Internal controls are methods put in place by a company to ensure the integrity of financial and accounting information, meet operational and profitability targets, and transmit management policies throughout the organization. Internal controls work best when they are applied to multiple divisions and deal with the interactions between the various business departments.
The purpose of internal controls is to minimize or control risks. As such, internal controls play an important role in detecting and preventing fraud in and organization. They are also the means by which a company protects its resources. This includes both physical resources such as machinery and property and intangible resources such as reputation or intellectual property.
Types of Internal Controls
Preventive Controls are designed to discourage errors or irregularities from occurring. Internal controls best work on the principle, ‘Prevention is better than cure’.They are proactive controls that help to ensure departmental objectives are being met. Examples of preventive controls are:
- Segregation of Duties: Duties are segregated among different people to reduce the risk of error or inappropriate action. Normally, responsibilities for authorizing transactions (approval), recording transactions (accounting) and handling the related asset (custody) are divided.
- Approvals, Authorizations, and Verifications: Management authorizes employees to perform certain activities and to execute certain transactions within limited parameters. In addition, management specifies those activities or transactions that need supervisory approval before they are performed or executed by employees. A supervisor’s approval (manual or electronic) implies that he or she has verified and validated that the activity or transaction conforms to established policies and procedures.
- Security of Assets: Access to equipment, inventories, securities, cash and other assets is restricted; assets are periodically counted and compared to amounts shown on control records.
Detective Controls are designed to find errors or irregularities after they have occurred. Examples of detective controls are:
- Reviews of Performance: Management compares information about current performance to budgets, forecasts, prior periods, or other benchmarks to measure the extent to which goals and objectives are being achieved and to identify unexpected results or unusual conditions that require follow-up.
- Reconciliations: An employee relates different sets of data to one another, identifies and investigates differences, and takes corrective action, when necessary.
- Physical Inventories
Coupled with preventive and detective controls, corrective controls help mitigate damage once a risk has materialized.
- Document policies and procedures
- Enforce them by means of warnings and employee termination when appropriate
- Wisely back up data to enable restoring a functioning system in the event of a crash. If a disaster strikes, business recovery can take place when an effective continuity and disaster management plan is in place and followed.
Compensation can take place to an extent only. However, compensative internal control procedures should be adopted at the earliest.
- Rad through the detailed transaction report- Track exactly where the error originated and drive a backlink.
- Perform analytical reviews- Do a thorough analysis and plug all loopholes.
- Reassign reconciliation- Shuffle the assignee for performing reconciliation task.
Internal control is an extremely important and efficient tool to keep in line the functionalities of an organization. In this fast-moving world, if internal controls are not in place, a robust external control system will also not suffice.
However, as a manual process based on written procedure, documents and spreadsheets, it is time-consuming and inefficient. In comparison, an internal control system implemented in software adds structure and automation to an otherwise theory-based concept. One such software tool is provided by VComply. It adds the processes that faith and good intentions alone will be hard-pressed to meet and therefore a computerized internal control system is an important and even essential tool in getting the organization’s system of internal control working in an optimal way.Add to favorites