Name : Cecilia Stephanie Agussalim

Student ID : 2001036049
Class : KBI – AKT
Courses : Auditing 2

INTERNAL CONTROL
Internal control can be interpreted as a regulation or activity carried out and implemented
by an organization to maintain the integrity of financial information, promote accountability, and
prevent fraud.

There are several objectives of this internal control system, namely :

1) Achieve company goals that have previously been set.
2) Produce reliable company financial reports.
3) Ensuring company activities are in line with applicable laws and regulations.
4) Prevent losses or waste of company resource processing.
5) Maintain company finances.
6) Encouraging efficiency in the company's operational activities.
7) Ensuring compliance with policies or regulations that have been made by company
management.

There are four principles that guide the internal control system auditor, namely :
• Management Responsibility, all processes of the internal control system are responsible
for management.
• Methods of Data Processing, the internal control system must be able to achieve its goals,
regardless of the data processing method used.
• Limitations, this internal control system has several obstacles to its effectiveness such as
the occurrence of errors, changing conditions, and policies by management
• Reasonable Assurance, the internal control system must be able to provide reasonable
assurance, which means that the price for achieving a goal is not greater than the benefits.
The following are examples of activities from internal controls, namely :
1) Segregation of Duties, meaning distributing work to different people to prevent errors and
minimize incompatible activities.
2) Physical Controls, meaning direct control of equipment, supplies or money, for example
using locks or safes to protect them.
3) Reconciliations, meaning that transactions are recorded and managed by more than two
different people so they can be compared to keep transaction details accurate and correct.
4) Policies and Procedures, implementing policies and procedures to ensure consistent
performance at the required quality level.
5) Transaction and Activity Reviews, create financial reports to monitor performance
against goals, look for problems, and identify trends.
6) Information Processing Controls, when data is processed many variations of internal
control are carried out to check the accuracy, completeness and authorization of the
transaction.

Broadly speaking, internal control activities are divided into two, namely preventive and detective
controls :
• This Preventive Control aims to prevent errors in documentation and authorization,
examples of preventive controls are separation of duties, authorization of invoices, and
verification of expenses.
• This Detective Control is in the form of a backup procedure that is used to catch missed
events on the first line of defense, examples of detective control are reconciliation, external
audits, and internal audits of assets.

Internal Control Components, The Committee of Sponsoring Organizations of the Treatway

Commission (COSO) identified five components of internal control which include :
1) Control Environment
The control environment is the foundation of all other internal control components
that make an organization disciplined and structured. The control environment includes the
atmosphere of the organization and the attitude of management and employees towards the
importance of existing controls in the organization.
 2) Risk Assessment
Risk assessment is the identification, analysis and management of an organization's
risks. A risk that has been identified can be analyzed so that actions can be estimated to
minimize it.
3) Control Procedures (Control Activities)
Control procedures are policies or procedures created to ensure the achievement of
company goals and prevent fraud.
4) Monitoring
Supervision is a process for assessing the quality of an organization's internal
control performance. Supervision is carried out to find deficiencies and improve the
effectiveness of internal control.
5) Information and Communication (Information and Communication)
Information is required from outside the company. Management can use this
information to assess external standards. Communication involves providing a clear
understanding of individual roles and responsibilities related to internal control over
financial reporting.

Internal control responsibilities vary from organization to organization.

For example, in a small business the responsibility for internal control rests with the
business owner, whereas, in a slightly larger business the responsibility for internal control also
rests with the employees because the business owner does not get enough time to carry out internal
control. However, in a large organization, there are teams of people specially hired to perform
internal control in various departments of the organization.
In large organizations, responsibility rests primarily with management and the board of
directors. The top managers of an organization are primarily responsible for implementing internal
control. In small organizations, the top managers or business owners take part in the internal
control process, however, in large organizations, the top managers only assume the role of leader
and assign the responsibility for performing internal control to different employees.
Some of the advantages of internal control can include :
• Internal controls are accessible to a limited number of trusted top-level employees. The
fewer people involved, the easier it is to monitor their actions and guard against
irregularities.
• Properly designed and executed internal controls increase efficiency by making
transactions transparent to any business unit that requires them.
• When internal controls balance between providing transparency and driving efficiency,
internal controls protect employees from allegations of misappropriation or
misappropriation of funds.

Possible disadvantages of internal controls include :

• There is no foolproof way to ensure that employees do not override those controls because
human behavior is an unpredictable element in the internal control process.
• If a company plans poorly or misapplies its internal controls, employees who use them can
become frustrated and apathetic about enforcing them.
• If a company's internal controls are too rigid, it can hinder the flexibility a company needs
to make operational changes as needed to remain effective.