Nowadays, accounting frauds seem to be a trend. So, it is essential that we understand what we mean by instituting good internal controls.
Definition of Internal Control: Internal control is defined as a process, effected by the board of directors,senior management and other managers which is designed to provide reasonable assurance regarding the achievement of following objectives:Internal control is defined as a process, effected by the board of directors,senior management and other managers which is designed to provide reasonable assurance regarding the achievement of following objectives:
- Effectiveness and efficiency of operations.
- Reliability of financial reporting.
- Compliance with laws and regulations.
The fundamental concepts of internal controls are as follows:
- Internal control is a process which is a means to an end, not an end in itself.
- Internal control is effected by people and not policy manuals and forms, but people at every level of an organization.
- Internal control can be expected to provide only reasonable assurance, not absolute assurance, to an entity’s management and board.
Internal controls can be categorized into:
- Accounting controls are designed to safeguard company’s assets and ensure the accuracy of financial records.
- Administrative controls are designed to promote operational efficiency and adherence to company’s policies and procedures.
Internal Control comprises five interrelated components:
Control Environment: The core of any business is its people – their individual attributes, including integrity, ethical values and competence – and the environment in which they operate. They are the engine that drives the entity and the foundation on which everything rests.
Risk Assessment: The entity must be aware of and deal with the risks it faces. It must set objectives, integrated with revenues, production, marketing, financial and other activities so that the organization is operating in concert. It also must establish mechanisms to identify, analyze and manage the related risks.
Control Activities: Control policies and procedures must be established and executed to help ensure that the actions identified by management as necessary to address risks to achievements of the entity’ s objectives are effectively carried out. The company’s policies and procedures should be reviewed on a periodic basis.
Information and Communication: Surrounding these activities are information and communication systems. These enable the entity’s people to capture and exchange the information needed to conduct, manage and control its operations.
Monitoring: The entire process must be monitored, and modifications made as necessary. In this way, the system can react dynamically, changing as conditions warrant.The entity must be aware of and deal with the risks it faces. It must set objectives, integrated with revenues, production, marketing, financial and other activities so that the organization is operating in concert. It also must establish mechanisms to identify, analyze and manage the related risks. Control policies and procedures must be established and executed to help ensure that the actions identified by management as necessary to address risks to achievements of the entity’ s objectives are effectively carried out. The company’s policies and procedures should be reviewed on a periodic basis. Surrounding these activities are information and communication systems. These enable the entity’s people to capture and exchange the information needed to conduct, manage and control its operations.The entire process must be monitored, and modifications made as necessary. In this way, the system can react dynamically, changing as conditions warrant.