The purpose of this article is to provide an overview of internal control, with particular emphasis on topics relevant to Part C of the BT/FBT syllabus. The article will focus on the following learning objectives, as set out in section C6 of the study guide: Show
a) Explain internal control and internal check
Definition and purposes of internal controlThe Turnbull Report, first published in 1999, defined internal control and its scope as follows: ‘The policies, processes, tasks, behaviours and other aspects of an organisation that taken together: Facilitate effective operation by enabling it to respond in an appropriate manner to significant business, operational, financial, compliance and other risks to achieve its objectives. This includes safeguarding of assets and ensuring that liabilities are identified and managed. Ensure the quality of internal and external reporting, which in turn requires the maintenance of proper records and processes that generate a flow of timely, relevant and reliable information from both internal and external sources. Ensure compliance with applicable laws and regulations and also with internal policies.’ Turnbull’s explanation focuses on the positive role that internal control has to play in an organisation. Facilitating efficient operations implies improvement, and, properly applied, internal control processes add value to an organisation by considering outcomes against original plans and then proposing ways in which they might be addressed. At the same time, Turnbull also conceded that there is no such thing as a perfect internal control system, as all organisations operate in a dynamic environment: just as some risks recede into insignificance, new risks will emerge, some of which will be difficult or impossible to anticipate. The purpose of any control system should therefore be to provide reasonable assurance that the organisation can meet its objectives. Objectives of internal controlInternal control should have the following objectives: Efficient conduct of business: Safeguarding assets: Preventing and detecting fraud and other unlawful acts: Completeness and accuracy of financial records: Timely preparation of financial statements: Responsibilities for internal controlIn many smaller, unincorporated businesses such as sole traders and unlimited partnerships, the responsibility for internal controls often lies with the owners themselves. In most cases, the owners are fully engaged in the business itself, and if employees are engaged, it is usually within the capability of the owners to remain fully aware of transactions and the overall state of the business. As organisations grow, the need for internal controls increases, as the degree of specialisation increases and it becomes impossible to remain fully aware of what is going on in every part of the business. In a limited company, the board of directors is responsible for ensuring that appropriate internal controls are in place. Their accountability is to the shareholders, as the directors act as their agents. In turn, the directors may consider it prudent to establish a dedicated internal control function. The point at which this decision is taken will depend on the extent to which the benefits of function will outweigh the costs. The directors must pay due attention to the control environment. If internal controls are to be effective, it is necessary to create an appropriate culture and embed a commitment to robust controls throughout the organisation. Generic control categoriesControls and be categorised in many different ways. Figure 1 described five categories that are often used. Figure 1: Categories of controls Internal controls can be: Mandatory or voluntary: Discretionary or non-discretionary: Manual or automated: General controls or application controls: Common control proceduresPhysical controls: Authorisation and approval limits: Segregation of duties: Management controls: Arithmetic and accounting controls: Human resources controls: Internal checkInternal check is a system through which the accounting procedures of an organisation are so laid out that the accounts procedures are not under the absolute and independent control of any person. The work of one employee is complementary of that of another, enabling a continuous audit of the business to be made. The essential elements of an internal check are:
Internal auditDefinition and purposes of internal audit: Internal audit supports management in the effective discharge of their responsibilities. To this end, internal audit furnishes management with analyses, appraisals, recommendations, counsel and information concerning the activities reviewed. Objectives of internal auditThe formal objectives of internal audit may include some or all of the following:
Why internal audit necessary?The importance of internal audit was highlighted by the Turnbull Report. It states that listed public companies that do not have an internal audit function should review the need to have such a function at least annually. Turnbull goes on to state that listed public companies that do have an internal audit function should review the scope, authority and resources of this function at least annually. Turnbull suggests that the need for the internal audit function will depend on several factors. These include:
Internal audit and internal controlInternal audit is an internal but independent assurance function. While internal auditors are usually employees of the organisation, they should operate independently of management so that their analyses, judgements and reports are free from bias or undue influence. The head of internal audit should report to the board of directors, or to the audit committee. Some organisations reinforce independence by outsourcing the internal audit function to professional external firms. Internal audit testing is the internal assessment of internal controls and as such is a management control to ensure compliance and conformity of internal controls to pre-determined standards. Key risks: Financial and operating information: Compliance: Types of auditIn the course of their duties, internal auditors may carry out various types of audit. These include the following: Operational audits may be concerned with the efficiency of the organisation’s activities. They consider performance relative to pre-determined criteria. Systems audits are used to test and evaluate controls as described in the last section. They test whether the controls can be relied upon to ensure that resources are allocated and managed effectively. They also test whether the information provided by the organisation’s systems is accurate. Compliance tests verify whether internal controls are being applied in a proper manner. Substantive tests verify the accuracy of figures, and can be used to identify errors and omissions. A transactions or probity audit is concerned with detecting fraud and other types of criminal or unlawful behaviour. However, it can also be extended to matters relating to fairness of dealings, impartiality, accountability and transparency, sometimes considered to be within the scope of social audit. Generally, social audit may be concerned with any matters relating to governance. Written by a member of the BT/FBT examining team Which of the following in not a control activity in accounting?Answer and Explanation: Management integrity is related to the ethical behavior of the management of a company, it is not a control activity. It is helpful in prudent and ethical decision-making related to both financial and non-financial operations.
What are controlling activities in accounting?Control activities – Control activities are the policies and procedures that help ensure management directives are carried out. They include a range of activities as diverse as approvals, authorizations, verifications, reconciliations, reviews of operating performance, security of assets and segregation of duties.
What are the four types of control activities?Key Internal Control Activities. Segregation of Duties. Duties are divided among different employees to reduce the risk of error or inappropriate actions. ... . Authorization and Approval. ... . Reconciliation and Review. ... . Physical Security.. What are the 6 types of control activities?The six principles of control activities are: 1) Establishment of responsibility, 2) Segregation of duties, 3) Documentation procedures, 4) Physical controls, 5) Independent internal verification, 6) Human resource controls.
|