do as the best and most appropriate way to behave. So when we talk about entity level controls, it must start at the very top – the board and management. What they value trickles down to become what everyone else in the organization will value and work toward. And that is why many companies, as tricky as it may be, work hard to design a set of internal controls that assesses the current state of culture against where the organization strives to be. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|