The purpose of any internal control procedure is to provide reasonable assurance that the organisation can meet its objectives.
The Turnbull Report defined internal control and its scope as follows:
‘The policies, processes, tasks, behaviours and other aspects of an organisation that taken together:
Facilitate effective operation by enabling it to respond in an appropriate manner to significant business, operational, financial, compliance and other risks to achieve its objectives. This includes safeguarding of assets and ensuring that liabilities are identified and managed.
Ensure the quality of internal and external reporting, which in turn requires the maintenance of proper records and processes that generate a flow of timely, relevant and reliable information from both internal and external sources.
Ensure compliance with applicable laws and regulations and also with internal policies.’
To ensure that internal controls are effective they must be documented to enable an audit trail of every activity taking place within the organization.
Internal control procedures in accounting can be broken into two main categories namely preventative and detective, each designed to prevent fraud and identify errors before they become problems.
Preventative internal controls are policies and procedures that do not allow certain events to occur. Preventative internal controls are proactive and the first line of defense in a financial accounting system.
Detective internal controls are the backup procedures that ensure the preventative internal controls are operating as intended. Items or events missed by the first line of defense have the potential to be caught by this second set of controls.
Preventative internal controls
Separation of Duties
Segregation is relevant at all levels of the business regardless of the size of the business. Separation of duties involves splitting responsibility for bookkeeping, deposits, reporting and auditing. The further duties are separated, the less chance any single employee has of committing fraudulent acts. For small businesses sharing responsibilities between two or more people or requiring critical tasks to be reviewed by co-workers can serve the same purpose.
Controlling access to different parts of an accounting system via passwords, lockouts and electronic access logs can keep unauthorized users out of the system while providing a way to audit the usage of the system to identify the source of errors or discrepancies. Robust access tracking can also serve to deter attempts at fraudulent access in the first place.
Physical audits include hand-counting cash and any physical assets tracked in the accounting system, such as inventory, materials and tools. Physical counting can reveal well-hidden discrepancies in account balances by bypassing electronic records altogether. Counting cash in sales outlets can be done daily or even several times per day. Larger projects, such as hand counting inventory, should be performed less frequently, perhaps on an annual or quarterly basis.
Standardizing documents used for financial transactions, such as invoices, internal requisition forms, goods received vouchers, and payment requisition forms help to maintain consistency in record keeping over time. Using standard document formats make it easier to review past records when searching for the source of a discrepancy in the system. Lack of standardization can cause items to be overlooked or misinterpreted in reviews.
Detective internal controls
Using a double-entry accounting system adds reliability by ensuring that the books are always balanced. Even so, it is still possible for errors to bring a double-entry system out of balance at any given time. Calculating daily or weekly trial balances can provide regular insight into the state of the system, allowing you to discover and investigate discrepancies as early as possible.
Regular accounting reconciliations of control accounts (stock, debtors, creditors and bank) can ensure that balances in your accounting system match up with balances in accounts held by other entities, including banks, suppliers and credit customers. For example, a debtor’s reconciliation involves comparing debit balances and records of receipts between your accounting system and the debtor’s statements. Differences between these types of complementary accounts can reveal errors or discrepancies in your own accounts, or the errors may originate with the other entities.
Managers should be assigned to authorize different types of transactions in line with their level in the organization, this adds a layer of responsibility to accounting records by proving that transactions have been seen, analyzed and approved by appropriate authorities. This authorization should cover payments, stock issues, capital expenditure, and use of, for example company vehicles for different assignments. .
Detective internal controls also includes the use of performance reviews, namely use of budgets, forecasts and benchmarks Other detective internal controls include external audits from accounting firms and internal audits of assets such as inventory (stock)..
The effectiveness of internal controls is limited by human judgment. Usually high-level personnel in the organization are given the ability to override internal controls for operational efficiency reasons. Also internal controls can be circumvented through collusion. Employees working together may act in a manner in which internal controls cannot detect or prevent fraud from occurring.
As organisations grow, the need for internal controls increases, as the degree of specialisation increases and it becomes impossible to remain fully aware of what is going on in every part of the business it is therefore critical that management make periodic reviews of these controls to ensure that they are still relevant and adequate.
[contact-form][contact-field label=’Name’ type=’name’ required=’1’/][contact-field label=’Email’ type=’email’ required=’1’/][contact-field label=’Contact Number’ type=’text’ required=’1’/][contact-field label=’Website’ type=’url’/][contact-field label=’Comment’ type=’textarea’ required=’1’/][/contact-form]