What are entity-level controls?

‍

Entity-level controls are governance and oversight processes that operate at the company or legal entity level — as distinct from transaction-level controls that apply to individual journal entries, invoices, or payments. They set the control environment within which all other financial processes operate.

‍

Examples include: the tone from senior leadership on financial reporting integrity, the existence and effectiveness of an audit committee, the quality of the financial reporting process, the presence of a functioning internal audit function, and the design and monitoring of risk management frameworks.

‍

Why they matter

‍

Entity-level controls are the first thing auditors — internal and external — assess when evaluating the reliability of a company's financial reporting. A strong entity-level control environment provides reasonable assurance that transaction-level controls are working. A weak one means no amount of transactional checking will fully compensate.

‍

For multi-entity organisations, entity-level controls are also relevant to subsidiary governance. Each legal entity needs its own control environment, and those environments need to be consistently designed and monitored from the group level.

‍

The connection to financial close and reporting

‍

In practice, entity-level controls show up in the close and reporting process through: period-end review procedures, sign-off hierarchies, management review of unusual journal entries, and variance analysis at the entity level. Finance platforms that provide audit trails, access controls, and real-time visibility into financial activity across entities strengthen the entity-level control environment materially.

‍

Related: Financial Controls · Audit Trail in Finance · Financial Consolidation · Subsidiary Reporting