What is an example of a weak internal control system?

Internal controls are the systems, regulations, and procedures put in place by a firm or organization to assure the accuracy of financial and accounting data, encourage accountability, and prevent fraud. These controls can assist enhance operational efficiency by enhancing financial reporting accuracy and timeliness.

The Committee of Sponsoring Organization of the Treadway Commission (COSO) model broadly defines internal control as a process, effected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operational effectiveness and efficiency, financial reporting reliability and compliance to applicable laws and regulations.

Although no two internal control systems are the same, many key principles about financial integrity and accounting standards have become standard management practices. There is also no such thing as a perfect internal control system because all businesses operate in changing contexts. As some hazards fade away, new dangers emerge, some of which will be difficult or impossible to forecast.

These controls can be divided into two categories: Preventive and Detective.

1. Preventive Controls: These are controls put in place to prevent errors or fraud from occurring in the first place. Separation of duties, documentation, and authorization procedures are examples of such controls.

2. Detective Controls: These are back-up methods for detecting occurrences that the first line of defence has mishandled. These controls also show that preventive controls are working as they should. Reconciliation is the most essential activity here.

Following the discovery of a problem by detective controls, corrective controls can be introduced. Disciplinary action is an example of such control.

As a result, the goal of any control system should be to provide reasonable assurance that the company can achieve its goals. Internal control objectives include, but are not limited to, the following:

• Asset protection

• Prevention and detection of fraud and other illegal activities

• Accuracy and completeness of financial records

• Timely creation of financial accounts

• Efficient business operations

A business that lacks internal controls runs inefficiently, unreliably, and in

violation of applicable rules and regulations. This frequently leads to an inability

to track performance against budgets and forecasts.

Poor internal controls refer to the following:

1. Missing reports and documents: The figures in a company's financial and

accounting reports must be backed up by original papers, which are typically

invoices, purchase orders, and receipts.

It becomes difficult to verify the accuracy of the data in the report if the original

documentation cannot be located.

2. Lack of audits: Any company that cares about keeping accurate books will hire a

third-party auditor to review the work of its staff on a regular basis. If a

corporation does not conduct audits, a dishonest employee may be able to get

away with fraud for a long period before being found.

3. Lack of separation of duties: When it comes to accounting, one person should

not be responsible for everything. A single person should not be able to authorize,

record, or oversee a financial transaction or the asset that results from it. This can

lead to a situation where the employee's job is unchecked.

4. Absence of oversight: This allows employees to handle themselves. A rogue

trader in an investment bank may be able to run roughshod over the company's

finances due to a lack of control.

5. Inaccurate financial statements: When a company discovers mistakes in its

financial statements, it may indicate a problem with its internal control system. If

financial reporting is inaccurate, a corporation should investigate the accounting

practices used.

6. Lack of documented procedures: Every process and activity that an

organization engages in should be accompanied by written procedures.

Employees may not know the necessary procedures if there are no written procedures in place, and they may complete activities incorrectly.

7. Complaints from customers: A higher-than-normal volume of client complaints is another sign of a faulty internal control system. Customers should be satisfied with products and services; thus, businesses should build a system to achieve this. If many complaints are received, management should investigate the issue and recognize that internal controls may be lacking.

How to Identify Inadequate Internal Controls

• Conduct an internal audit

• Conduct a risk assessment

• Review departmental reports

• Train and educate employees

• Consider consumer and stakeholder feedback

Article Written by Adegoke Oreoluwa, CFE

An internal audit control system is like a good diet and exercise plan. Like the measures you take to protect your health, it consists of all the policies and procedures you have in place to protect your business’s assets. Assets include the premises, furnishings, equipment and, of course the money. Intangibles like your business’s reputation and name recognition are also assets.

There are two main types of internal audit systems; preventive and detective. Preventive systems are designed to prevent problems. They’re the vitamins, healthy diet and exercise part. Detective systems are designed to identify problems that have already occurred like the diagnostic tests your doctor runs when you’re sick. The best internal audit systems include both.

Proactive preventive measures are critical to control losses. But your system also has to have a detective component in case a problem arises. The detective component is a set of guidelines for how to resolve problems. Detection should be ongoing because it provides proof that the preventive controls are working the way they’re supposed to.

A good internal control system does the following:

• Controls risk.
• Operates effectively and efficiently.
• Protects tangible and intangible resources from waste and theft.
• Prevents fraud.
• Proactively identifies potential issues and reactively deals with them quickly when they occur.
• Generates prompt and accurate reporting.
• Measures progress toward your goals.
• Complies with all laws and regulations that apply to your business.

Some famous internal control problems examples are the Enron and Lehman Brothers scandals. Both big companies went bankrupt but not before damaging untold numbers of lives through their losses.

More recently, Kenya Airlines lost an estimated $21.7 million because of incorrect billing and not charging the correct amount for excess baggage.

While the best course of action is to build a strong internal control system in the first place, weaknesses in internal audit control systems are usually pretty easy to fix. But first you have to know what they are. If your internal control system is missing any of the following elements you have internal control deficiencies:

1. Robust physical security as in locks, alarms, cameras and limited access to your business’s valuables.
2. Clearly defined employee roles and job responsibilities.
3. Segregated employee duties, particularly in handling money. If one person is responsible for handling all the money from receiving it to depositing it in the bank you taking a big risk that it could be handled inappropriately.
4. Management or owner approval of who does what on an ongoing basis and when a particular activity requires supervisory approval.
5. Assets security including who has keys to the business, who can operate what equipment and who has access to cash and inventory.
6. Regular business performance reviews to balance budgets, check that earnings are on target and confirm that goals are being met.
7. Frequent reconciliations in which different sets of data are compared so that discrepancies and problems can be easily identified.
8. Regular inventories compared with sales to ensure that no stock is missing through waste or theft.
9. A disaster recovery plan to ensure data backup and assets protection. You should be able to continue to operate or at least recover quickly if your place of business is damaged or a natural disaster occurs.

This list may seem a bit daunting but time spent developing a strong internal audit control system is time well spent. It can save you a lot of money in the long run by preventing losses as much as possible, and identifying them and resolving them quickly when they happen.

Tool are available online to help you develop your own system. Following a template or outline, along with a quick study of internal control problems examples will set you on the right track.

The U.S. Department of Housing and Urban Development’s website contains information and tools designed to help recipients of federal funding develop their internal audit control systems. But they’re generic enough to apply to any business.

Start with their Internal Control Questionnaire and Assessment. It will help you figure out where to begin. Then use their Implementing the Five Key Internal Controls publication to build your system. This document contains an excellent visual aid in the form of a flowchart entitled “Summary of Internal Control Standards.”