Question

What are “internal controls”? Who establishes the controls? What role does management play in the creation and maintenance of a control environment? 

What do we mean by:

 “Segregation of duties”?

 "Tone at the top”? 

 “Compensating controls”?

 "IT general controls"?

 “IT application controls"? 

Provide examples of at least five internal controls and describe how they function within an organization; that is, how they help to ensure the integrity of the data produced by the company's accounting systems/ processes.

Answer 1

Internal controls are policies and procedures companies use to help prevent errors and fraud, which can include theft, embezzlement, favouritism or math errors in financial documents. It is a process/set of processes designed to facilitate and support the achievement of business objectives. Any system of internal control is based on a consideration of significant risks in operations, compliance and financial reporting. Objectives such as improving business effectiveness are included, as are compliance and reporting objectives.

SA 315 “Identifying and Assessing the Risks of Material. Misstatement Through Understanding the Entity and Its Environment “defines the system of internal control as the process designed, implemented and maintained by those charged with governance, management and other personnel to provide reasonable assurance about the achievement of an entity’s objectives with regard to reliability of financial reporting, effectiveness and efficiency of operations, safeguarding of assets, and compliance with applicable laws and regulations.

A set of internally generated policies and procedures adopted by the management of an enterprise is a prerequisite for an organisations efficient and effective performance. It is thus, a primary responsibility of every management to create and maintain an adequate system of internal control appropriate to the size and nature of the business entity.

Control environment is one of the components of Internal Controls. The effectiveness of controls cannot rise above the integrity and ethical values of the people who create, administer, and monitor them. The enforcement of integrity and ethical values includes, for example, management actions to eliminate or mitigate incentives or temptations that might prompt personnel to engage in dishonest, illegal, or unethical acts. The communication of entity policies on integrity and ethical values may include the communication of behavioral standards to personnel through policy statements and codes of conduct and by example.

Meaning of

(A) Segregation of duties:

One of the key concepts in placing internal controls over a company’s assets is segregation of duties. Segregation of duties serves two key purposes, firstly. It ensures that there is oversight and review to catch errors and secondly it helps to prevent fraud or theft because it requires two people to collude in order to hide a transaction

Segregation of duties involves separating three main functions and having them conducted by different employees having custody of assets; being able to authorize the use of assets and recordkeeping of assets.

(B) Tone at the top

The term “tone at the top” sets forth a company’s cultural environment and corporate values. Tone at the top, commonly referred to in auditing, is used to define a company’s management and board of director’s leadership and their commitment to being honest and ethical.

The tone at the top (the Board & Executive Management) & the credibility of the message on internal controls from top plays an important role in establishing strong control environment. Following are some of the key components to assess & evaluate the controls environment:

(C) Compensating Controls

A compensating control, also called an alternative control, is a mechanism that is put in place to satisfy the requirement for a security measure that is deemed too difficult or impractical to implement at the present time. Supervision control is considered as compensating control. Compensating control is meant for the safety and reduces attacks. The compensating control is an internal control which must meet the specific requirements sets for the prevention of attacks.

(D) IT General Controls

IT general controls (ITGC) are controls that apply to all systems, components, processes, and data for a given organization or information technology (IT) environment. The most common IT General Controls s: Logical access controls over infrastructure, applications, and data. System development life cycle controls.

(E) IT Application Controls:

IT application or program controls are fully automated (i.e., performed automatically by the systems) designed to ensure the complete and accurate processing of data, from input through output. These controls vary based on the business purpose of the specific application.

Examples of five internal controls are:

1. One of the most common internal controls for small businesses is the requirement that checks be co-signed. This helps prevent one person from writing a check to himself or approving an inappropriate payment. If your business writes many checks each month, you might institute a policy that only requires two signatures on checks that are more than a certain dollar amount, such as $500.

2. Perform bank reconciliation each month, comparing your bank statement to your general ledger. Many businesses record all of their payments and receipts in a general ledger, which is a record of the company’s financial transactions. The entries in a ledger are based on checks written, cash paid and cash, electronic deposits or credit card payments received. To help spot math errors and fraudulent entries, your bank statement will include all of the deposits you made or received electronically and show all of the payments you made. It will also include any bank fees you paid, allowing you to include those in your general ledger.

3. Internal audits allow one employee or department to review the work of another. Having a third party review purchases, financial records, time sheets, expense reimbursements and other business activities can help spot and reduce errors and fraud. External audits bring in an outside contractor or firm to review the work of your staff. This might include hiring a certified public accountant to review your books each month or quarter. Performing an inventory review can help you spot whether or not you have a problem with theft, over-delivery or breakage. Having a third party review purchases, financial records, time sheets, expense reimbursements and other business activities can help spot and reduce errors and fraud. Internal audits allow one employee or department to review the work of another. External audits bring in an outside contractor or firm to review the work of your staff. This might include hiring a certified public accountant to review your books each month or quarter. Performing an inventory review can help you spot whether or not you have a problem with theft, over-delivery or breakage.

4. Require that all travel expenses be approved by a supervisor in advance and that all expense reimbursement forms include receipts. Create a formal employee expenditure policy to help reduce high travel, lodging, and entertainment and meal costs. If you allow employees to book their own travel and lodging when attending conferences or trade shows, they might book flights and rooms that earn them the most reward points, rather than choosing the lowest-cost bookings.

5. Create an internal control that sets policies for making purchases to make sure you get the most value when making purchases. This can include only using approved vendors, requiring competitive bids from contractors or conducting a price check of several vendors before choosing one. This might include requiring your office manager to check online prices at several office stores before ordering office supplies, furniture or other equipment.