Extensive information is available to management and comes from a wide variety of sources. For information to be relevant, it must be directly aligned to management's needs and responsibilities for overseeing external financial reporting and monitoring the internal control system. A process for identifying information requirements and building an inventory enables management to focus attention on information that directly supports its needs.

To achieve this, financial management defines common categories and types of information that are aligned to external financial reporting objectives and related risks as specified by management. From these categories, financial management identifies relevant information from both internal and external sources that are best suited to management's needs. Financial management creates an inventory of information and maps each item to one or more members of management that have a role in external financial reporting. This inventory is then used to assign responsibility to personnel for gathering the required information.

The following diagram illustrates key categories and types of information senior management may require in support of external financial reporting objectives:

Over the past year, a network of healthcare providers, NetHealth, has experienced significant growth in the number of patient visits. This has created challenges at the medical offices in capturing adequate information for the central processing group. The central processing group relies on adequate information to track and record information on patient visits, which in turn is used to update insurance reimbursement limits and to bill patients and insurance companies.

The management organization overseeing NetHealth recognizes that timely, relevant information is needed to support control activities and keep each physician office in the network up-to-date on patient activities, insurance arrangements, and billing and collection activities. Consequently, the COO has hired an advisor to interview members of the central processing group, receptionists, nurses, doctors, and others who work in physicians’ offices across the network. From these interviews, the advisor provided the following:

Management is now developing guidelines for gathering information during patient visits. To reduce the costs of distributing the guidelines to each office in the network, the IT manager is building a section on the network's website where the guidelines will be available and where updates and comments can be posted.

The management at Rahmany Marine Group has effectively adopted the use of narratives, flowcharts, data flow diagrams, and procedures manuals to document the end-to-end process flows that support the corporate internal control and financial reporting. These documents are produced so that information about these processes can be easily understood by users throughout the company, including the IT team, finance and accounting specialists, systems developers, support personnel, and auditors. This documentation allows these personnel and other users to identify the source of data, responsible personnel, storage locations, source systems, relevant transformation processes and quality checks, and the primary users.

The data flow diagram below illustrates part of the company's purchasing cycle. (Note: The following data flow diagram does not depict a complete account of all the information needs for the example. It does depict the flow of information at a high level, but keep in mind that additional detailed specifics would be included in corresponding narratives, or additional flow diagrams or flowcharts would show a level deeper.)

Finance personnel often rely on publications, events, and other information from external parties to gather information relevant to performing their responsibilities. The sources of data and information vary depending on the specific role and responsibilities of the individual. Sources of information may include:

Finance personnel evaluate the external information gathered and incorporate significant events, trends, and changes into their day-to-day financial reporting or related internal control responsibilities. In addition, finance personnel ensure that any announcements about changes to current accounting standards or regulatory requirements are summarized, reviewed, and disseminated to the others within the external financial reporting organization.

J.J. Power Utility Corp. offers a learning and development program that includes guidelines and funding for finance and accounting personnel to attend external training and conferences. These activities help employees achieve their ongoing professional educational requirements, maintain their relevant certifications, and develop new skills. The external training also provides information about new or changed accounting, disclosure, and internal control requirements, as well as best practices important to J.J. Power Utility's business. To supplement the external training sessions, finance and accounting personnel also subscribe to relevant accounting publications.

Accounting and finance personnel meet regularly with the internal audit department to review and update internal accounting and control policies and procedures based on the information gathered. In addition, they meet with the CFO to pass on any new information and to discuss the impact on financial reporting and policies and procedures. Accounting and finance managers update policies and procedures to reflect the impact of the new information.

Mandela & Co., a distributor of electronics products, engages in tens of thousands of high-volume, low-dollar transactions with customers and suppliers. Historically, sales orders and invoices for purchasing transactions have been entered and validated through a combination of manual and semi-automated processes.

To reduce time, costs, and errors caused by human intervention, management has implemented electronic data interchange (EDI) to replace the original process. Relevant information about key business transactions is now automatically populated into the company's ERP system, and automated validation checks are in place to confirm that information is transmitted completely and accurately. As well, the information generated through the EDI process is also available to production managers, order management, and billing personnel, which allows them to perform control activities to support proper end-to-end transaction processing, including creating the corresponding accounting entries.

External financial reporting objectives are impacted by non-financial activities that occur throughout the business. Information about new events, changes, or significant trends is needed to support accounting, disclosure, and internal control activities. Therefore, senior accounting and finance personnel meet at least monthly with management and personnel in other areas of the business—such as operations, human resources, compliance, and product development. During these meetings, information is gathered verbally and in writing on business events and trends. Topics may include:

Accounting and finance personnel summarize the information gathered and meet with the appropriate member of senior management to evaluate the impact on the financial statements, internal control effectiveness, or changes needed to policies and procedures.

Juan Fernandez is the chief accounting officer of Friesens Fresh Foods, a perishable food supplier company. He is responsible for evaluating inventory reserve balances as part of the monthly close process.

Significant changes in purchase commitments, inventory usage trends, product configuration preferences, and cycle count results have impacted the judgments and estimates made in applying the inventory reserves policies. Consequently, Mr. Fernandez now obtains and reviews reports from the company's ERP system to identify unusual or unexpected trends, changes in balances or volumes of transactions, and other relevant details. He then meets monthly with department heads of customer service, procurement, inventory management, and logistics (who oversee third-party warehouses) to collect additional information about customers, products, inventory, and balances.

Based on these meetings, Mr. Fernandez reviews inventory reserve policies, documents key data points that impact prior estimates, and prepares an updated analysis supporting inventory reserve requirements. The CFO of Friesens then reviews and approves the analysis as part of her review of the related journal entries during the month-end closing cycle.

Laccona Electronics, a manufacturer of electrical equipment and components, is responsible for complying with environmental regulations associated with the company's manufacturing processes, including handling raw materials and operating production plants. Laccona's customer contracts include provisions for monetary damages in cases where products are determined to be unsatisfactory as a result of compliance audits performed by environmental agencies. In addition, if the audits are unsatisfactory—that is, they indicate any non-compliance with regulations—Laccona may incur significant fines.

Arlene Gomez, the company controller, obtains monthly reports on operational and compliance metrics from the chief operating officer. In addition, she reviews periodic internal audit reports on the company's adherence to policies and procedures related to environmental compliance. She uses this information to assess reserve requirements or disclosures associated with damages provisions. Finally, she summarizes relevant information and meets with the CFO quarterly to determine whether changes in accounting estimates and financial statement disclosures are needed.

Senior management establishes a policy for handling information that is gathered, produced, and shared throughout the company. The policy is designed to facilitate the efficient capture, use, and reuse of relevant information supplied to management and personnel across the company.

Management and employees in external financial reporting roles follow procedures for identifying and categorizing information. These procedures require that attributes about each piece of information be recorded before the information is accepted into the repository. The attributes may include:

The information repositories are subject to control activities that help ensure the completeness, accuracy, security, validity, and lack of redundancy of the information.

International Food Distributors has recently completed an enterprise-reporting project to identify and inventory information used across the company for external financial reporting and related internal control. The results of the project were used by the chief information officer and chief financial officer to design a company-wide data warehouse and reporting tools that would support a single source for financially relevant information.

As a result of the project, International Food Distributors has a well-defined inventory of reports, improved data, and a more efficient process for capturing and using information for external financial reporting.

Management designs its computer applications to capture data from internal and external sources, transform the data into information, and maintain the quality of the data and information throughout processing and reporting. The activities relating to capturing and processing data about financial transactions (e.g., initiate/enter, authorize, record, process, and report) are documented in company policies and procedures manuals. The application design includes automated application controls such as input checks for existence and validity and output checks for completeness and accuracy. It also is supported by technology general controls.

Insight Media, Inc., a publishing company, recently implemented the purchasing and payables module of its existing ERP system. The key goals were to improve data quality, reduce manual handoffs through automation, and improve information flow and visibility into purchasing transactions.

The implementation project team was led by the controller, who was supported by employees involved in the purchase to payables process. Workshops were held to confirm the current end-to-end process and identify important information about sources of transactions, key data requirements, risks to financial reporting, and information required for accounting and reporting. The project team used the results from these workshops to review the ERP module's capabilities for automating tasks and controls such as:

As a result of the implementation, management of Insight Media gained access to more accurate, complete, and timely information to perform internal controls over the evaluation of accounting entries and disclosures for accounts payable and accrued expense balances, purchasing commitments, and expected cash balances.

The following flowchart was created as a result of the above procedures and assisted management in identifying the relevant information.

Senior management establishes a data governance program to support the company's objectives of ensuring reliability of information used in support of internal controls and external financial reporting. Senior management formalizes policies, procedures, and responsibilities for data and information management considering the volume, complexity, and demand for rapid capture and dissemination from multiple sources. The data governance program includes policies and procedures for:

RightChoice Pharmacy, Inc., a national drugstore chain, obtains significant data underlying transactions recorded in point-of-sale systems located at each retail store. Data underlying credit card transactions is sent immediately to the credit card company and to RightChoice's internal data warehouse. Daily reports are produced from the data warehouse and used to prepare reconciliations of payments due from the credit card companies.

The chief information officer and the credit and collections manager have designed and implemented continuous transaction monitoring software to support their data and information quality efforts. This software helps management to verify accounts receivable balances each day and to avoid time-consuming month-end reconciliations by quickly identifying data anomalies. Targeted data queries allow the software to identify duplicate entries, unusual transactions, missing data, and incomplete data transfers. Additionally, continuous monitoring software enables data analysis used to support control activities to detect potential indicators of fraud.

Senior IT management establishes policies to define categories of data and assign requirements for securing and retaining the data. These policies support management and employee responsibilities for securing information from unauthorized access or change and for adhering to retention and data destruction requirements. The senior data administrator develops processes and repositories to carry out the data classification policy. Data classification requirements are communicated to personnel responsible for transaction processing through periodic reminders on important internal control responsibilities. Important to this process is considering the benefits and costs to manage and store information and the relative value of the information to the entity.

Bio-Adaptive, Inc., a global life science and chemical manufacturer, has developed standard operating procedures to identify, classify, and secure sensitive information, including financial information, throughout the data and information life cycle (input, processing, output, storage). These procedures include, but are not limited to:

Bio-Adaptive, Inc., a global life science and chemical manufacturer, has developed standard operating procedures to identify, classify, and secure financial data and information across the entity and the stages of information life cycle (input, processing, output, storage). As part of these procedures, personnel:

Freedom Corp., a financial services firm, has a process to tag financial data during transaction processing based on criteria established in the company's data classification policy. Business and IT personnel who are involved in detailed transaction processing are trained in data entry to support accurate and complete classification, tagging, storage, retention, and disposal.

This process reduces the time required to format, organize, and report data. It also enables the company to tag data through eXtensible Business Reporting Language (XBRL). XBRL enables Freedom Corp. to meet certain external financial reporting requirements and to perform comparative analyses to historical, competitor, and projected financial data.