The success of an organization can be attributed to the effectiveness of it controls. Enabling this effectiveness is the organizational culture intentionally developed and nurtured by leaders that promotes an appreciation and application of organizational controls. These controls include policies and procedures that collectively are referred to as internal control and are needed to reasonably assure the objectives of producing reliable financial reports, performing operations effectively and efficiently, and complying with applicable laws and regulations.1
Internal control is only able to reasonably assure the aforementioned objectives of an organization because of the limitations that exist in designing and implementing a system of internal control. Limitations include the problem of costs versus benefits, the possibility of collusion among employees, and the potential for management to override the same controls they were instrumental in designing. However, those limitations do not provide excuses for an organization failing to design and implement an appropriate system of internal control given its size and complexity. In fact, Ellen White reinforces the import of this matter by stating: “For evils that we might have checked, we are just as responsible as if we were guilty of the acts ourselves.”2
The financial policies of the Seventhday Adventist Church require each organization within the family of entities to have a system of internal control that is appropriately designed, documented, implemented, communicated, and is monitored by the highest level of governance in that organization.3 With management and governance of an organization collaborating to comply with what the financial policies require, it will be important to recognize that shared religious beliefs can provide a false sense of comfort regarding internal control. Religious organizations are at greater risk to experience impairing effects on the design and operation of their internal control because of a propensity to extend trust within the organization at the expense of oversight. Put more bluntly, religion in the workplace can create the environment for fraud to develop. 4
There are 17 principles that guide an organization in its design and implementation of an effective system of internal control. For internal control to be effective, these principles need to be both present and functioning in an organization. The following table summarizes the 17 principles as grouped to the relevant component of internal control:
Although the effort to design appropriate internal control that is adequate to the size and complexity of an organization may seem daunting, the process can be reduced to a sequence of three simple questions:
1. What is the objective?
2. What is the risk that the objective may not be achieved?
3. What is the control needed to mitigate that risk?
The first question relates to the three objectives of internal control— those being to reasonably assure reliable financial reports are produced, operations are performing effectively and efficiently, and there is compliance with applicable laws and regulations. Determining the risk that any or all of these objectives may not be achieved requires management and governing boards to identify and implement the most appropriate control to mitigate that risk. The menu of controls available to implement include having adequate segregation of duties, proper authorization of transactions, adequate documents and records, physical control over assets and records, and independent checks on performance. In selecting segregation of duties as the control to mitigate risk, it must be remembered that the same person should not be able to initiate the transaction, authorize the transaction, record the transaction, while at the same time have custody of the asset being used to fulfill the transaction.
Engaging in the ongoing process of ensuring that internal control is appropriately designed, documented, implemented, communicated, and monitored is an essential activity for management and governing boards seeking to be faithful stewards of God’s resources. To illustrate that engaging in this process can be less daunting that it may appear to be, an example of how to apply the sequence of three questions is provided below toward the objective of reasonably assuring reliable financial reports:
So far in this series of articles we have examined how the attitudes and actions of steward leaders play an essential role in promoting organizational stewardship, explored the important role of organizational culture in building the currency of confidence, and examined the principles and process of internal control that is required for every church organization. In the next article, financial oversight committees will be addressed as another aspect of organizational controls and the role they play in building confidence inside and outside the organization.
1 ISA 265 promulgated by the International Auditingand Assurance Board (IAASB) at https://www. ifac.org/system/files/downloads/a015-2010-iaasbhandbook- isa-265.pdf.
2 Ellen G. White, The Desire of Ages (Boise, Idaho: Pacific Press Pub. Assn., 1940), p. 441.
3 General Conference Working Policy, S 04.
⁴ C. P. Koerber and C. P. Neck (2006), “Religion in the Workplace: Implications for Financial Fraud and Organizational Decision Making,” Journal of Management, Spirituality & Religion 3 (March 2015): pp. 305-318.
⁵ Internal Control—Integrated Framework (2013), www.coso.org.