Chapter 3

Systems security and

internal controls
Accounting System Analysis and Decision
 What is Internal control system

• The internal control structure of a company consists of the

policies and procedures established to provide reasonable
assurance that specific entity objectives will be achieved.

• The internal control system differs from one business

organization to another depending on the nature and size of the
business.

• The internal control system is introduced to avoid errors and

frauds and for systematic control of business activities.
 Importance of Internal Control System
in Accounting
 The Turnbull Report, first published in 1999, defined internal
control and its scope as follows:

 ‘The policies, processes, tasks, behaviors and other aspects of

an organization that taken together:

 To facilitate effective operation by enabling it to respond in an

appropriate manner to significant business, operational,
financial, compliance and other risks to achieve its objectives.
This includes safeguarding of assets and ensuring that
liabilities are identified and managed.

McGraw-Hill © 2004 The McGraw-Hill Companies, Inc. All rights reserved.

 Importance of Internal Control System
in Accounting
 To ensure the quality of internal and external reporting, which
in turn requires the maintenance of proper records and
processes that generate a flow of timely, relevant and reliable
information from both internal and external sources.

 To ensure compliance with applicable laws and regulations and

also with internal policies.’

 To facilitating efficient operations implies improvement, and,

properly applied, internal control processes add value to an
organization by considering outcomes against original plans
and then proposing ways in which they might be addressed.

McGraw-Hill © 2004 The McGraw-Hill Companies, Inc. All rights reserved.

Objectives of internal control
 Efficient conduct of business

 Safeguarding assets

 Preventing and detecting fraud and other unlawful acts

 Completeness and accuracy of financial records

 Timely preparation of financial statements

 Comply with applicable laws and regulations

 Reassure investors
 Common control procedures
 Separation of Duties

 Access Controls

 Physical controls

 Management controls

 Authorization and approval limits

 Asset Audits

 Standardize the financial documents format or template

 Reconciliations

 Data Backups
 Separation of Duties
 To minimize the risk of errors and fraud, duties associated with cash
handling are often segregated.

 Assigning specific duties to each employee that divides accounting

responsibilities is a basic control system to ensure that the people
responsible for financial reporting are separate from the people tasked with
making cash deposits and asset purchases.

 Because fraud can occur at any level of an organization separation of duties

is crucial at not just the top, among executive leadership, but at every step of
the organizational hierarchy.
 Access Controls
 Setting permission levels to safeguard data and physical assets is one of the
most routine controls businesses use because they are so easy to implement.
In password-protected areas, secure passwords and two-step authentication
procedures make it difficult for employees to use others’ login credentials.

 Additionally, changing passwords frequently enables access controls to

remain steadfast over time.
 Physical controls
 These controls include restrictions on access to buildings, specified office or
factory areas or equipment, such as turnstiles at the entrance to the
premises, swipe cards and passwords. They also include physical restraints,
such as fixing non-current assets to prevent removal.
 Management controls
 These controls are operated by managers themselves.

 A manager may be required as part of their job to consider differences

between planned outcomes and actual performance. Performance
management of subordinates is also an integral part of many managerial
positions
 Authorization and approval limits
 Many employees must adhere to authorization limits, and these will usually
be specified in the terms of employment.

 Designating managers to be responsible for transaction authorizations is an

internal control function that funnels purchase decisions through the most
trusted employees. Authorizations may be required for large payments,
unusual expenses, and unexpected cost increases.
 Asset Audits
 Manually counting assets in this manner is crucial because fraud can occur
off the books to bypass financial report audits.

 However, asset audits are not simply electronic in nature – they also include
physical audits. Any time a cash drawer is tallied, or raw material counts are
verified, an asset audit is being performed. These on-site audits should be
performed regularly to ensure financial accuracy.
Standardize the financial documents
format or template
 Creating and using the same templates for estimates, invoices,
purchase orders, funding requests, receipts, and expense reports
creates comparability across like items during an audit.

 Standardizing financial documents creates consistency, which

makes it easier during the auditing process. While some reports like
a balance sheet or P&L statement have a standard format, other
documents can vary substantially between business teams.
Reconciliations
 Financial audits like cash reconciliations are performed regularly to
verify that actual balances match accounting balances. Differences
can be analyzed and investigated, where necessary, to result in
accurate financial reports.

 Furthermore, performing regular reconciliations informs strategic

business decisions and day-to-day operations.
Comply with applicable laws and
regulations
 Internal control becomes effective only when compliance with
organization policies and laws of the country is ensured.

 organizations have to implement performance standards in relation

to compliance. This may be to satisfy the demands of external
regulators, or to operate to pre-determined internal standards
Data Backups
 Backing up computer files to the cloud safeguards data from loss
when computers become corrupted or servers fail.

 Data backups are the most forgotten internal accounting control

system. Because accurate financial data requires technological
interaction between platforms, loss of financial inputs can skew
reporting and muddle audits.
Responsibility for Internal Control
System
 It is the general responsibility of all employees, officers,
management of a company to follow the internal control system.

 The under-mentioned three parties have definite roles to make

internal control system effective:

1) Management

2) Board of Directors

3) Auditors
Internal audit
 Internal audit may be defined as an independent appraisal function
established within an organization to examine and evaluate its
activities as a service to the organization.

 Internal audit supports management in the effective discharge of

their responsibilities. To this end, internal audit furnishes
management with analyses, appraisals, recommendations, counsel
and information concerning the activities reviewed.
Internal audit & Internal Control
 Internal audit is an internal but independent assurance function.
While internal auditors are usually employees of the organization,
they should operate independently of management so that their
analyses, judgments and reports are free from bias or undue
influence.

 The head of internal audit should report to the board of directors, or

to the audit committee. Some organizations reinforce independence
by outsourcing the internal audit function to professional external
firms.
The End