All about internal control

INTRODUCTION

In layman language, Internal control is a proactive approach that balance risk and control in the company & helps to achieve its objectives. Internal control may also be defined as a process comprises of Organisation, People and Information Technology. In other words, Internal control is a process that is affected by Organisation, people and information technology, which is designed to protect the organisation against risk of fraud, non-compliances & scams.

What does effective internal control provide?

Ans:

• Operational effectiveness
• Prevention & detection of fraud
• Reliability of financial information
• Reasonable assurance for safeguarding the assets whether physical or intangible.
• Compliances with laws and regulations

FEATURES OF INTERNAL CONTROL

• Helps business in explaining opportunities
• Ensuring that an organisation is not unnecessarily exposed to avoidable risk
• Ensures that information used within organisation & for publication is reliable

Whether the scope of internal control restricted to financial control only?

Ans: No, financial control is a part of internal control and internal control is a wider term because it is at the organizational level. It also includes -

• Administrative control
• Accounting control
• Operational control of Management control

CLASSIFICATION OF INTERNAL CONTROL

Internal control can broadly be classified into two categories i.e.

Accounting or Financial control - It comprises of all plan or method or procedures of the organisation which safeguard the assets & reliability of financial information of an organisation. It aims at ensuring:-

• Authorisation & Approval
• Separation of duties concerned with Book keeping & accounting reports.
• Physical Controls over assets
• Internal Auditing
• Internal checks

Accounting control and internal control are same?

Ans: Internal checks, internal audit, quantitative controls, budgetary controls etc. can be said to be a part of the Accounting Controls, in so far as they deal with quantitative aspects. On a wider footing, accounting controls, operational controls, policy planning/review, reporting etc. can be said to be a part of Internal Control.

It can safely be said that scope of internal control is much wider than that of accounting controls.

Administrative or Operational control

Administrative control are very wide in their scope they include all other managerial control concerns with decision-making process.

They include control such as Time and Motion study

• Quality control through inspection
• Performance budgeting
• Accounting
• Performance evaluation

COMPONENTS OF INTERNAL CONTROL

1. Control environment: It describes a set of standards, processes, and structures that provide the basis for carrying out internal control across the organization. According to the Institute of Internal Auditors (IA), a control environment is the foundation on which an effective system of internal control is built and operated in an organization that strives to-

• achieve its strategic objectives,
• provide reliable financial reporting to internal and external stakeholders,
• operate its business efficiently and effectively,
• comply with all applicable laws and regulations

2. Entities risk assessment process: The risk assessment forms the basis for determining how risks will be managed. A risk is defined as the possibility that an event will occur and adversely affect the achievement of organizational objectives. Risk assessment requires management to consider the impact of possible changes in the internal and external environment and to potentially take action to manage the impact.

3. Information system including the related business process relevant to financial reporting & communication: Information is obtained or generated by management from both internal and external sources in order to support internal control components. Communication-based on internal and external sources is used to disseminate important information throughout and outside of the organization, as needed to respond to and support meeting requirements and expectations. The internal communication of information throughout an organization also allows senior management to demonstrate to employees that control activities should be taken seriously.

4. Control activities: Control activities are actions (generally described the organization starting at the board level and senior in policies, procedures, and standards) that help management mitigate risks in order to ensure the achievement of objectives. Control activities may be preventive or detective in nature and may be performed at all levels of the organisation.

5. Monitoring of controls: These are periodic or ongoing evaluations to verify that each of the five components of internal control, including the controls that affect the principles within each component, are present and functioning around their products.

Why are Internal Controls important?

Ans: Internal controls are the mechanisms, rules, and procedures implemented by a company to ensure the integrity of financial and accounting information, promote accountability, and prevent fraud. Besides complying with laws and regulations and preventing employees from stealing assets or committing fraud, internal controls can help improve operational efficiency by improving the accuracy and timeliness of financial reporting.

The Sarbanes-Oxley Act of 2002, enacted in the wake of the accounting scandals in the early 2000s, seeks to protect investors from fraudulent accounting activities and improve the accuracy and reliability of corporate disclosures.

LIMITATIONS OF INTERNAL CONTROL

No matter how well your internal controls are designed, they can only go so far as to provide reasonable assurance that objectives are being achieved. While internal controls are effective in preventing, detecting and rectifying many problems, they cannot provide organizations with absolute assurance. This means that internal controls can't detect and prevent all cases where problems may exist. There will always be unforeseen circumstances for which internal controls simply can't compensate.
Here are some of the most common inherent limitations of internal controls:

• Human error
• Breakdown
• Management override
• Collusion
• Unforeseen circumstances

"One common internal control framework is the Committee of Sponsoring Organizations (COSO) framework, known as Internal Control-Integrated Framework. The COSO framework provided the first common definition of internal control: "a process, effected by an entity's board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting and compliance."

Strong internal controls can improve efficiency and ensure accuracy in financial reporting during external and internal audits.