Chorafas (2001) notes “Internal Control is a dynamic system covering all types of risk, addressing fraud, assuring transparency, and making possible reliable financial reporting. Beyond risks, internal control goals are the preservation of assets, account reconciliation, and compliance.”
The internal control system is designed to identify and avert fraud, material misstatements and errors and omissions. However it can only offer reasonable guarantee that there isn’t material misstatement in the financial statements.
No internal control system, however elaborate, can be by itself guarantee efficient administration and completeness and accuracy of the records nor can it be proof against fraudulent collusion, especially on the part of those holding positions of authority and trust. This is mainly due to the following inherent limitations of an internal control system:
(a) Management has to ensure that the benefits expected from an internal control system outweigh the costs. As a result certain important controls might not be put in place due to the costs involved. E.g. a small entity might not have the resources to employ sufficient staff to ensure proper segregation of duties. (Spencer & Pickett, 2010).
(b) Most internal controls tend to be directed towards routine transactions rather than non-routine transactions. This leaves gaps that can be exploited.
(c) Human error due to carelessness, distraction, mistakes of judgment and misunderstanding instructions could undermine the internal control system.
“Control procedures” means those policies and procedures (in addition to the control environment) which management has established to achieve the entity’s specific objectives. Specific internal control procedures include:
These are procedures within the accounting function, which check that transactions are authorized, correctly and accurately recorded. This is aimed at ensuring completeness and accuracy of the accounting records. These procedures can be implemented through the following ways: (Godwin 2010)
Use of standardized documentation, raised at every stage of the transaction.
Use of pre-numbered documents.
Documents should be issued in sequence.
Monitor movement of documents by use of a register.
Production of exceptional reports for example when a local purchase order has been raised and the order has not been fulfilled by the supplier.
Reconciliation between the different accounts and related control accounts.
Segregation of duties
This refers to the separation of the various duties and responsibilities such that one person cannot process and record complete transactions from beginning to the end without being checked by another person.
For example, in the purchase of a company’s fixed assets, a single individual should not authorize the purchase, place the order, receive the asset and record the transaction in the accounting records. This is aimed at minimizing the risk of error and/or intentional manipulation of information. In this regard, for every transaction the following functions should be performed by different individuals and departments as much as possible and practicable. This is how this procedure is implemented:
Authorization – different levels of management should be given authority limits as to what they can authorize or commit the company’s resources. The authority limit should depend on the position, integrity, qualifications and competence.
Execution – transactions should be carried out by persons independent from those who authorize the transactions. If one person authorizes expenditure a different person should execute.
Custody of the asset – officials authorizing/executing a transaction should not have custody to the assets arising out of the transaction.
Segregation of duties also covers internal check which refers to the activities of one person must be complementary to the activities of another or subjected to independent checking.
Signs that an internal control system may be lacking include (but are not limited to) such factors as: management failing to exercise appropriate due care and correct supervision of staff. “These symptoms can be identified by missing documentation and identified errors in the account balances; and the lack of a company-wide ethics policy.” (Herrera 2010).
Another sign that indicates a lack of internal control is that lack of segregation of duties is evident. This consequently implies that members of staff have access to tasks (and are performing them) and this is causing contradictions in the regular allotted duties.
If the company has to pay insurance of $1500 in January, for example, but in real sense it is for the 3 months that follow, it becomes an expense because of the journal entry that is missing. These errors of omission usually result in erroneous ratio analyses which consequently cause management to make unsuitable decisions based on financial information that contains inaccuracies.
Horngren et al (1999) notes that “…the balance sheet shows less than accurate current assets and the income statement shows that there are more expenses incurred than there actually are. Adjusting entry will be required, but the statements during the last three months were deficient”
Chorafas, D.N. (2001). Implementing and auditing the internal control system. New York, NY: Palgrave Macmillan.
Godwin, N., et al. (2010). Financial ACCT. Stamford, CT: Cengage.
Spencer, H., & Pickett, J. M. (2010). The Internal Audit Handbook. New York, NY: John Wiley and Sons.