Auditing: Internal Control
Internal Control system is one of the basic and essential factors for efficient and effective management. It covers both financial or non-financial aspects of management in an organisation.
Definition of Internal Control in accounting & auditing:
Internal Controls are methods put in place by an organisation to ensure the integrity of financial and accounting information, meet operational and profitability target and transmit management policies throughout the organisation.
Internal controls are the process designed to provide reasonable assurance regarding the achievement of objectives in the following categories:
- Reliability of financial reporting,
- Effectiveness and efficiency of operations, and
- Compliance with applicable laws and regulations.
Forms of Internal Controls
There are two forms of Internal Controls that help in ensuring correct and reliable records of transactions and operational efficiency. These are:
- Accounting Control
- It ensures correct and reliable records of transactions in conformity with normally accepted accounting principles
- Administrative Control
- These are wide in scope and comprise of the plan of organization that are concerned mainly with ‘operational efficiencies’.
Types of Internal Controls
- Detective: Designed to detect errors or irregularities that may have occurred.
- Corrective: Designed to correct errors or irregularities that have been detected.
- Preventive: Designed to keep errors or irregularities from occurring.
Internal Control Objectives
- Authorisation: To ensure that all transactions are authorized and approved by a responsible associate before that transaction is recorded
- Completeness: To ensure that records are not any missing entries
- Accuracy: To ensure that transactions have been entered correctly and in a timely manner
- Validity: To ensure that transactions are lawful in nature and do not contain any misrepresentations
- Physical Safeguards & Security: To ensure that that physical assets are safely guarded and only authorized personnel may access them.
- Error Handling: To ensure that when errors are discovered management is notified and the errors are corrected in a timely manner
- Segregation of Duties: To ensure that no one individual is reporting, collecting, and processing a single transaction.
Components of Internal Control
Under the (Committee of Sponsoring Organizations of the Treadway Commission) COSO model a system of internal controls is a process that is made up of five interrelated components. These are:
- Control environment
- Risk Assessment
- Control Activities
- Information and communication
Difference Between Internal Control and Internal Audit
Internal control is a system that comprises of control environment and procedure, which help the organization in achieving business objectives.
On the other hand, internal audit is an activity performed by an agency or department created by the management of the organisation, to ensure that internal control system implemented in the organization are effective.
Limitations of Internal Controls:
Some limitations inherent in all internal control systems include:
- Judgment: The effectiveness of controls is limited by human judgment.
- Breakdowns: Even well designed internal controls can break down at times. Sometimes due to new technology or due to complexity of computerized information systems.
- Management Override: High level personnel may be able to override prescribed policies and procedures for personal gain or advantage.
- Collusion: Control systems can be circumvented by employee collusion.