Internal Control

A company’s internal control structure consists of the policies and procedures established to insure that the company’s goals will be achieved.

As a company grows in size, it becomes difficult to maintain control over all phases of operation. Therefore, management needs to delegate authority and rely on the control structure in order to achieve adherence to enterprise goals.

 

Managers use an internal control system to monitor and control business operations. An internal control system is all the policies and procedures managers use to:

• Protect business assets from theft and misuse. For example, what can be done to protect cash from theft and misuse?
• Ensure reliability of accounting records. That is, how reliable and accurate are our records and reports regarding Accounts Receivable, for instance.
• Promote efficiency of operation. Efficiency means achieving organizational goals by using as minimum resources as possible.
• And make employees adhere to company policy.

 

The internal control structure can be divided in to three elements?

 

6.3.1 The Control Environment

The control environment of an organization represents the overall attitude and awareness of both management and employees about the importance of controls.

The control environment is influenced by such factors as management’s philosophy & operating style, the organizational structure of the business and personnel policies.

 

6.3.2 The Accounting System

The accounting system consists of the methods and records established by management to identify, record, process and report a company’s transactions, and to provide assurance that the objectives of internal control are being met.

 

6.3.3 Control Procedures

Internal control procedures vary from company to company. They depend on the nature of the business and of its size.

The following are common procedures that you find in the internal control of many organizations.

6.3.3.1 Requiring Authorization

Management should properly authorize all transactions and activities before they take place.

For example, selling on credit requires management’s approval.

6.3.3.2 Establishing Responsibility

Proper internal control requires responsibility for each task to be clearly established and assigned to one person. Otherwise, if responsibility is not identified, it is difficult to say who is at fault (responsible) when a problem occurs.

For example, if we allow two sales clerks to share access to (use) the same cash register, it would be difficult to take which sales clerk accountable when and if there is a cash shortage.

6.3.3.3 Maintaining Adequate Records

Reliable records are a source of information that management uses to monitor company operations. For example, when detailed records of office equipment are kept, items are unlikely to be lost or stolen with out the discrepancy being noticed.

6.3.3.4 Insuring Assets and Bonding Key Employees

Good internal control dictates that assets be adequately insured against causality. In addition, employees handling cash should be bonded. Bonding an employee means buying an insurance policy against losses from theft by that employee.

6.3.3.5 Separating Record Keeping From Custody of Assets

A person who controls or has access to an asset must not keep that asset’s accounting records. This prevents the loss of the asset from theft because the person who has control over the asset knows that another person keeps records of the asset. The record keeper doesn’t have access to the asset and therefore, has no reason to falsify records.

For a fraud to be committed in such a system, the two people must agree (-this is called collusion). Collusion is usually less likely to occur.

6.3.3.6 Dividing Responsibility for Related Tasks (transactions)

In order to ensure that the work of one employee serves as a check on another, responsibility for a series of related transactions should be divided between two or more individuals (or employees) or departments.

This is usually referred to as segregation of duties.

For example, no one individual should be authorized to order merchandise, to receive merchandise, and to pay the supplier. If one employee is allowed to do these all by herself (alone), she can place orders with a supplier on the basis of friendship rather than price and quality; convert goods to her personal use; pay false invoices; and so forth.

6.3.3.7 Rotating Duties

It is advisable to rotate clerical personnel periodically from job to job. This would help them broaden their understanding of the system. In addition and more importantly, they know that others would in the future perform their jobs (when rotated). This discourages them to deviate from prescribed procedures because they fear that the employee who takes up their job will discover it.

6.3.3.8 Applying Technical Controls

Cash register, check protectors, time clocks, mechanical counters, and personal identification scanners are examples of control devices that can improve internal control.

A cash register has a locked in tape or electronic file, which makes record of each cash sale.

A check protector perforates the amount written on a check in to its face and makes it difficult to change the amount.

A time clock registers the exact time an employee arrives and leaves from the job.

Mechanical change and currency counters quickly and accurately count amounts.

Personal scanners limit access to some places only to authorized individuals.

6.3.3.9 Performing Regular and Independent Reviews

Regular reviews of internal control systems are needed to ensure that procedure are followed. Internal auditors who are not directly involved in the operations of the business usually perform these reviews. This encourages an evaluation on the efficiency and effectiveness of the internal control system.

 

6. 4 Technology and internal control

Technology impacts an internal control system in many important ways. Some of these are:

• Technologically advanced systems allow saving time in processing information.
• They allow a regular review and more extensive testing of records as information can be easily and rapidly accessed.
• Technologically advanced systems reduce the number of errors in processing information provided the software and data entry are correct.
• They are so efficient these days that they require fewer employees. This makes separation of crucial responsibilities difficult. The duties of these employees, therefore, must be monitored to minimize the risk of error or fraud.

 

No internal control system is perfect. The most serious limiting factors are human error and human fraud.

Human error can occur from negligence, fatigue or confusion. Human fraud involves a deliberate act by employees to defeat internal controls for personal gains.

Another important limiting factor of an internal control system is the cost-benefit consideration. This means that the cost of an internal control system must not exceed its benefits.

We can’t employ an internal control system simply because it is good. We have to weigh its costs against its benefits.

For instance, not all companies need to computerize their accounting system if the cost of automating the system is greater than the benefits.

 

Internal control consists of the control environment, the accounting system and control procedures that work in line with the company’s policy to:

• Protect assets from fraud and misuse
• Ensure completeness and reliability of financial statements
• Ensure efficiency of operations and
• Ascertain every employee adheres to the company’s policies