Internal Control

Internal Control—Integrated Framework is the standard by which companies design, analyze, and evaluate internal control.4 In this section, the objectives of internal con­trol are described, followed by a discussion of how these objectives can be achieved through the Integrated Framework’s five elements of internal control.

1. Objectives of Internal Control

The objectives of internal control are to provide reasonable assurance that:

  1. Assets are safeguarded and used for business purposes.
  2. Business information is accurate.
  3. Employees and managers comply with laws and regulations.

These objectives are illustrated below.

Internal control can safeguard assets by preventing theft, fraud, misuse, or misplace­ment. A serious concern of internal control is preventing employee fraud. Employee fraud is the intentional act of deceiving an employer for personal gain. Such fraud may range from minor overstating of a travel expense report to stealing millions of dollars. Employees stealing from a business often adjust the accounting records in order to hide their fraud. Thus, employee fraud usually affects the accuracy of business information.

Accurate information is necessary to successfully operate a business. Businesses must also comply with laws, regulations, and financial reporting standards. Examples of such standards include environmental regulations, safety regulations, and generally accepted accounting principles (GAAP).

2. Elements of Internal Control

The three internal control objectives can be achieved by applying the five elements of internal control set forth by the Integrated Framework.5 These elements are as follows:

  1. Control environment
  2. Risk assessment
  3. Control procedures
  4. Monitoring
  5. Information and communication

The elements of internal control are illustrated in Exhibit 2.

In Exhibit 2, the elements of internal control form an umbrella over the business to protect it from control threats. The control environment is the size of the umbrella. Risk assessment, control procedures, and monitoring are the fabric of the umbrella, which keep it from leaking. Information and communication connect the umbrella to management.

3. Control Environment

The control environment is the overall attitude of management and employees about the importance of controls. Three factors influencing a company’s control environ­ment are as follows:

  1. Management’s philosophy and operating style
  2. The company’s organizational structure
  3. The company’s personnel policies

Management’s philosophy and operating style relates to whether management em­phasizes the importance of internal controls. An emphasis on controls and adherence to control policies creates an effective control environment. In contrast, overemphasizing operating goals and tolerating deviations from control policies creates an ineffective control environment.

The business’s organizational structure is the framework for planning and control­ling operations. For example, a retail store chain might organize each of its stores as separate business units. Each store manager has full authority over pricing and other operating activities. In such a structure, each store manager has the responsibility for establishing an effective control environment.

The business’s personnel policies involve the hiring, training, evaluation, compen­sation, and promotion of employees. In addition, job descriptions, employee codes of ethics, and conflict-of-interest policies are part of the personnel policies. Such policies can enhance the internal control environment if they provide reasonable assurance that only competent, honest employees are hired and retained.

4. Risk Assessment

All businesses face risks such as changes in customer requirements, competitive threats, regulatory changes, and changes in economic factors. Management should identify such risks, analyze their significance, assess their likelihood of occurring, and take any necessary actions to minimize them.

5. Control Procedures

Control procedures provide reasonable assurance that business goals will be achieved, including the prevention of fraud. Control procedures, which constitute one of the most important elements of internal control, include the following as shown in Exhibit 3.

  1. Competent personnel, rotating duties, and mandatory vacations
  2. Separating responsibilities for related operations
  3. Separating operations, custody of assets, and accounting
  4. Proofs and security measures

Competent Personnel, Rotating Duties, and Mandatory Vacations A suc­cessful company needs competent employees who are able to perform the duties that they are assigned. Procedures should be established for properly training and supervising em­ployees. It is also advisable to rotate duties of accounting personnel and mandate vacations for all employees. In this way, employees are encouraged to adhere to procedures. Cases of employee fraud are often discovered when a long-term employee, who never took vaca­tions, missed work because of an illness or another unavoidable reason.

Separating Responsibilities for Related Operations The responsibility for re­lated operations should be divided among two or more persons. This decreases the pos­sibility of errors and fraud. For example, if the same person orders supplies, verifies the receipt of the supplies, and pays the supplier, the following abuses may occur:

  1. Orders may be placed on the basis of friendship with a supplier, rather than on price, quality, and other objective factors.
  2. The quantity and quality of supplies received may not be verified; thus, the company may pay for supplies not received or that are of poor quality.
  3. Supplies may be stolen by the employee.
  4. The validity and accuracy of invoices may not be verified; hence, the company may pay false or inaccurate invoices.

For the preceding reasons, the responsibilities for purchasing, receiving, and pay­ing for supplies should be divided among three persons or departments.

Separating Operations, Custody of Assets, and Accounting The responsibili­ties for operations, custody of assets, and accounting should be separated. In this way, the accounting records serve as an independent check on the operating managers and the employees who have custody of assets.

To illustrate, employees who handle cash receipts should not record cash receipts in the accounting records. To do so would allow employees to borrow or steal cash and hide the theft in the accounting records. Likewise, operating managers should not also record the results of operations. To do so would allow the managers to distort the accounting reports to show favorable results, which might allow them to receive larger bonuses.

Proofs and Security Measures Proofs and security measures are used to safeguard assets and ensure reliable accounting data. Proofs involve procedures such as authoriza­tion, approval, and reconciliation. For example, an employee planning to travel on com­pany business may be required to complete a “travel request” form for a manager’s autho­rization and approval.

Documents used for authorization and approval should be prenumbered, ac­counted for, and safeguarded. Prenumbering of documents helps prevent transactions from being recorded more than once or not at all. In addition, accounting for and safeguarding prenumbered documents helps prevent fraudulent transactions from being recorded. For example, blank checks are prenumbered and safeguarded. Once a payment has been properly authorized and approved, the checks are filled out and issued.

Reconciliations are also an important control. Later in this chapter, the use of bank reconciliations as an aid in controlling cash is described and illustrated.

Security measures involve measures to safeguard assets. For example, cash on hand should be kept in a cash register or safe. Inventory not on display should be stored in a locked storeroom or warehouse. Accounting records such as the accounts receivable subsidiary ledger should also be safeguarded to prevent their loss. For example, electronically maintained accounting records should be safeguarded with access codes and backed up so that any lost or damaged files could be recovered if necessary.

6. Monitoring

Monitoring the internal control system is used to locate weaknesses and improve controls. Monitoring often includes observing employee behavior and the account­ing system for indicators of control problems. Some such indicators are shown in Exhibit 4.

Evaluations of controls are often performed when there are major changes in strategy, senior management, business structure, or operations. Internal auditors, who are independent of operations, usually perform such evaluations. Internal auditors are also responsible for day-to-day monitoring of controls. External auditors also evalu­ate and report on internal control as part of their annual financial statement audit.

7. Information and Communication

Information and communication is an essential element of internal control. Infor­mation about the control environment, risk assessment, control procedures, and monitoring is used by management for guiding operations and ensuring compliance with reporting, legal, and regulatory requirements. Management also uses external

information to assess events and conditions that impact decision making and external reporting. For example, management uses pronouncements of the Financial Account­ing Standards Board (FASB) to assess the impact of changes in reporting standards on the financial statements.

8. Limitations of Internal Control

Internal control systems can provide only reasonable assurance for safeguarding as­sets, processing accurate information, and compliance with laws and regulations. In other words, internal controls are not a guarantee. This is due to the following factors:

  1. The human element of controls
  2. Cost-benefit considerations

The human element recognizes that controls are applied and used by humans. As a result, human errors can occur because of fatigue, carelessness, confusion, or misjudgment. For example, an employee may unintentionally shortchange a customer or miscount the amount of inventory received from a supplier. In addition, two or more employees may collude together to defeat or circumvent internal controls. This latter case often involves fraud and the theft of assets. For example, the cashier and the accounts receivable clerk might collude to steal customer payments on account.

Cost-benefit considerations recognize that the cost of internal controls should not exceed their benefits. For example, retail stores could eliminate shoplifting by search­ing all customers before they leave the store. However, such a control procedure would upset customers and result in lost sales. Instead, retailers use cameras or signs saying “Weprosecute all shoplifters.”

Source: Warren Carl S., Reeve James M., Duchac Jonathan (2013), Corporate Financial Accounting, South-Western College Pub; 12th edition.

2 thoughts on “Internal Control

  1. Bruce says:

    Superb site you have here but I was curious about if you knew of any community forums that cover the same topics
    talked about here? I’d really love to be a part of online community where I can get comments from other knowledgeable people that share the same interest.
    If you have any suggestions, please let me know. Cheers!

  2. Louann says:

    Thanks for one’s marvelous posting! I quite enjoyed reading it, you happen to be a great author.
    I will make certain to bookmark your blog and will eventually come back later on. I want to encourage one to
    continue your great writing, have a nice evening!

Leave a Reply

Your email address will not be published. Required fields are marked *