Internal controls are the systems, regulations, and procedures put in place by a firm or organization to assure the accuracy of financial and accounting data, encourage accountability, and prevent fraud. These controls can assist enhance operational efficiency by enhancing financial reporting accuracy and timeliness. The Committee of Sponsoring Organization of the Treadway Commission (COSO) model broadly defines internal control as a process, effected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operational effectiveness and efficiency, financial reporting reliability and compliance to applicable laws and regulations. Although no two internal control systems are the same, many key principles about financial integrity and accounting standards have become standard management practices. There is also no such thing as a perfect internal control system because all businesses operate in changing contexts. As some hazards fade away, new dangers emerge, some of which will be difficult or impossible to forecast. These controls can be divided into two categories: Preventive and Detective. 1. Preventive Controls: These are controls put in place to prevent errors or fraud from occurring in the first place. Separation of duties, documentation, and authorization procedures are examples of such controls. 2. Detective Controls: These are back-up methods for detecting occurrences that the first line of defence has mishandled. These controls also show that preventive controls are working as they should. Reconciliation is the most essential activity here. Following the discovery of a problem by detective controls, corrective controls can be introduced. Disciplinary action is an example of such control. As a result, the goal of any control system should be to provide reasonable assurance that the company can achieve its goals. Internal control objectives include, but are not limited to, the following: • Asset protection • Prevention and detection of fraud and other illegal activities • Accuracy and completeness of financial records • Timely creation of financial accounts • Efficient business operations A business that lacks internal controls runs inefficiently, unreliably, and in violation of applicable rules and regulations. This frequently leads to an inability to track performance against budgets and forecasts. Poor internal controls refer to the following: 1. Missing reports and documents: The figures in a company's financial and accounting reports must be backed up by original papers, which are typically invoices, purchase orders, and receipts. It becomes difficult to verify the accuracy of the data in the report if the original documentation cannot be located. 2. Lack of audits: Any company that cares about keeping accurate books will hire a third-party auditor to review the work of its staff on a regular basis. If a corporation does not conduct audits, a dishonest employee may be able to get away with fraud for a long period before being found. 3. Lack of separation of duties: When it comes to accounting, one person should not be responsible for everything. A single person should not be able to authorize, record, or oversee a financial transaction or the asset that results from it. This can lead to a situation where the employee's job is unchecked. 4. Absence of oversight: This allows employees to handle themselves. A rogue trader in an investment bank may be able to run roughshod over the company's finances due to a lack of control. 5. Inaccurate financial statements: When a company discovers mistakes in its financial statements, it may indicate a problem with its internal control system. If financial reporting is inaccurate, a corporation should investigate the accounting practices used. 6. Lack of documented procedures: Every process and activity that an organization engages in should be accompanied by written procedures. Employees may not know the necessary procedures if there are no written procedures in place, and they may complete activities incorrectly. 7. Complaints from customers: A higher-than-normal volume of client complaints is another sign of a faulty internal control system. Customers should be satisfied with products and services; thus, businesses should build a system to achieve this. If many complaints are received, management should investigate the issue and recognize that internal controls may be lacking. How to Identify Inadequate Internal Controls • Conduct an internal audit • Conduct a risk assessment • Review departmental reports • Train and educate employees • Consider consumer and stakeholder feedback Article Written by Adegoke Oreoluwa, CFE
An internal audit control system is like a good diet and exercise plan. Like the measures you take to protect your health, it consists of all the policies and procedures you have in place to protect your business’s assets. Assets include the premises, furnishings, equipment and, of course the money. Intangibles like your business’s reputation and name recognition are also assets.
There are two main types of internal audit systems; preventive and detective. Preventive systems are designed to prevent problems. They’re the vitamins, healthy diet and exercise part. Detective systems are designed to identify problems that have already occurred like the diagnostic tests your doctor runs when you’re sick. The best internal audit systems include both.
Proactive preventive measures are critical to control losses. But your system also has to have a detective component in case a problem arises. The detective component is a set of guidelines for how to resolve problems. Detection should be ongoing because it provides proof that the preventive controls are working the way they’re supposed to.
A good internal control system does the following:
Some famous internal control problems examples are the Enron and Lehman Brothers scandals. Both big companies went bankrupt but not before damaging untold numbers of lives through their losses.
More recently, Kenya Airlines lost an estimated $21.7 million because of incorrect billing and not charging the correct amount for excess baggage.
While the best course of action is to build a strong internal control system in the first place, weaknesses in internal audit control systems are usually pretty easy to fix. But first you have to know what they are. If your internal control system is missing any of the following elements you have internal control deficiencies:
This list may seem a bit daunting but time spent developing a strong internal audit control system is time well spent. It can save you a lot of money in the long run by preventing losses as much as possible, and identifying them and resolving them quickly when they happen.
Tool are available online to help you develop your own system. Following a template or outline, along with a quick study of internal control problems examples will set you on the right track.
The U.S. Department of Housing and Urban Development’s website contains information and tools designed to help recipients of federal funding develop their internal audit control systems. But they’re generic enough to apply to any business.
Start with their Internal Control Questionnaire and Assessment. It will help you figure out where to begin. Then use their Implementing the Five Key Internal Controls publication to build your system. This document contains an excellent visual aid in the form of a flowchart entitled “Summary of Internal Control Standards.” |