Menu Close

Internal Control

Internal control is a process of policies and procedures executed by an organization to ensure operational efficiency, reliable financial reporting, and compliance with laws and regulationsIt serves to safeguard assets, prevent and detect fraud and errors, and promote accountability

Types of Internal Control

Key Types of Internal Control:

  1. Preventive Controls: Designed to stop errors or fraud from occurring in the first place, such as requiring authorization for transactions or having different people responsible for different tasks.
  2. Detective Controls: Used to catch errors or fraud that were missed by preventative controls, such as conducting bank reconciliations or performing periodic reviews.
  3. Directive Controls: Are directives which include policy, procedure, or guideline that guides employees toward a desired outcome and establishes expectations, rather than preventing a problem from happening in the first place. 
Key Examples of Internal Control:
  1. Segregation of Duties: Separating responsibilities for authorizing a transaction, recording it, and handling the asset involved.
  2. Authorization: Requiring proper approval before a transaction can take place.
  3. Documentation: Maintaining thorough records and a clear system for how documents are created, used, and stored.
  4. Physical Safeguards: Securing physical assets like cash, equipment, and inventory.
  5. Monitoring and Reviewing: Periodically assessing the effectiveness of the internal control system, such as through internal audits.
  6. Information Security Control: Protecting data and systems from unauthorized access, such as password protection and access controls for accounting software. 
Key objectives of internal control:
  1. Safeguarding assets: Protects the company’s assets (both tangible and intangible) from theft, misuse, or damage through controls like physical safeguards and authorization procedures.
  2. Reliable financial reporting: Ensures the accuracy and completeness of financial records and statements so that they can be used for reliable decision-making.
  3. Operational efficiency: Promotes the efficient and effective use of resources to help the organization accomplish its objectives.
  4. Compliance: Ensures the organization adheres to all relevant laws, regulations, and internal policies.
  5. Prevention and detection of fraud and errors: Creates mechanisms to prevent and detect fraudulent activities and unintentional errors.
  6. Adherence to management policies: Encourages employees to follow the management’s established policies and procedures. 

Key limitations against internal control:

  1. Human error: Mistakes can occur due to negligence, tiredness, or a lack of understanding, which can cause a control to fail.
  2. Collusion: Two or more employees working together can circumvent controls that are designed to prevent fraud.
  3. Management override: Senior management can use their authority to bypass internal controls to commit fraud or manipulate financial statements.
  4. Cost constraints: Implementing a comprehensive internal control system can be expensive. Companies may choose to accept a certain level of risk rather than incur the costs of designing controls for every possible scenario.
  5. Outdated controls: Internal control systems can become ineffective if they are not updated to reflect changes in the business environment, technology, or the nature of transactions.
  6. Reasonable assurance: Controls are designed to provide reasonable, not absolute, assurance. This is because controls are not foolproof and there is always a possibility of failure or circumvention.
  7. Manual processes: Controls that rely on manual intervention are particularly susceptible to human error and inconsistency.
  8. Sampling and judgment: Auditors use testing and sampling to evaluate internal controls, which means that not every transaction is verified. This can result in undetected errors or fraud.