Mada za sehemu hiiAuditingMada 6
Internal control system is the whole system of controls, financial and otherwise established by the management to carry on the business of the enterprise in an orderly and efficient manner, safeguard assets and ensure as far as possible the completeness and accuracy of the records. This system includes internal audit, internal check and other controls.
Internal control system works to ensure the assets are safeguarded, financial reports are reliable and performance of the entity is kept within a practical performance range. Individual components of this system are referred to as internal controls. Internal control aims at ensuring efficiency and effectiveness of operations, reliability of financial reporting and compliance with applicable laws and regulations. This can be done by ensuring the management adhere to all policies, and assets are utilized optimally and protected from misuse, frauds and theft. It works to prevent, detect and correct frauds and errors through various techniques.
Internal control should aim to achieve the following objectives:
- Efficient conduct of business: there must be controls to ensure that processes flow smoothly and operations are free from disturbances, interruptions and interferences. This mitigates against the risk of inefficiencies and threats to the attainment of intended objectives of the firm.
- Safeguarding assets: Internal controls should ensure that assets (both tangible and intangible) are used for the intended purposes, and are not exposed to misuse or theft.
- Preventing and detecting fraud and other unlawful acts: controls should be in place to prevent fraud from occurring. However, if fraud and other unlawful acts occur, they should be detected easily and at their early stages. As organizations increase in size and complexity, the nature of fraudulent practices becomes more diverse, and controls must be capable of addressing these.
- Completeness, accuracy and timely reporting of financial records: controls should be capable of recording all transactions so that the nature of business transacted is properly reflected in the financial accounts. Financial statements of a firm cannot be accurate if the information contained are unreliable. Additionally, there should be internal systems that ensure financial reports are prepared and issued in time. The use of accounting packages helps to a large extent on the realization of the accuracy and reliability and easy preparation of financial reports.
Internal control has five components as explained below:
- The control environment: This represents the attitude of the management and employees of the organisation toward internal control. Control environment includes organisation culture and commitment of the management towards: integrity and ethical values; how the assignment and authority are assigned; how the organisation attract; develop and train competent individuals; and how individuals who breach the internal controls are held accountable.
- Control activities: These are policies and procedures in place to ensure that management directives are carried out effectively. Examples of control activities include: segregation of duties; authorization and approval of transactions; verifications of transactions and documents; accounts reconciliation and physical controls over assets.
- The risk assessment process: This is the process used by management in identifying, assessing and addressing possible risks. Management has to identify the risk, the likelihood of their occurrence, and have mitigating measures in place to deal with the identified risks.
- The information system and communication: These consists of technology, hardware and software components, people, procedures and data. Furthermore, it covers how transactions are initiated, recorded, posted and reported in the financial statements.
- Monitoring process: This involves monitoring the effectiveness of controls and identifies possible solution in areas of weaknesses. Monitoring helps to ensure high compliance to the established policies and procedures. This reduces the chances of errors, fraud and misstatements in the financial statements.
All organisations are subject to threats that may have negative impact to the organisation and result in asset loss. While some of these threats are unintentional, caused by an ignorant employee that leads to costly errors, others are more malevolent, such as the case of fraudulent manipulation and extortion. These risks are present in every business small, medium and large. Regardless of why they happen, internal controls need to be established to avoid or minimize losses caused by these threats. There are three main categories of internal controls that can be used to avoid or minimize the possibility of a loss in an organisation. These are referred to as: preventative, detective and corrective controls. They are further explained in detail hereunder:
Preventative controls
Even in normal life, usually prevention is better than cure. That is to say, it is better if efforts can be made to minimize or even avoid completely the occurrence of a bad event than waiting to deal with the effects after the event has occurred. It is always easier, less stressful and more efficient to establish the appropriate measures to prevent an event from occurring rather than working under the pressure on the effects of the event. Preventative internal controls are those controls put in place to avoid negative events from manifestation.
For example, most banks have installed finger print locks on their internal doors so as to verify identity credentials as a way to restrict unauthorised entrance. Also, some houses now days are installed with electrical fences, place security guards at entrance points or keep dogs with the primary purpose of preventing thieves from entering the houses. Trainings of staffs and backups of computer information in more than one device, installation of anti-virus in computers are also preventative controls. To put this into real-business context, an organisation may begin by assigning one person to write cheques, and another person to authorize the payments. This break-down, or segregation of duties, is an example of preventative internal controls from an administrative standpoint.
Detective controls
It is very unfortunate that, even if preventive measures are in place, there is a chance that some errors will still occur. That's where detective internal controls come in. When things go wrong, it is important to learn everything about the event, so as to improve the preventative measures in future. From a business and accounting perspective, some common examples of detective internal controls are audits, stocktaking, bank reconciliation, cash counts and analysis of financial statements.
Corrective controls
These are controls that are operational only after the detective internal controls have identified a problem. As previously noted, even when all of the existing preventative controls go as planned, sometimes it is not enough. Upon discovery of an error or defect within the organisation, with detective internal controls, corrective internal controls are implemented to improve the identified shortcomings. These controls may include disciplinary action to an employee who performs poorly, formulation of new or refining policies to prohibit inefficiencies or inappropriate practices such as employee absenteeism.
Mwalimu
Unasoma somo hili? Niulize nikuelezee chochote kilichomo.
Ingia ili kumuuliza Mwalimu wa AI wa Sonza kuhusu mada hii.
Ingia ili kuuliza