Risk Advisory

The Critical Importance of Entity Level Controls to your Organization

September 13, 2021

Corporate governance – broadly, the system of rules, policies, and practices put in place by a company to balance its interests with that of the government and society – is a fundamental tenet of the modern-day business. Entity Level Controls are a key part - and foundation- of Corporate Governance.

What are Entity Level Controls ?

Entity Level Controls are rules, policies and procedures that lay down the desired behaviors of the board members, management team and employees in addressing the financial statement-level risk of a company. The  controls make these key stakeholders accountable for their actions and behaviors. With Board members and management teams driving them at the company level,  Entity Level Controls are also referred to as “Tone at the Top” controls.

Control activities include Mission Statements, Code of Conduct, Code of Ethics, internal audits and  compliance requirements, employee rulebooks and guidelines, Board policies, defined and documented procedures for various functions, stakeholder training programs, etc.

Entity Level Controls comprise Direct Entity Level Controls and Indirect Entity Level Controls.

What are Direct Entity Level Controls ?

Direct Entity Level Controls are controls designed to prevent or detect a material misstatement in the financial statements of a company at the account or disclosure level arising from error or fraud.  They are to ensure that financial statement items are stated fairly and accurately, and that the people responsible for them are held accountable. These Direct Entity Level Controls can be preventive, detective, or both. They are more precise (‘direct’) in scope of action than Indirect Entity Level Controls.

What are Indirect Entity Level Controls ?

Indirect Entity Level Controls are the set of controls relating to the governance, operation , conduct and behaviors of a company and its internal stakeholders. These include  monitoring, control environment and activities, communication, and risk assessment. The visible forms are codes of ethics, conduct and behavior, etc. Unlike Direct Entity Level Controls,  they are not specific to preventing or detecting a material misstatement at an account or disclosure level. Indirect Entity Level Controls are more general (‘indirect’) in their scope of action and act as the foundation for an effective controls environment.

The importance of Entity Level Controls

Entity Level Controls define the organizational culture of the company. They provide the foundation of its operations in terms of both people and process.  They shape how the company is perceived by and how it interacts with external stakeholders. Hence , their importance can not be overstated. Some benefits include:

  • Quality, error-free financial statements and financial reporting
  • Better risk assessment and management, stronger risk mitigation
  • Improved effectiveness and efficiencies in business and operations
  • Lowered reliance on activity- and transaction- level controls
  • Senior, high-quality personnel driving internal controls
  • Strong personnel management through well-defined roles and expectations

How to evaluate Entity Level Controls

Entity Level Controls evaluation can broadly be at two levels

  1. Auditor’s evaluation : Auditors evaluate the company’s Entity Level Controls along the five components of the COSO framework: Control Environment, Risk Assessment, Information and Communication, Control Activities and Monitoring. Based on this they Identify types of potential misstatements, consider factors that affect the risks of material misstatement, and design tests of controls, when applicable, and substantive procedures
  2. Management’s evaluation: The company’s management can evaluate its Entity Level Controls by identifying risks using a top-down approach, studying which entity-level controls are in place to address the identified risks and which are missing, and evaluating the design and effectiveness of each entity-level control as well as how the systems are being maintained and followed up on.

How MBG Corporate Services helps you with Entity Level Controls documentation

The Corporate Governance Advisory Services at MBG include:

  • Code of Conduct: The codified set of standards for every corporation to adhere to. We help you design a proper Corporate Code of Conduct to help minimize risks and enhance returns. This helps build favorable public image as well.
  • Business Partner Selection: Strategic alliances and partnerships deliver significant benefits to the organization by increasing your company’s valuation in the market. We evaluate the compatibility of potential partnerships and advise on the possible risks.
  • Compliance Business Responsibility Policy: Business Responsibility Policy is a disclosure of adoption of responsible business and operation practice by a company. It is mandatory for all companies and should comply with SEBI guidelines. A company’s BPR must be submitted to the government along with its annual report. We take the responsibility to ensure that these guidelines are framed, met, and addressed.
  • Whistle Blower Policy: Any misconduct, malpractice, or dishonesty reported by an employee against another employee or the company, upon being noticed with substantial evidence or valid suspicion is called the whistleblower policy. By framing proper guidelines, you encourage employees to report matters without the risk of substantial victimization or disadvantage.
  • Prevention of Sexual Harassment Policy: The purpose of this policy is to prevent sexual harassment. It lays down certain codes of conduct for men and women to follow regarding what could fall into the category of harassment. This is important to ensure the safety of the employees and a healthy work environment.

What can we help you achieve?

Stay one step ahead in a rapidly changing world and build a sustainable future with us.

Get a quote