Discussion:
The 3 most essential internal controls, in my opinion, are risk assessment, environment and monitoring of controls. Something as precarious as internal controls needs to be monitored as closely as possible due to how critical that process is to the health of the company. In the cases of Enron and WorldCom, both companies were exhibiting faulty business practices starting directly with the companies leaders. This coupled with erroneous accounting led to a downward spiral of lies and failure.
Risk assessment gives a realistic evaluation of challenges a company faces. This covers vast risk categories but at least clearly establishes what dangers a company needs to look out for. Environment creates the culture by which the company will likely comply by. If the top executives are doing something shady, it will simply make it so all can behave unorderly and it's ok. This applies to any aspect of a business and not just accounting. Lastly, monitoring of controls is critical to internal controls. This is when either internal or external auditors get used to provide additional help to monitor practices for companies. In the Enron case, their external audior, Arthur Andersen firm, was also in on the fraudulent activity. While Laws have since been introduced to guard against that level of fraud anymore, it is still something that carries so much weight in ensuring accuracy. Ethics is a key role in order to demonstrate the most effective internal controls.
Here are my three picks for Internal Controls used within firms:
1) Control Procedures -- I firmly believe that every business should have control procedures in places such as locked cash boxes (for small businesses) and/or lock-box systems with the bank (for large companies); encryption and firewall systems if your business conducts online sales like Walmart.com; electronic data interchange (EDI) that automatically sends purchase orders to vendors when inventory supplies run low; burglar, fire alarms and security cameras; fidelity bonds providing reimbursements when internal and external does theft occur, etc.
2) Monitoring of controls by internal or external auditors are the most essential aspect of the internal control system for which Sarbanes Oxley (SOX) is to remain effective. Auditors are there to catch overlooked or intentional mistakes by corporate management and report on the completeness of the company financial statements. They also run company audit reports and prepare the most critical documents for the SEC to ensure the safety of external users such as banks, creditors, investors, and the common individual.
3) Thorough documentation is another major priority of internal control procedures for top firms. Checks, invoices, purchase orders, and other critical source documentation should be pre-numbered to prevent theft and any gaps in numbering should draw closer scrutiny and examination. Further, before any journal entries are made, the accountant or bookkeeper should request to see original source documents such as receipts, invoices, and cancelled checks, and any hesitation to provide such evidence should trigger such professionals and/or management to probe further.