A description of control techniques and or issues that may or may not be in a company's financial statement.
Control normally refers to internal control, and Sarbanes Oxley requires that a study of internal control be conducted as part of a financial statement audit process. The need for control and accountability is part of corporate governance, and begins at the top with the Board of Directors and the Audit Committee.
Part of the study of internal control is a risk assessment which can be used to design and develop cost-effective controls. If the control environment is operating satisfactorily to minimize risk, and it is being monitored sufficiently, the disclosure in the financial statements will be minimal.
This section deals with negative disclosure: when there is a failure in the system of internal control, it will be disclosed in the financial statements as possibly a qualified opinion or a disclaimer of opinion. If not so drastic, there could be disclosure in the footnotes, or in management information normally provided as part of the annual report.
To demonstrate control techniques or issues which are more informational, I viewed parts of two annual reports for examples.
This is from Caterpillar's Dec 2007 annual report http://yahoo.brand.edgar-online.com/DisplayFiling.aspx?dcn=0000018230-08-000052:
MANAGEMENT'S REPORT ON
INTERNAL CONTROL OVER FINANCIAL REPORTING
The management of Caterpillar Inc. (company) is responsible for establishing and maintaining adequate internal control over financial reporting. Our internal control over financial reporting is a process designed to provide reasonable assurance regarding the reliability of our financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles. Our internal control over financial reporting includes those policies and procedures that (i) pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the company; (ii) provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with generally accepted accounting principles, and that receipts and expenditures of the company are being made only in accordance with authorizations of management and directors of the company; and (iii) provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use, or disposition of the company's assets that could have a material effect on the financial statements.
Because of its inherent limitations, internal control over financial reporting may not prevent or detect misstatements. Also, projections of any evaluation of effectiveness to future periods are subject to the risk that controls may become inadequate because of changes in conditions, or that the degree of compliance with the policies or procedures may deteriorate.
Management assessed the effectiveness of the company's internal control over financial reporting as of December 31, 2007. In making this assessment, we used the criteria set forth by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) in Internal Control?Integrated Framework . Based on our assessment we concluded that, as of December 31, 2007, the company's internal control over financial reporting was effective based on those criteria.
The solution discusses internal control issues in general including the control environment, risk assessment and disclosure in the financial statements.
Following are excerpts from the annual reports of two publicly traded companies which address internal control and risks. It is worthy of comment that the information disclosed has an entirely different focus between the two companies, but then their businesses bear no similarity to one another. One is domestic fashion apparel; the second is international heavy machinery.