Internal control is a system that the company has defined and implemented under its responsibility, aimed to ensure:
- compliance with laws and regulations;
- application of instructions and policies set by General Management or the board of directors;
- smooth functioning of the company’s internal processes, notably those aiding to protect its assets;
- reliability of financial information.
In general terms, the internal control contributes to the control of the company’s activities, to the efficiency of its transactions and to the efficient use of its resources.
It is each company’s responsibility to implement a system of internal control fitting its situation. In the framework of a group, the mother company ensures the implementation of internal control in its subsidiaries. These systems should be adapted to their own characteristics and to the relationships between the mother company and its subsidiaries.
Internal auditing is a profession and activity involved in advising organizations regarding how to better achieve their objectives. Internal auditing involves the utilization of a systematic methodology for analyzing business processes or organizational problems and recommending solutions
The internal audit function is an independent and objective activity, which assures a company of the degree of control over its transactions, provides advice to improve them and contributes to create added value.
Focused on the company’s major objectives, the internal control purpose concerns the evaluation of all the company’s processes, functions and transactions, and more precisely the management processes of risks, control and governance. It helps the company to reach its objectives by evaluating, with a systematic and methodical approach, its management processes of risks, control and governance, and by developing proposals to reinforce its efficiency.
Company obligations vs legislation
Following the recent high profile failure of certain companies, regulators have significantly reinforced laws and rules concerning the publication of financial information and the internal controls over company activities (Sarbanes Oxley laws in the USA, Financial Security Law in France, directives of the Financial Markets Authority, …).
The Sarbanes-Oxley Act of 2002 (Pub.L. 107-204, 116 Stat. 745, enacted 2002-07-30), also known as the Public Company Accounting Reform and Investor Protection Act of 2002 and commonly called SOX or Sarbox; is a United States federal law enacted on July 30, 2002 in response to a number of major corporate and accounting scandals including those affecting Enron, Tyco International, Adelphia, Peregrine Systems and WorldCom. These scandals, which cost investors billions of dollars when the share prices of the affected companies collapsed, shook public confidence in the nation's securities markets. Named after sponsors Senator Paul Sarbanes (D-MD) and Representative Michael G. Oxley (R-OH), the Act was approved by the House by a vote of 334-90 and by the Senate 99-0. President George W. Bush signed it into law, stating it included "the most far-reaching reforms of American business practices since the time of Franklin D. Roosevelt."
The Financial Security Law of France (known in France as LSF or Loi de sécurité financière), signed by the Minister of Finance, Francis Mer, was adopted by the French Parliament on July 17, 2003 in order to strengthen the legal provisions relating to corporate governance. The LSF was published in OJ No. 177, August 2, 2003 (No. 2003-706 dated August 1, 2003).
Similar to the American Sarbanes-Oxley Act, the Financial Security Law of France rests mainly on:
- An increased responsibility of leaders
- A strengthening of internal control
- A reduction in the sources of conflicts of interest
These laws require companies not only to take an interest in financial figures, but also in the conditions of their control environment. This has led to a consequent increase in the attributions and responsibilities of internal audits in companies that face multiple rules, worldwide activities, training and consciousness of operational employees, and managers wanting to obtain precise information on the risks incurred.