Internal control is defined as the whole system of controls, financial and otherwise, established by management in order to carry on the business of the enterprise in an orderly and efficient manner. It is to ensure adherence to management policies, safeguard the assets and secure as far as possible the completeness and the accuracy of the accounting records. It is said that power without control is inefficient. Internal control is to accounting what a feedback loop is to communication systems.
It is the responsibility of management to decide the extent of the internal control system which is appropriate to the business. This would depend on the degree of control exercised by members of management, the nature, size and volume of transactions and the geographical distribution of the enterprise and other factors.
Internal control checklist
The requirements for an effective internal control system in any organisation may consist of the organisational plan of the entity which define and allocate the responsibilities and lines of reporting for each member of staff. Then there is the segregation of duties which ensures that no one person is allowed to record and process a complete transaction. Segregation of duties reduces the risk of intentional manipulation or error and increases the element of checking. Functions that should be separated include those of authorisation, execution, custody, recording, systems development and daily operations.
Another pillar of internal control is the custody of assets, its security and limitation of access to unauthorised personnel. These controls assume importance in the case of valuable, portable, exchangeable or desirable assets like notebook computers. Authorisation controls establishes responsibility levels whilst Arithmetical controls check that transactions are recorded accurately and processed properly. Examples include checking the totals, reconciliations, control accounts and trial balances.
The quality of personnel (competence and integrity) is critical to the success of the organisation. The qualification, selection and training as well as the innate personal characteristics of the personnel involved are important features to be considered in setting up any control system. The final pillar is the supervisory controls exercised by management within and outside the day-to-day routines. They include the review of management accounts, comparison with budgets, the internal audit function and any other special review procedures.
Internal Control Components
The importance of internal control cannot be overemphasized. A strong internal control gives credibility and reliability to the management, operational and accounting systems. Test of control is the paramount test an auditor conducts before undertaking a substantive audit process. The internal control components are as follows:
Control environment primarily relates to the enterprise’s politics, management philosophy, structure, and operating style. It is informed by the human capacity, honesty and integrity, teamwork, supervision and training among other ethical values appropriate for the management information and reporting system.
Risk assessment includes the identification, analysis, and management of risks relevant to the preparation of proper financial statements that are fairly presented in conformity with Generally Accepted Accounting Principles. Possible risks might include internal or external factors that may adversely affect the business’s financial management and reporting. Examples include changes in law and regulations, information systems, new personnel, rapid business expansions, new product lines and accounting systems. It is impossible to eliminate all internal control risks.
Control activities are the policies and procedures that help ensure that management directives are carried out. They may include financial performance reviews, processing information to check the accuracy, completeness of transactions.
Information and Communication
Information and communication refers to the methods and records established to accurately and completely identify, classify, value, record, process, and report all entity transactions and events. It ensures accountability of assets, liabilities, and equity.
Monitoring refers to the long-term assessment of the design and operation of internal control performance on a regular and timely basis. It enables the taking of corrective actions.
Limitations of Internal Control
No internal control system is foolproof. No matter the extent of controls that are instituted in an organisation, there will be instances where it will be breached. The key breakdown in controls will occur when there are fraudulent collusion by staff, abuse of authority levels and human errors due to poor judgment or carelessness.
Internal accounting controls and fraud prevention are receiving increasing attention from businesses, non-profit organisations and governmental entities. No enterprise can exist for long without appropriate internal accounting controls. Unfortunately, in some circumstances, internal accounting control only receives adequate attention after a major public embarrassment, perhaps resulting from negligent loss of assets, mismanagement and erroneous financial recording or reporting or outright fraud.
Internal Control Safeguards
Many accounting resources provide extensive lists of possible internal control safeguards. However, it is more beneficial to understand the basic concept of internal control such as having different employees perform different duties. A typical breakdown of internal control safeguards occurs when one person is allowed to perform a chain of activities with no effective supervision. Proper internal controls would have at least require division of labour with requisite supervisory control.
Internal control is designed to provide reasonable, cost-effective assurance of safeguards against unauthorised access or use of the organisation’s assets. It ensures the efficient, effective and economic use of resources to achieve the objective and goals of the organisation.