Internal Control

Unit 6. Internal Control

 

6.1 Introduction

A company’s internal control structure consists of the policies and procedures established to
insure that the company’s goals will be achieved.

As a company grows in size, it becomes difficult to maintain control over all phases of operation.
Therefore, management needs to delegate authority and rely on the control structure in order to
achieve adherence to enterprise goals.

6.2  The purpose of internal control

Managers use an internal control system to monitor and control business operations. An internal
control system is all the policies and procedures managers use to:

 Protect business assets from theft and misuse. For example, what can be done to protect
cash from theft and misuse?
 Ensure reliability of accounting records. That is, how reliable and accurate are our
records and reports regarding Accounts Receivable, for instance.
 Promote efficiency of operation. Efficiency means achieving organizational goals by
using as minimum resources as possible.
 And make employees adhere to company policy.

6.3 components of internal control

The internal control structure can be divided in to three elements?

6.3.1 The Control Environment

The control environment of an organization represents the overall attitude and awareness of both
management and employees about the importance of controls.

The control environment is influenced by such factors as management’s philosophy & operating
style, the organizational structure of the business and personnel policies.
 

6.3.2 The Accounting System

The accounting system consists of the methods and records established by management to
identify, record, process and report a company’s transactions, and to provide assurance that the
objectives of internal control are being met.

6.3.3 Control Procedures

Internal control procedures vary from company to company. They depend on the nature of the
business and of its size.

The following are common procedures that you find in the internal control of many
organizations.

6.3.3.1 Requiring Authorization

Management should properly authorize all transactions and activities before they take place.

For example, selling on credit requires management’s approval.

6.3.3.2 Establishing Responsibility

Proper internal control requires responsibility for each task to be clearly established and assigned
to one person. Otherwise, if responsibility is not identified, it is difficult to say who is at fault
(responsible) when a problem occurs.

For example, if we allow two sales clerks to share access to (use) the same cash register, it would
be difficult to take which sales clerk accountable when and if there is a cash shortage.

6.3.3.3 Maintaining Adequate Records

Reliable records are a source of information that management uses to monitor company
operations. For example, when detailed records of office equipment are kept, items are unlikely
to be lost or stolen with out the discrepancy being noticed.

6.3.3.4 Insuring Assets and Bonding Key Employees

Good internal control dictates that assets be adequately insured against causality. In addition,
employees handling cash should be bonded. Bonding an employee means buying an insurance
policy against losses from theft by that employee.

6.3.3.5 Separating Record Keeping From Custody of Assets

A person who controls or has access to an asset must not keep that asset’s accounting records.
This prevents the loss of the asset from theft because the person who has control over the asset
knows that another person keeps records of the asset. The record keeper doesn’t have access to
the asset and therefore, has no reason to falsify records.

For a fraud to be committed in such a system, the two people must agree (-this is called
collusion). Collusion is usually less likely to occur.

6.3.3.6 Dividing Responsibility for Related Tasks (transactions)

In order to ensure that the work of one employee serves as a check on another, responsibility for
a series of related transactions should be divided between two or more individuals (or
employees) or departments.

This is usually referred to as segregation of duties.

For example, no one individual should be authorized to order merchandise, to receive

merchandise, and to pay the supplier. If one employee is allowed to do these all by herself
(alone), she can place orders with a supplier on the basis of friendship rather than price and
quality; convert goods to her personal use; pay false invoices; and so forth.

6.3.3.7 Rotating Duties

It is advisable to rotate clerical personnel periodically from job to job. This would help them
broaden their understanding of the system. In addition and more importantly, they know that
others would in the future perform their jobs (when rotated). This discourages them to deviate
from prescribed procedures because they fear that the employee who takes up their job will
discover it.

6.3.3.8 Applying Technical Controls

Cash register, check protectors, time clocks, mechanical counters, and personal identification
scanners are examples of control devices that can improve internal control.

A cash register has a locked in tape or electronic file, which makes record of each cash sale.

A check protector perforates the amount written on a check in to its face and makes it difficult to
change the amount.

A time clock registers the exact time an employee arrives and leaves from the job.

Mechanical change and currency counters quickly and accurately count amounts.

Personal scanners limit access to some places only to authorized individuals.

6.3.3.9 Performing Regular and Independent Reviews

Regular reviews of internal control systems are needed to ensure that procedure are followed.
Internal auditors who are not directly involved in the operations of the business usually
perform these reviews. This encourages an evaluation on the efficiency and effectiveness of the
internal control system.

6. 4 Technology and internal control

Technology impacts an internal control system in many important ways. Some of these are:

 Technologically advanced systems allow saving time in processing information.

 They allow a regular review and more extensive testing of records as information can be
easily and rapidly accessed.
 Technologically advanced systems reduce the number of errors in processing information
provided the software and data entry are correct.
 They are so efficient these days that they require fewer employees. This makes separation
of crucial responsibilities difficult. The duties of these employees, therefore, must be
monitored to minimize the risk of error or fraud.

6.5  limitations of internal control

No internal control system is perfect. The most serious limiting factors are human error and
human fraud.

Human error can occur from negligence, fatigue or confusion. Human fraud involves a
deliberate act by employees to defeat internal controls for personal gains.

Another important limiting factor of an internal control system is the cost-benefit consideration.
This means that the cost of an internal control system must not exceed its benefits.

We can’t employ an internal control system simply because it is good. We have to weigh its
costs against its benefits.

For instance, not all companies need to computerize their accounting system if the cost of
automating the system is greater than the benefits.

6.6  summary

Internal control consists of the control environment, the accounting system and control
procedures that work in line with the company’s policy to:
 Protect assets from fraud and misuse
 Ensure completeness and reliability of financial statements
 Ensure efficiency of operations and
 Ascertain every employee adheres to the company’s policies