Group 2 - Summative Report
Group 2 - Summative Report
BSMA3
Group Members:
Internal Control is the process designed and effected by those charged with governance,
management and other personnel to provide reasonable assurance about the achievement of
the entity’s objectives with regard to reliability of financial reporting, effectiveness and efficiency
of operations and compliance with applicable laws and regulations. It follows that internal control
is designed and implemented to address identified business risks that threaten the achievement
of any of these objectives. Those objectives fall into three categories:
Internal controls are the mechanisms, rules, and procedures implemented by a company to
ensure the integrity of financial and accounting information, promote accountability, and prevent
fraud. Besides complying with laws and regulations and preventing employees from stealing
assets or committing fraud, internal controls can help improve operational efficiency by
improving the accuracy and timeliness of financial reporting.
Detective Control
Detective controls attempt to find problems within a company's processes once they have
occurred. They may be employed in accordance with many different goals, such as quality
control, fraud prevention, and legal compliance. Here, the most important activity is
reconciliation, which compares data sets. Other detective controls include internal and external
audits.
Preventive control activities aim to deter errors or fraud from happening in the first place and
include thorough documentation and authorization practices. Separation of duties, a key part of
this process, ensures that no single individual is in a position to authorize, record, and be in the
custody of a financial transaction and the resulting asset.
Corrective Controls
Corrective controls come into play after an issue has already occurred and needs to be fixed.
They play a vital role in the internal control system because they resolve the issue that may
result in (or has already resulted in) fraud, data breaches, financial losses, or reputational
damage. These controls also provide a measure of relief that the issue has been fixed and won’t
recur in future.
Internal Control System means all the policies and procedures (internal controls) adopted by
the management of an entity to assist in achieving management’s objective of ensuring, as far
as practicable, the orderly and efficient conduct of its business, including the adherence to
management policies, the safeguarding of assets, the prevention and detection of fraud and
error, the accuracy and completeness of accounting records, and the timely preparation of
reliable financial information.
Components of Internal Controls
A company's internal controls system should include the following components:
● Control environment: A control environment establishes for all employees the importance
of integrity and a commitment to revealing and rooting out improprieties, including fraud.
A board of directors and management create this environment and lead by example.
Management must put into place the internal systems and personnel to facilitate the
goals of internal controls.
● Risk assessment: A company must regularly assess and identify the potential for, or
existence of, risk or loss. Based on the findings of such assessments, added focus and
levels of control might be implemented to ensure the containment of risk or to watch for
risk in related areas.
● Monitor: A company must monitor its system of internal controls for ongoing viability.
Doing so can ensure, whether through system updates, adding employees, or necessary
employee training, the continued ability of internal controls to function as needed.
● Information/Communication: Solid information and consistent communication are
important on two fronts. First, clarity of purpose and roles can set the stage for
successful internal controls. Second, facilitating the understanding of and commitment to
steps to take can help employees do their job most effectively.
● Control activities: These pertain to the processes, policies, and other courses of action
that maintain the integrity of internal controls and regulatory compliance. They involve
preventative and detective activities.
● Compliance with laws and regulations: An organization's financial activities must
adhere to all relevant laws, regulations, and standards. This involves keeping up-to-date
with changes in financial regulations and implementing measures to ensure compliance.
● Separation of duties: Distributing responsibilities among different people reduces the risk
of error or inappropriate actions. This includes separating authorization, custody, and
record-keeping roles to prevent fraud and errors.
● Physical controls: A business must implement security measures to protect its assets,
including cash, inventory, and equipment. This could involve secure storage facilities,
access controls, and surveillance systems.
The internal control system extends beyond these matters which relate directly to the functions
of the accounting system and consists of the following components:
This means the overall attitude, awareness and actions of directors and management regarding
the internal control system and its importance in the entity. However, a strong environment does
not, by itself, ensure the effectiveness of the internal control system. The environment in which
internal control operates has an impact on the effectiveness of the specific control procedures.
Several factors comprise the control environment, including:
Risk Assessment is the identification, analysis, and management of risks pertaining to the
preparation of financial statements. For example, risk assessment may focus on how the entity
considers the possibility of transactions not being recorded or identifies and assesses significant
estimates recorded in the financial statements.
C. Control Activities
Are the policies and procedures that help ensure that management directives are carried out, for
example, that necessary actions are taken to address risks that threaten the achievement of the
entity’s objectives. Control activities, whether within IT or manual systems, have various
objectives and are applied at various organizational and functional levels.
E. Monitoring of controls
Monitoring, the financial component of internal control, is the process that an entity uses to
assess the quality of internal control over time. Monitoring involves assessing the design and
operation of controls on a timely basis and taking corrective actions as necessary.
Examples:
● Data Entry Errors stem from the lack of appropriate skills, experience, and appropriate
technology.
a. Inaccurate Data Inputs are typically the most common error that may occur in
data entry (e.g., entering an incorrect price for a product, affecting cost
calculations and profit margins).
b. Incorrect Data Formatting - the entering of data in the wrong column or field or
entering data information multiple times (e.g., entering a height measurement in
centimeters in a column that expects inches).
c. Transposition Errors occur when numbers or letters are swapped, leading to
incorrect sequences (e.g., recording 528 as 258).
d. Representation/Unit Inconsistencies - this type of error includes inconsistencies
in terms of time, date, and addresses (e.g, entering a measurement in metric
units in one entry and imperial units in another entry).
e. Data Misinterpretation - this type of error typically happens when numbers are
unintentionally mixed in with words (e.g., writing "100%" instead of "one hundred
percent" in a program that expects only text or only numbers).
Types of Errors
1. Errors of Commission occur due to the negligence of the accountant or clerk. For this
reason, they are often referred to as clerical errors or errors of inadvertence.
Examples:
While businesses of different individuals can have striking different characteristics, most
have some fundamental conceptual characteristics and practices in common. The three basic
business transaction cycles include:
● Sales and Collections Cycle
1. Errors in recording sales and collections transactions.
Examples:
● Transposition error - recording a sale of $125 as $215 by accidentally
switching the digits.
● Incorrect customer account - posting a payment received from "Graezelle
Sam" to the account of "Graezelle Sam".
2. Frauds in sales and collections
a. Fraudulent financial reporting
Examples:
● Overstating revenue - reporting higher earnings than a company actually
has
● Understating expenses - reporting lower expenses than a company
actually has
b. Misappropriation of assets: Withholding cash receipts
Skimming – refers to the act of withholding cash receipts without recording
them (e.g., voiding a sale to remove the transaction from the system and keep
the cash).
Lapping – is used to conceal the fact that cash has been abstracted; the
shortage in one customer’s account is covered with a subsequent payment
made by another customer (e.g., Customer Z pays 100 pesos to the store,
instead of recording the 100 pesos payment to Customer Z's account, they
apply it to Customer A's outstanding balance. After some time, customer A
pays 150 pesos to the store. The 150 pesos from Customer A is then used to
cover Customer Z's original 100 pesos debt, creating the illusion that both
accounts are paid).
Kiting – is another technique used to cover cash shortage or to inflate cash
balance (e.g., a company employee writing checks from one company bank
account to another, creating a false appearance of sufficient funds in each
account, allowing them to withdraw cash from either account even when there
isn't enough money to cover the withdrawals).
● Acquisitions and Payments Cycle
1. Errors in the Acquisitions and Payment Cycle - The following may occur in the
acquisitions and payments cycle:
a. Failing to record a purchase in the proper period (e.g., a company receives
a delivery of office supplies in December 2023 but mistakenly records the
purchase in their accounting system as occurring in January 2024).
b. Recording goods accepted on consignment as a purchase (e.g., a
company received merchandise from a supplier to sell on consignment, but
instead of recording it as a "consignment inventory" asset, they mistakenly
recorded it as a regular "purchases" entry).
c. Failing to record a cash payment (e.g., a customer pays cash but the
receipt is lost or not properly filed, leading to the payment not being recorded
in the system).
d. Recording a payment twice (e.g., when someone accidentally enters the
same invoice details twice while manually inputting data into the accounting
system).
2. Frauds in the Acquisitions and Payment Cycle:
a. Paying for fictitious purchases (e.g., creating fake employee profiles to
submit expense reports for items they never purchased).
b. Receiving kickbacks (e.g., a purchasing manager accepts a bribe from a
supplier in exchange for awarding them a contract).
c. Purchasing goods for personal use (e.g., an employee ordering a large
quantity of company supplies, like office stationery or electronics, and then
claiming they are for business needs while actually using them at home for
personal use).
The three principal elements of strong internal control over share capital and dividends:
1. The proper authorization of transactions by the board of directors and corporate office.
2. The segregation of duties in handling these transactions (preferably the use payments)
3. The maintenance of adequate records.
References:
Cabrera, M. (2019). Corporate Governance, Business Ethics, Risk Management, and Internal
Control. GIC Enterprises & Co., Inc.