What is internal control?
Internal control encompasses the policies and procedures put in place by an organization to ensure accurate financial information, ensure compliance with laws and regulations, protects its resources against waste, fraud and inefficiency.
The controls are designed to prevent errors, non-compliance with laws and regulations, fraud, waste and inefficiency.
Components of internal controls.
The International Standards on Auditing (ISA) 315 identifies five (5) components of internal controls. They are:
1. Control environment
The control environment refers to the overall structure of compliance or general attitude to internal control of management and employees in the organization. The control environment provides the discipline and structure for the achievement of the primary objectives of the system of internal control. The control environment includes the following elements:
i. integrity and ethical values
ii. management’s philosophy and operating styleÂ
iii. organizational structureÂ
iv. assignment of authority and responsibilityÂ
v. human resource policies and practiceÂ
vi. competence of personnel.
2. Control activities
Control activities are the practices and procedures used to ensure that the entity’s objectives are achieved. They are the application of internal controls. Control activities are specific procedures designed to prevent errors that may arise in processing of information and also to detect and correct errors that may arise in processing information.
Control activities in an organization includes:
i. Authorization controls
These require that all significant transactions must be authorized by a manager at an appropriate level in the organization.Â
ii. Physical controls over assets
These are controls for safeguarding assets from unauthorized use, or from theft or damage. An example is limiting access to inventory areas to a restricted number of authorized personnel.Â
iii. Arithmetic controls
These are checks on the arithmetical accuracy of processing. An example is checking invoices by a superior to make sure that the amount has been calculated correctly.Â
iv. Accounting controls
These are controls that are provided within accounting procedures to ensure the accuracy or completeness of records. An example is the use of control account reconciliations to check the accuracy of total trade receivables or total trade payables.Â
v. Management controls
These are controls applied by management. They include supervision by management of the work of subordinates, management review of performance and control reporting (including management accounting techniques such as standards setting, variance analysis, budgeting and budgetary control).Â
vi. Segregation of duties
This involves dividing of work to be performed into stages so that the work are done by separate individuals. This reduces errors and prevents monotony.
3. Risk assessment
Risk assessment involves identifying potential risks, then implement internal controls to mitigate them. Accounting teams should have an always-on approach to monitoring since new risks can surface without warning. The teams should then deliver audit reports to the board to surface any new risks.
This is especially important if a business’s products or services frequently evolve since changes in the organization’s infrastructure will also impact its system of internal controls.
4. Information and communication
Communicating with management about any lapses in internal controls is the best way to mitigate risks quickly. Though audit teams likely have hundreds or even thousands of data points, taking a proactive approach to enterprise risk management is essential
5. Monitoring
Audit teams should monitor internal controls on an ongoing basis. Doing so ensures that they will be able to identify when internal controls are functioning properly and when there are potential lapses in the internal controls system.
The need for an internal control in an organization.
Internal control plays a critical role in ensuring the efficiency, effectiveness, and integrity of an organization’s operations. It refers to a system of policies, procedures, and mechanisms designed to safeguard assets, ensure financial accuracy, promote operational efficiency, and support compliance with laws and regulations. Below are the reasons why internal control is essential in an organization:
1. Financial accuracy
Internal control such as arithmetic controls if put in place helps ensure financial information is accurate and reliable. This enables management to make informed decision.
2. Regulatory compliance
Organizations are required to adhere to laws and regulations in the industry of operation. Internal ensures compliance with regulations. This enables the organization avoid penalties and fines which could cause reputational damage to the organization.
3. Operational efficiency
Internal controls ensure operational efficiency by streamlining processes, avoiding waste and ensuring resources are efficiently utilized.
4. Prevention of fraud
A well-designed internal control will reduce the risk of fraud and unethical behavior. Controls such as monitoring of transactions, authorizations will reduce the risk of fraud in an organization.
5. Safeguarding of assets
Safeguarding of cash, inventory, and other valuable assets by implementing controls such as physical security, regular inventory counts etc ensure the organization’s assets are secure.
6. Risk mitigation
Internal controls help organization to identify, assess and mitigate risk. By establishing controls such as reconstruction, segregation of duties and approval processes. Organizations can minimize the risk of fraud, theft and errors. These ensures proper actions are taken to address risk before they escalate.
In conclusion, internal control is essential for an organization to:
1. Ensure accuracy and reliability of financial reporting
2. Prevent fraud and error
3. Improve operational efficiency
4. Ensure compliance to laws and regulations
5. Protect reputation and stakeholders’ confidence
Â
Effective internal controls help organization achieve their objective, manage risks and ensure long term sustainability.