What are GAAP Internal Controls?

Published July 21, 2020 • 2 min read

Generally Accepted Accounting Principles, or (GAAP) internal controls are designed to prevent clerical errors and fraud that can compromise the accuracy of an organization’s financial statements. In addition, internal controls can help a company prevent theft of its assets and determine which of its employees are not as productive as they should be.

Financial Accounting Standards Board (FASB)’s generally accepted accounting principles (GAAP) set the accounting standards that public companies must follow. 

United States law mandates that all publicly traded companies, as well as any company that publicly releases financial statements, follow the generally accepted accounting principles, procedures, and applicable laws. 

An organization’s internal control over its financial reporting process offers reasonable assurance regarding the reliability of its financial reporting. Internal control also ensures the preparation of its financial statements for external purposes in accordance with the generally accepted accounting principles.

What does an organization’s internal control over financial reporting entail?

An organization’s internal control over financial reporting includes policies and procedures that:

  • Pertain to maintaining records that accurately and fairly reflect the transactions and dispositions of its assets.
  • Provide reasonable assurance that transactions are recorded as needed to enable the company to prepare its financial statements according to the generally accepted accounting principles. Also, provide that only the company’s management and directors are authorizing its receipts and expenditures.
  • Provide reasonable assurance about the prevention or timely detection of unauthorized acquisition, use, or disposition of the company’s assets that may have a material effect on its financial statements.

The generally accepted accounting principles aim to ensure that the financial statements of the affected organizations are presented in a consistent manner. This is so investors and other interested parties can more easily read and understand the information contained in the statements.

What are the basic principles of internal controls?

The basic principles of internal controls are:

  • Segregation of duties: Separating duties among employees reduces the chance that any one person can commit fraud and it also creates procedures to double-check work to decrease clerical errors. For example, separating duties means the employee who handles record keeping should not have physical custody of the asset. 
  • Access: Physical internal controls ensure that only authorized employees can access company assets. Some common physical internal controls include unique passcodes for workers who run cash registers and key cards for warehouse employees. These physical internal controls may also be digital, e.g., requiring a password to access an organization’s network.
  • Authorization: An organization should establish specific written procedures for financial transactions, including a list of the employees who are authorized to approve which transactions. 
  • Record keeping: A company should back up all its financial statements by general ledger reports or additional schedules. 
  • Verification: A manager should regularly review all key general ledger accounts for accuracy. However, the manager must be an employee who did not help prepare the report. Some organizations also use internal auditors to verify the manager’s approval.

Learn how we can fit into your business.

Schedule a demo to learn how we can help guide your organization to confidence in infosec risk and compliance.

Help us get to know you.

Get a demo