1

Internal control
Internal Check
Internal check is a system where work of one individual is checked by the other in
the staff. Internal check is a valuable part of the internal control.
In other words, internal check is an arrangement of staff duties where no one is
allowed to carry out and record every aspect of a transaction single handedly. When
a transaction goes through the hands of multiple people, the possibilities of errors
and frauds are reduced.
Benefits / Aims of internal checks
• To fix responsibility of a definite persons for particular acts. This is done by
the segregation of tasks.
• To obtain confirmation of facts and entries, physical and financial, by the
creation and preservation of necessary records.
• To facilitate the “breakdown” of routine procedures that there is an even flow
of work and work doesn’t stop in the event of absenteeism of a person.
• To reduce to a minimum the possibility of fraud and error.

Auditors duty with respect to internal check system

The auditor should apply a few test checks, i.e. he should check
- a few transactions on a random basis; or
- check fully the accounts for a few months, and carry out a thorough check of the
whole of a certain class of transactions taking place during that particular period
The existence of a good internal check system reduces (to a great extent) the work
of the auditor but does not reduce his liability.
Checklist
Check list is usually a comprehensive list of all the aspects of internal check system,
designed to draw attention to important aspects of the system of internal check.
 2

Internal Control Questionnaires

The internal check system questionnaire is a list of systematically and logically
prepared questions designed to evaluate the effectiveness of the internal check
system.
The questionnaire is as comprehensive as possible to make sure that all aspects and
accounting transactions are covered.
During the course of the audit (pre-commencement of audit), statutory auditor
submits the questionnaire to the management, to which the managerial officials
respond. The replies by concerned official will help the auditor to form an opinion as
to the adequacy and reasonableness of the internal check system.
Distinction between checklist and questionnaire

Cut off procedures

• Cut-off procedures are adopted to allocate revenues and costs to the proper
accounting period.
• Accounts payable and accounts receivable are the most susceptible to
recording of transactions in the wrong accounting period.
• Serially numbered documents like invoice for sales or purchase bills are
allocated to the respective accounting periods by establishing cut-off points
based on the serial numbers.
• Cut-off procedures require detailed testing by the auditor so as to ensure
proper accounting of assets and liabilities, which may arise without the
corresponding physical delivery of goods taking place.
 3

Internal control system has two elements – internal check and internal audit.
Internal Control = Internal Check + Internal Audit
 4

Examination in depth/auditing in depth: “walk through test”

Steps of in-depth analysis
• Fixation of the maximum tolerable error limit/desired confidence level /
materiality.
• Selecting a few transactions in each area of audit to be checked.
• Verification of those selected transactions - 100% by verifying the accounting
aspects, internal control aspects, documentation and audit trail.
• Audit trail refers to the documents, records, books and files, which enable an
auditor to trace a transaction from its source till it is summed up, recorded
and presented in an accounting report.
• Analysis of the results with the maximum tolerable error limit.
Internal Control
The internal control system comprises all the methods and procedures adopted to:
- assist in achieving the objective of efficient conduct of business,
- ensure adherence to management policies,
- safeguarding of assets,
- prevention and detection of frauds and errors, and
- checking the accuracy and completeness of the accounting records.
Internal checks and internal audit are integral parts of the overall internal control
system.
Essential elements of an internal control system
• Financial and other Organizational Plans: These plans specify the various
duties and responsibilities of both management and staff, stating the powers
of authorisation that reside with various members.
• Competent Personnel: In any internal control system, personnel are the most
important element. When the employees are competent and efficient in their
assigned work, the internal control system can be worked and operated
efficiently and effectively even if some of the other elements of the internal
control system are absent.
• Division of Work: This refers to the procedure of division of work properly
among the employees of the organization. Each and every work of the
 5

organization should be divided in different stages and should be allocated to

the employees in accordance with quality and skill.
• Separation of operational responsibility from record keeping: If the
operations department of an organization is being asked to prepare its own
records and reports, there may be a tendency to manipulate results for
showing better performance. So in order to ensure reliable records and
information, record- keeping function is separated from the operational
responsibility of the concerned department.
• Separation of the custody of assets from accounting: To protect against
misuse of assets and their misappropriation, it is required that the custody of
assets and their accounting should be done by separate persons.
• Authorization: In an internal control system, all the activities must be
authorized by a proper authority, depending upon the criticality of the ask
and seniority of the approving authority.
• Managerial supervision and review: The internal control system should be
implemented and maintained in conformity with the environmental and
elemental changes of the concern.

Objectives of Internal Control

Operations related Objectives

Compliance: To have compliance with law and the accounting practices generally
accepted and followed in the country.
Reliance: To increase the reliance on the internal systems, people and accounting
practices followed by the organization, so that the chances of frauds are reduced.
Security: To provide security to customers, employees and property of the
organization. Physical security systems like security guards, locks and anti-theft
devices are used for providing protection.
Increased efficiency: To assist in human resource and performance management,
and to keep proper control over business activities to achieve maximum levels of
efficiency.
 6

Review and correction: To review the working of the business, locate weak points in
operations and to take corrective measures for proper working.
Authorization: To provide proper authority for purchase, sale, valuation, verification
and possession of assets.
Delegation: To provide for division of duties among the employees where all staff
members work cohesively.
Setting future Corporate Goals: An efficient system of internal control helps the
organization in goal setting. However, the organization should have certain policies,
rules and regulations in place to achieve the preset goals.

Objectives related to Accounts and audit

Conformity with accounting principles: To conform to the basic accounting
concepts, and principles that was governing an organization.
Evaluation: To evaluate the accounting system for proper authorization of
transactions.
Accurate planning: To ensure that the auditors and the accountants of the
organization make all the financial reports correctly and to ensure that financial
planning is done accurately.
Objectives with respect to resources of the organization
Resource utilization: To ensure that all the resources: Man, Material, Money and
Machines of the organization are optimally used.
Safeguarding of resources: To protect the resources of the organization against
mismanagement or fraud and to ensure that the company’s activities are in
accordance with laws and regulations.
Safeguarding: To safeguard the organization’s accounts, employees and assets by
formation of fool-proof policies, rules and regulations.

Advantages of Internal Controls

Attainment of goal & Objectives: A sound internal control helps the entity towards
the attainment of goal & objective of the business.
 7

Reliable financial Information: A sound internal control helps the organization to

set reliable financial information for managerial decision making.
Compliance with law & Regulations: Sound Internal control system ensures various
compliance with laws & regulation prevailing in the country
Efficient & Effective & Economical operation: A sound internal control system
ensures efficient and effective operations that accomplish the goals of the
organizations and protect employees and assets of the business. It ensures that the
resources are utilized only for their intended purposes.
Prevention of fraud & errors: A sound internal control system prevents and detects
frauds and errors and ensures timely preparations of financial statements and
various reports for decision making.
Safeguard from irregularities or misappropriations: A good internal control
system errors the protection of organisation resources from misappropriation and do
safeguard from any irregularities.
Employees’ satisfaction: It protects the interests of employees by segregation of
duties and delegation of responsibilities.

Disadvantages of Internal controls

Organizational Structure: Deficiencies in organizational structure make internal
control ineffective.
Size of the Organization: Small organizations have very low levels of internal
control, which are almost negligible due to more interference by owners and
management.
Unusual Transactions: The internal control procedures normally fail to keep a check
on unusual transactions.
Costly: The implementation of internal control procedures and processes involves
incurring costs in terms of time, effort and resources.
Abuse of Power: Members at the top-level management may override/interfere with
control.
 8

Collusion of two or more People: It may lead to internal controls being over-
ridden.
Obsolescence: Control system may become redundant with passage of time if not
updated with change in the size and nature of business.
Potential for human error: Due to misunderstanding of the concept of internal
control human errors may occur while carrying out Internal Control System.
Frequent follow-up measures: Follow-up procedures need to be frequent to ensure
its effectiveness, which is extremely time-consuming.

Types of Internal Control Systems

Preventive Controls are designed to discourage errors or irregularities from

occurring. They are proactive controls that help to ensure departmental objectives
are being met.
Examples of preventive controls are:
- Segregation of Duties: Duties are segregated among different people to reduce
the risk of error or inappropriate action. Normally, responsibilities for authorizing
transactions (approval), recording transactions (accounting) and handling the related
asset (custody) are divided amongst different clerks.
- Approvals, Authorizations, and Verifications: Management authorizes employees
to perform certain activities independently and without any approval from the
superiors. However, management specifies those activities or transactions that need
supervisory approval before they are performed or executed by employees. A
supervisor’s approval (manual or electronic) implies that he or she has verified and
validated that the activity or transaction conforms to established policies and
procedures.
- Security of Assets (Preventive and Detective): Access to equipment, inventories,
securities, cash and other assets is restricted; assets are periodically counted and
compared to amounts shown on control records.

Detective Controls are designed to find errors or irregularities after they have
occurred.
 9

Examples of detective controls are:

- Reviews of Performance: Management compares information about current
performance to budgets, forecasts, prior periods, or other benchmarks to measure
the extent to which goals and objectives are being achieved and to identify
unexpected results or unusual conditions that require follow-up.
- Reconciliations: An employee relates different sets of data to one another,
identifies and investigates differences, and takes corrective action, when necessary.
- Physical Inventories
- Audits
Corrective Controls target at the correction of errors and irregularities as soon as
they are detected. Steps in Internal Control consists of:
- Control Environment: Establish Integrity & ethical value.
- Assessment of Risk: Establishment of plan to prevent risks.
- Control Activities: Formulating policies & procedures.
- Information & communication: Evaluation of employee performance.
- Monitoring: Assessing overall performance of the Organisation.
Nature of Internal Control
• It is an essential pre-requisite for efficient and effective management of any
organization.
• It is, a primary responsibility of every management to establish and maintain
an adequate system of internal control appropriate to the size and nature of
the business of the entity.
• As per SA 265 - “Communicating deficiencies in internal control to those
charged with Governance and Management”, the auditor should report the
deficiencies, if any, observed during the course of audit, to management.

Responsibilities of management and auditor w.r.t. the internal controls

Management: The primary responsibility for maintaining an appropriate internal
controls system rests with the management. The responsibility of closely monitoring
the system to ensure that it is in place, so as to facilitate the basic objectives of
installing it, also rests with the management.
 10

Auditor: To safeguard his own interests, the auditor might resort to examination
and evaluation of the internal controls that exist in the organization. The auditor
should bring the weaknesses of the internal control system, if any, to the
management’s notice through a “letter of weakness” or “management letter”.

Techniques for Evaluation of Internal Control System by the auditor

Narrative Record: It is a complete and exhaustive description of the system. It is
appropriate in the case of small businesses. Gaps in the control system are difficult
to identify using a narrative records only.
Check List: It is a series of instructions that a member of the audit staff is required
to follow. They have to be signed by the audit assistant as proof for having followed
the instructions given. A specific statement is required for every weakness area.
Flow Chart: It is a pictorial representation of the internal control system depicting its
various elements such as operations, processes and controls, which help in giving a
concise and comprehensive view of the organization’s working to the auditor.
Internal Control Questionnaire: This is the most widely used method for collecting
information regarding the internal control system. It involves asking questions to
various people at different levels in the organization about all relevant information.
The questions are formed in a manner that would facilitate obtaining full
information through answers in “Yes” or “No”.
Internal Audit
Internal audit is an independent appraisal activity within the organization by the staff
of the entity or by an independent professional appointed for that purpose, for
review of accounting, financial and other operations and controls established within
an organization as a service to the organization.
Five Areas of operation / scope of internal audit
Financial and operating information: Internal auditors should review the reliability
and integrity of financial and operating information and the means used to identify,
measures, classify and report such information.
Laws, policies, plans, procedures and regulations: Internal auditor should review
 11

the compliances of policies, plan and procedures, law and regulations and report
any mis-compliance thereof.
Assets: Internal auditors should verify the existence of assets and should review the
means of safeguarding assets.
Resources: Internal auditor should ensure the economic and efficient use of
resources available.
Objectives and goals for operations: Internal auditor should review operation or
programmes to ascertain whether established objectives and goals are being met.

Features of internal audit

• It is an independent appraisal activity within the organization.
• It can be conducted by the staff of the entity or by an independent
professional appointed for that purpose.
• It is conducted for review of accounting, financial and other operations and
controls established within an organization.
• It is conducted as a service to the organization and is not a part of the
organization.
• It intends to furnish the analysis, appraisals, suggestions and information
concerning the activities reviewed to the management.
• Internal auditing functions as a continuous effort for promoting effective
control at reasonable cost.
Functions of Internal Audit
An appraisal function: The internal auditor’s job is to appraise / assess the activity
of
others. For example, a person who spends his time checking employee expense
claims is not performing an internal audit function. But an employee who spends
sometime reviewing the system of checking employee expense claims may be
performing an internal audit function.
Service to the organization: The management requires that the auditor ensures that
a) its policies are fulfilled, b) the information it requires to manage effectively is
 12

reliable and complete; c) the organisation’s assets are safeguarded, d) the internal
control system is well designed, e) the internal control system works effectively.
Other duties: other duties may include the following matters:
Ensuring the implementation of social responsibility policies adopted by top
management.
Acting as a training officer in internal control matters.
Auditing the information given to management particularly interim accounts and
management accounting reports.
Taking a share of the external auditor’s responsibility in relation to the figures in the
annual accounts and
Being concerned with the compliance with external regulations such as those on the
environment, financial services, related parties etc.

Need of Internal Audit / Internal Audit is an Important management tool

Internal audit is in-demand due to the following reasons:
1. Increased size and complexity of businesses.
2. Enhanced compliance requirements, like accounting standards.
3. Focus on risk management and internal controls to manage them.
4. Unconventional business models.
5. Improves efficiency of business operations
6. Ensures authenticity data being used by management for decision making
7. Intensive use of information technology.
8. Stringent norms mandated by regulators to protect investors.
9. An increasingly competitive environment.
10. Reporting under Companies (Auditors Report) Order, 2016

Advantages of Internal Audit

To the management:
I. It gives a review of overall internal control system established by the
management.
 13

II. It furnishes the deviations in following the procedures adopted for

safeguarding assets.
III. It appraises the organizational structure and management information system.
IV. It establishes that the policies, plans and strategies implemented are well in
place and gives suggestions on management information systems reports for
promoting effective control at reasonable cost.
To the statutory auditor in specific
I. It evaluates the internal control system, so the statutory auditor can reduce
the number of tests that he may have had to conduct in case there was no
internal audit
II. It carries out physical stock taking procedures, so reliance on stock valuation
is increased.
III. It helps in timely completion of accounts and accuracy of records.
IV. It evaluates the contingent liability existing at the year end.
V. It ensures correctness of financial statements through a system of pre-audit or
continuous audit.
To the organization as a whole and other stakeholders in general
I. The regular audit and checks result in accurate and efficient accounting
system.
II. It is a critical review of the business’ performance and management.
III. It provides strict supervision and direction to have effective controls.
IV. It provides safeguard to the business assets and prevents misuse and
misappropriation of all business assets.
V. The auditor can suggest ways and means to improve performance of the
business.
VI. It prevents occurrence of errors and frauds.
VII. It enhances the performance of the business by division of duties and
responsibilities as per the capability of the employees.
VIII. It keeps a check on proper utilization of resources, which leads to reduction in
costs.
 14

Distinction between internal audit and operational audit