What are Internal Controls?
Let’s first look at the definition of internal controls in accounting. Internal control is a management process involving the people of the organization (the responsibility lies with management and the board of directors). Every company has and needs internal control rules, procedures, and mechanisms. Internal controls are designed to provide reasonable assurance regarding the safeguarding of assets, ensuring financial statement reliability, promoting operational efficiency, and encouraging compliance with management’s directives.
The management has to put their effort toward where they have the greatest risk to protect these aspects of the business. Internal control procedures also protect investors from any fraud and unreliable financial reporting.
Components of Internal Control
- Control Environment – what message the management sends to its employees about the importance of internal controls. Without proper control environment, all other internal controls suffer;
- Risk Assessment –the management (not the auditors) has to perform the risk assessment because you cannot establish effective internal control procedures if you do not know where your risk is. Otherwise, it is like blindly setting up procedures and you do not want to set up an internal control policy for something insignificant because controls are expensive;
- Control Activities – actual controls that are in place, such as segregation of duties and authorization of transactions. Many companies find implementing internal control analytics to be well worth it.
- Information and Communication – how the information about the results is communicated, who it is communicated to, how it is handled when issues are reported;
- Monitoring – how controls are monitored, for example, companies have an internal audit department who is responsible for doing audits of internal controls. It is an oversight of the process (whether through ongoing activities, such as supervisor checking all other control activities, or through an evaluation) because the management wants to know about internal issues before the auditor comes. Many companies find implementing internal control analytics to be well worth it.
Internal Control Activities
Let’s dive a little deeper into the actual internal control activities in the business.
- A business would have to first establish responsibility because knowing who is accountable for what task and knowing who to contact in certain situations is critical for good internal control.
- Next, you would have a segregation of duties, which is a way of limiting one person’s control over certain tasks within a business. Instead of having one person, multiple employees are given responsibilities. This way one employee’s work can be checked against another’s and there is less risk of errors.
- Another step is implementing physical securities, which everyone can easily see. These are computer passwords, surveillance cameras and door sensors that alert authorities when something goes wrong.
- If accounting records are not reliable, then there is no reason to even have them. This is why maintaining adequate documentation is a control activity. Error-free records can be obtained by putting in place control procedures that require proper documentation of all transactions.
- Independent verification, which involves the process of reconciling information within a business. Having a third-party individual spontaneously conduct verifications can help ensure an objective count of the company’s performance.