Sei sulla pagina 1di 64


What is Internal Control?
Internal control is the process of monitoring the
accounting practices and operations of the organisation.

This process is implemented by the Board of Directors,

management and other personnel and is designed to
ensure that operations are effective, i.e. proper
financial reporting and compliance with applicable laws
and regulations are adhered to.
What is an internal control system?
An internal control system includes all the procedures
and policies taken by an entity to safeguard assets and
ensure accuracy of financial records.

It is not only related to the accounting process but also

the internal and external communication process of the
Objectives of a control system
The objectives of a control system includes:
To identify the social and ethical issues in financial
To comply with the companys policies, regulations and
government laws.
To provide reasonable assurance that the companys goals
and objectives are achieved.
To assess the operating effectiveness of the organisation
and its structure.
To discourage occurrence of errors or irregularities.
Internal control pyramid
Internal control cont.
A successful business is dependent on employees
individual attributes (i.e. integrity, ethical values and
competence) and the working environment in which
they operate. The levels of control include:
Environmental control
Risk assessment
Control activities and monitoring.
Internal control ~ environmental control
Environmental control this is concerned with
setting the foundation and the tone of an organisation.
i.e. influencing the control consciousness of its people.

It is the foundation for all other components of internal

control, providing discipline and structure.
Internal control ~ risk assessment
Risk assessment forms the basis of how risks should
be managed. The organisation needs to design its
activities control to ensure harmony with risk

Policies and procedures must be re-examined to ensure

that essential actions to achieve the organisations
objectives are effectively carried out and that
unnecessary activities are eradicated.
Internal control ~ activities control
Activities control this involves policies and
procedures that implement management directives.
Once this is established, monitoring is necessary to
assess the quality of internal control performance over
Internal control cont.
While review is being undertaken, it is pertinent to
implement information and communication systems
to enable the employees to capture and exchange the
appropriate information needed to manage their
operations effectively.

Internal control must have clearly defined goals and

should consist of inter-related components which acts in
unison to achieve those goals. It is the responsibility of
management to establish a viable internal control
mechanism and continuous reinvention should be
undertaken to improve efficiency.
Internal Control contd.
The company may create a simple manual outlining
accounting practices and policies for handling:
financial transactions
describing the administrative tasks
defining responsibilities of the staff members.

** Periodical review and update of the manual is

important to improve efficiency within the organisation.
Internal Control contd.
There are varying guiding principles that governs the
internal control process within an organisation.
Internal control ~ Segregation of duties
This principle requires that the person who is
responsible for an asset is NOT the one responsible to
maintain the accounting records of that asset.

Once this principle is observed, the custodian of the

asset cannot misappropriate the asset and the record
keeper has no reason for falsifying the record.
Internal control ~ Adequate documentation
Proper record is essential and provides a mean of
control. Poor records may result in confusion, laxity
and may increase theft.

Proper documentation verifies that a transaction took

place. And as a result, the documents should assure
that the assets accounted for and the basis for
accounting is followed. Documents should be:
Prepared on the date of transaction
Clear and simple
Designed for multiple use
Internal control ~ independent internal verification
The workload should be divided among individuals or
departments. It should be done in such a manner that
the work of one person acts as a check on that of
Internal control ~ Proper authorization
Authorization is the process of giving someone
permission to do or have something.

Transactions should be executed according to

managements general or specific permission.
General authorization/ permission these are policies
made by management for their employees to use daily.

Specific authorization/ permission these will be

used based on a particular situation.
Internal control ~ competent personnel
Proper responsibilities must be established to be able to
achieve accountability. Where there are shared duties,
one person should be made responsible in the event
that something goes wrong, it may not be difficult to
determine who is at fault.
Internal control ~ physical safeguard of asset
There are various physical, mechanical and electronic
devices to safeguard assets. These are essential and
used whenever practicable: for example, physical
counts are used to safeguard assets against theft and
pilferage whereas mechanical and electronic controls
are used to safeguard assets and enhance the accuracy
and reliability of accounting records.
Internal control ~ rotation of employees
Employees should be rotated frequently in order to
prevent them from becoming too familiar or comfortable
in a particular post as this may increase the possibility
of attempting to commit and/or cover up fraud.
Internal Control cont.
It is important that management implement an effective
internal control over its assets. These includes:
Inventories (stock) items that are intended to be sold in the
ordinary course of business.
Accounts receivable (debtors)
Accounts payable (creditors)
Internal control for inventory
Inventories (stock) are vital to organisations as they are
considered revenue generators. As a result, it is
important to implement mechanisms to protect (control)
the profit bearing aspects of the company.

Inventory control in an organisation is concerned with

managing the purchases, receipts, sales and stock taking.
Internal control for inventory
To ensure that inventories are controlled when
purchases are made, the company should adhere to the
A purchase requisition must be filled out for order which
must be approved by the relevant authorities.
When items are received, checks should be made against
original orders to ascertain if the goods received were the
ones ordered.
An invoice should be submitted to the accounts department
to update their records and to facilitate payment to the

** List non-exhaustive, policies and procedures may be

dependent on the organisation.
Internal Control for inventory
In order to generate revenues companies will need to
make sales for the inventory in stock. The following steps
may be taken to facilitate effective control when goods are
being sold:
When a request is made by a customer to obtain a particular
product, it is vital to check the warehouse for the availability
of those inventories.
When order is confirmed, inventory should be sent to
despatch department (if there is one)
An invoice should be prepared by the accounts department to
be sent to the customer.
Internal control for inventory
1. Storage of inventories should only be readily
accessible by authorised employees and should be
kept under lock and key.

2. The transfer of goods into the warehouse should be

closely monitored and documented by administration
and verified by the stores manager.

3. The use of barcodes or electronic sensors should be

used to prevent theft.
Internal control for inventory
4. A stock taking process should be undertaken to track
movement of inventories; this will enable the
company to know the quantity of stock on hand and
also to make decisions about slow-moving

5. The use of security guards can aid in the prevention

of unauthorized removal of goods from the premises.
Persons taking goods from the compound should have
proper documents supporting its removal.
Internal control for inventory
6. The use of perimeter fence is needed to prevent the
theft of goods located in a stockyard. It prevents easy
access by unauthorized persons and vehicles to such

7. The use of identity badges to recognize employees

from outsiders especially when they enter secured

8. Administration should ensure that documentation is

prepared and secured.
Internal control for cash
Cash is considered one of the most important resources
of the organisation. As a result, it should be monitored
to ensure that there is always enough cash available to
carry out the objectives of the organisation.

Cash includes currency, coins and notes as well as

money orders and the amounts in the chequing and
savings accounts.
Internal control for cash
Due to the fact that cash is susceptible to theft and
embezzlement, management in implementing various
internal controls, attempts to:
Account for all the cash transactions accurately

Ensure that there is sufficient to pay bills and obligations

when they fall due

Avoid holding too much idle cash since excess cash can be
invested elsewhere to generate additional revenue

Prevent the loss of cash due to theft and/or fraud.

Internal control for cash
The fact that all assets should be protected from theft,
cash requires additional protection as it is easily
concealed and more desirable than most assets.

Cash can be protected by applying these basic

principles within the organisation:
reliable employees are recruited (by screening).
cash transactions are recorded immediately (payments,
lodgements etc.)
different persons should be assigned to receive, record
and have custody (control) of the cash.
Internal control for cash
Documentation should be presented to give supporting
evidence to the receipt of cash
Cash should be kept in vaults for safekeeping
Daily check off should be undertaken.
Internal Control for cash
For smaller payments, the company may use a petty
cash system and it is important that this is treated with
the same level of care as large payments.
Vouchers should be filled out which should be attached to
the original invoice or receipt

For cash receipts, deposit slips should be kept as it

records the amount deposited, the date and the bank
account number. This should be checked off against the
bank statements when received and if there are any
errors, reconciliation should be undertaken.
Internal control for cash
For cheque payments, due process should be followed
which may take the following form:
cheques should be kept under lock and key
there should be more than one authorised signature
supporting documents should be made available to
approving officer (payment approval)
Spoilt and void cheques should be defaced and retained.
Internal control for Accounts Receivable
Organisations may engage in business activities on credit
by purchasing or selling products without paying or
receiving cash immediately. As a result, it is important
that measures are in place to collect monies when they
become due. To achieve this, managers should ensure
Credit is only given to trustworthy customers
Debtors should be reminded at intervals regarding their
Employees who directly handle credit customers should have
no direct access to cash received
Proper checks should be made to ensure that bad debts are
monitored and written off when necessary.
Internal control for Accounts payable
As managers we have to ensure that the company has
mechanisms in place to make payments when they
become due. This can be facilitated by:
Ensuring that employees handling payable records do not
handle disbursement to creditors.
Cash payments should be made as soon as they become due
Ensure monies are stowed away (retained earnings) to
facilitate bill payment
Benefits of internal control
Internal control systems are tools used to mitigate risks,
prevent fraud and errors, increase financially reliable
information, safe keep companys assets and records and
ensures that organisational policies, laws and regulations
are adhered to.
End of chapter questions
Question 1
Internal controls promote accurate information, help an
organization ensure compliance with applicable laws
and regulations and safeguard organizational assets. As
a result, internal controls are important even in small

List and briefly describe FIVE internal control practices

relating to cash, which would be carried out even in a
small business having little opportunity for the
separation of duties.
End of chapter questions (contd)
Question 2
You have just begun an assignment with a new company
and you are discussing with the owner of the company her
need for a good internal control system.

Answer the following questions which were posed to you

during the discussion:
i. What is the meaning of the term internal control?
ii. What is the role of internal control in a business
iii. Why are internal controls important for inventory
iv. Identify TWO internal controls that should be put in
place for accounts receivable (debtors).
End of chapter questions (contd)
Question 3
Stephanie Sealy has recently been hired as manager
of the Big Banana Restaurant, which has stores
located at the seaport and airport of Any Island in
the Caribbean. During her first month, she visits
both locations and observes the following internal
control situations.
Each store has one cash register. In any one shift, the
same employee takes the customer order, accepts
payment and then prepares the order.
End of chapter questions (contd)
2. Since only one employee uses the cash register, that
employee is responsible for counting the cash at the
end of the shift and verifying that the cash in the
drawer corresponds to the amount of sales recorded by
the cash register.

3. Stephanie sees an employee putting two cases of beer

in his car. Not to cause a scene, she simply says to
him, I dont think you are putting those cases on the
right shelf. Dont they belong inside the restaurant?
The employee returns the cases to the stockroom.
End of chapter questions (contd)
For EACH situation described above:
I. Outline the weakness in internal control.

II. Explain the changes that are required in order to

strengthen internal control.
Internal vs. External auditors
Internal vs. External Auditor
External Auditor Internal Auditor

Has a specific scope to review Reviews how adequate the

the companys financial internal design is within the
statements organisation.

Detect fraud and reviews the Evaluates various risks the

financial statements to give organisation may be subject
an opinion of those to.
Internal vs. External Auditor
Internal External
Appointment Hired by managers Hired by shareholders
through the BOD

Relationship Hired on a permanent Hired for the special

basis assignment

Scope of work Reviews the efficiency Examines records to

and effectiveness and ensure that appropriate
allegations of fraud laws, regulations and

Rules to follow Responsibilities decided Application of IAS and

by management guidelines
Internal vs. External Auditor
Internal External
Frequency Quarterly or as needed Annually
Qualification Can be trained Qualified professionals

Accountable to Board of Directors Shareholders

Responsibility Decided by management Fixed by company law and


Operations Works objectively and Works independently of the

independently of corporation and
employees but depended management
on the organisation
Who is an external auditor?
An external auditor checks if the companys accounts are
drawn up in accordance to the legal framework and
accounting standards.

The external auditor is obliged to report to the

shareholders on the accounts presented by the directors
at the annual general meeting and on the accounting and
other records relating to those accounts.

The external auditor must have an understanding of the

internal accounting system and related internal control to
identify areas of weakness or to handle errors or fraud.
Who is an internal auditor?
An internal auditor is responsible to examine and
evaluate the financial and information system of the
organisation. They review the internal controls to
ensure that records are accurate and control
mechanisms are adequate to protect against fraud and
waste of resources.

At the end of the audit period, the internal auditor

should identify weaknesses and make
recommendations for improvement.
Types of Audit
Operational audit reviewing any part of the entitys
operating procedures and methods for the purpose of
evaluating efficiency and effectiveness.

Compliance audit this is undertaken to determine

whether the entity is following specific procedures or
rules set down by some higher authority.

Audits of financial statements this entails

examining transactions and financial statements to
determine whether the overall financial statements are in
accordance with the GAAP.
Audit of financial statements
Auditing financial statements include:
Testing the accounting records
Testing the internal control systems

An audit committee may be established to ensure that the

company is adhering to the guidelines set out by the
company. It comprises of the Board of Directors that
oversees the internal accounting controls, financial
statements and financial affairs of the company.
Class Activity
Internal and external auditors often liaise on various
matters but there are differences between their roles.

Copy and complete the following table which compares

and contrasts the scope and objectives of the work of
internal auditors for a public company with those of
external auditors.
Class Activity (contd)

Internal Auditors External Auditors

Appraise the effectiveness with which Give an opinion on the fair presentation
organisational units of
.. .

Report to ..... Report to

Study and evaluate accounting and Limit themselves to reviewing

administrative accounting controls as they affect the
.... figures on the

Independent of the company they

Employees of the ..
Impact of technology in accounting

Computerized Manual
Accuracy Errors are minimized Tendency to make
Subjectivity Lower level High level
Detecting mistakes Easily detected Difficult and time
Information storage Software available to Time-consuming
and retrieval hasten process
Security of information Password protected, Limited to physical
encryption code etc. security
Skill needed Computer literacy Training in the area
Impact of technology in accounting

Computerized Manual

Recording frequency Less frequently Daily update to prevent


Processing volume Short time completion Heavy workload

Processing speed Analyses quickly Needs more time

Cost High initial cost that High constant costs

reduces over time because of manual
Electronic data processing (EDP)
EDP refers to processing business data by using a
computer and its programs in an environment involving
electronic communication. It is sometimes referred to as
an Information System (IS) or a Management
Information System (MIS).

Information Systems this comprises of an integrated set

of components for collecting, storing, and processing data
to retrieve and analyse information for decision making in
the organisation.
EDP (contd)
Management Information System this is a more organised
method of providing each manager with all the data he
needs for decision making.

It is important that managers employ persons who have

integrity to handle the computerised systems within an
organisation. Once an electronic system is in place there will
be an increased need for internal controls.
Protocols for a proper EDP
Physical security having these in place will prevent
unauthorised persons from having access to the

Software to create documents the managers could

seek out the software which will be most efficient for
the entity. Before implementation management should
ensure to assess the trustworthiness of it.

Direct data security information must be tailored to

suit the profile of the user.
Protocols for a proper EDP
Access level managers should determine how
information each personnel should be exposed to.

View rights an important decision should be made on

whether users have the right to add or delete information
on himself or others.

Back-ups in the event there is a disaster, can the

information be retrieved? Management has to ensure that
there are alternative ways for securing information.
Protocols for a proper EDP
Archiving electronic filing systems can store a great
amount of information and there might be the tendency to
retain even those information that is obsolete.
Management should decide on the tenure (how long) these
files should be kept.
EDP contd.
Significant measures to strengthen internal control in an
EDP environment:
Implement appropriate user ID and passwords for all users
Establish an audit trail of preference and routine review of
the audit trail report
Setting a closing date and the closing date password
Preparing meaningful budgets and periodical review of
actual-to-budget comparison
Backing up data files on a daily basis and ensuring that
backups are stored off site.
End of chapter activity
Outline FIVE ways in which accounting information in
an Electronic Data Processing (EDP) environment can
be controlled.