Chapter 7 Sarbanes-Oxley, Internal Control, and Cash 309Internal control can safeguard assets by preventing theft, fraud, misuse, or mis-
placement. One of the most serious breaches of internal control is employee fraud.
Employee fraudis the intentional act of deceiving an employer for personal gain. Such
deception may range from purposely overstating expenses on a travel expense report
to embezzling millions of dollars through complex schemes.
Accurate information is necessary for operating a business successfully. The safe-
guarding of assets and accurate information often go hand-in-hand. The reason is that
employees attempting to defraud a business will also need to adjust the accounting
records in order to hide the fraud.
Businesses must comply with applicable laws, regulations, and financial reporting
standards. Examples of such standards and laws include environmental regulations,
contract terms, safety regulations, and generally accepted accounting principles
(GAAP).Elements of Internal Control
How does management achieve its internal control objectives? Management is
responsible for designing and applying five elements of internal controlto meet the
three internal control objectives. These elements are (1) the control environment,
(2) risk assessment, (3) control procedures, (4) monitoring, and (5) information and
communication.^5
The elements of internal control are illustrated in Exhibit 2. In this exhibit, these
elements form an umbrella over the business to protect it from control threats. The5 Ibid., 12–14.Control Threats
BusinessManagementControl
ProcedureControl
EnvironmentRisk AssessmentInformation and
CommunicationMonitoringExhibit 2
Elements of Internal
Control