 Internal Control

Internal control is a process designed to provide reasonable assurance regarding the

achievement of objectives related to operations, reporting, and compliance. In more detail, it
consists of all the related methods and measures adopted within an organization to safeguard
assets, enhance the reliability of accounting records, increase efficiency of operations, and
ensure compliance with laws and regulations. Internal control systems have five primary
components as listed below.
• A control environment. It is the responsibility of top management to make it clear that the
organization values integrity and that unethical activity will not be tolerated. This component is
often referred to as the “tone at the top.”
• Risk assessment. Companies must identify and analyze the various factors that create risk for
the business and must determine how to manage these risks.
• Control activities. To reduce the occurrence of fraud, management must design policies and
procedures to address the specific risks faced by the company.
• Information and communication. The internal control system must capture and
communicate all pertinent information both down and up the organization, as well as
communicate information to appropriate external parties.
• Monitoring. Internal control systems must be monitored periodically for their adequacy.
Significant deficiencies need to be reported to top management and/or the board of directors.

 Principles of Internal Control

Internal control is based on the following principles:

1. Principle of Segregation or Separation

Financial and accounting operations must be separated, i.e., handling of cash and the recording of the
movement thereof should be done by different persons.

2. Principle of Responsibility

Responsibility for the performance of the job must be clearly stated so that there may be no room for
doubt or confusion subsequently.

3. Principle of Skepticism

Too much confidence should not be pinned on one individual. Nearly all frauds have been committed by
trusted officials or employees.

4. Principle of Rotation

Mustafiz Rahman Farhad

The rotation principle relating to the transfer of an employee from one job to another should be the
inflexible guiding rule.

5. Principle of Review

The work should be so arranged that work done by one employee should be promptly checked by
another independent employee.

6. Principle of Clarification

Clear and well-defined rules should be laid down and practically followed, relating to dealing with cash,
ordering, receiving and issuing goods, etc.

7. Principle of Documentation

The arrangement of the work should be in such a manner that a written record of the part played by
each employee should be maintained, and the work should pass through several hands in a well-defined
manner.

 What are the Limitations of Internal Controls?

A system of controls does not provide absolute assurance that the control objectives of an organization
will be met. Instead, there are several inherent limitations in any system that reduce the level of
assurance. These inherent limitations are as follows.

 Collusion

Two or more people who are intended by a system of control to keep watch over each other could
instead collude to circumvent the system. Since this essentially eliminates a control, the probability of
losses being incurred is greatly increased.

 Human Error

A person involved in a control system could simply make a mistake, perhaps forgetting to use a control
step. Or, the person does not understand how a control system is to be used, or does not understand
the instructions associated with the system. This may be caused by the assignment of the wrong person
to a task.

 Management Override

Someone on the management team who has the authority to do so could override any aspect of a
control system for his personal advantage.

 Missing Segregation of Duties

A control system might have been designed with an insufficient segregation of duties, so that one
person can interfere with its proper operation.

Consequently, it must be accepted that no system of internal controls is perfect. There is always a way in
which it can fail or be circumvented.

Mustafiz Rahman Farhad

  Evaluation of internal control/Need for evaluation of internal control (not
so important)

 Methods of Evaluating Internal Control System

The following are the methods of evaluating internal control system:
1. Narrative Record or Memorandum Approach: It is a complete and exhaustive
description of the system. It is appropriate in circumstances where a formal
control system is lacking, like in case of small businesses. Gaps in the control
system are difficult to identify using a narrative record.
2. Check List: It is a series of instructions that a member of the audit staff is
required to follow. They have to be signed initiated by the audit assistant as proof
for having followed the instructions given. A specific statement is required for
every weakness area.
3. Flow Chart: It is a pictorial representation of the internal control system
depicting its various elements such as operations, processes and controls, which
help in giving a concise and comprehensive view of the organization’s working to
the auditor. A complete flow chart would depict the process of raising documents,
personnel involved in doing so, the flow of documents through various
departments, maintenance of records, flow of goods and consideration, and
dealing with results. The internal control evaluation process becomes easier
through a flow chart as a broad picture of all the controls involved can be gauged
in a glimpse.
4. Internal Control Questionnaire: This is the most widely used method for
collecting information regarding the internal control system and involves asking
questions to various people at different levels in the organization. The
questionnaire is in a pre-designed format to ensure collection of complete and all
relevant information=. The questions are formed in a manner that would facilitate
obtaining full information through answers in “Yes” or “No’’.
 Internal Check- book
 Evaluative criteria for good internal check- book
 Internal Audit- book

 Advantage of Internal Audit

Mustafiz Rahman Farhad

1] More Effective Management

One of the biggest benefits of an internal audit is that it facilitates more effective
management of the organization.

The internal auditor will be able to point out any weaknesses of the organization in the
operations or internal controls of the company.

So the management can use these insights to better the chances of achieving their
goals.

2] On going Review

The process of internal audit gives the organization a unique opportunity to conduct a
review of the performances in the ongoing year itself.

They do not have to wait for the end of the year to review the company’s performance.
This also means that if they are not on the correct path, this will help them change
course and correct their mistakes immediately.

3] Performances of Staff Improve 

The staff of the company remains alert and active. This is because there is the fear of their mistakes
being caught by the internal auditor almost immediately.

This will help improve their efficiency and performance. Also, they do not attempt to defraud the
company for the same reasons. And on the other hand, it is a good morale booster for honest
employees.

4] Ensures Optimum Use of Resources 

One other benefit of the process of internal control is that it can be used as a tool to promote the
optimization of resources. It will help point out the areas in which resources are being underutilized
or wasted. And then these can be corrected. It will help control the costs and expenses of the
company.

5]  Division of Work

Internal audit helps promote the division of labor. It is important to keep a check on and observe the
activities of all the departments and all of their employees. Division of labor will help in achieving
this.

Mustafiz Rahman Farhad

6] Security.

Internal audits scrutinize your cybersecurity environment, counting all your digital devices, for
instance, and examining whether they are secured in line with your policies. They also look for
vulnerabilities in your digital systems and networks and advise on how to close gaps.

7] Integrity.

Headline-grabbing cases of fraud at the turn of the 21st century—fraud involving major companies
including Enron—were the impetus behind the COSO framework. As a result of the scandal, Enron
went bankrupt. Caveat emptor: People aren’t always honest. Also: to err is human. Internal audits
analyze and scrutinize your financial statements and verify their accuracy and integrity.

8] Reduced risk.

Internal audits consider all the identified risks to your enterprise and analyze whether your risk
mitigations are working as they should. Where they aren’t, audit reports will tell you what you need to
do to resolve the issue.

9] Improved compliance.

Internal audits check the laws, regulations, and industry standards with which your organization
needs to comply and determine whether you are, in fact, compliant. Where you miss the mark,
auditors recommend how to remedy the problem.

 Principles of internal audit

When your organization conducts management system audits, do you have confidence in the
audit conclusions? How do you know that the audits are robust and repeatable? Ideally, two
different auditors working independently of one another would arrive at similar conclusions in
similar circumstances.

For reliable audits, there are 7 audit principles that an auditor should adhere to, set out by ISO 1
011:2018 Guidelines for Auditing Management Systems.

1. Integrity

The foundation of professionalism.

2. Fair Presentation

The obligation to report truthfully and accurately.

3. Due Professional Care

The application of diligence and judgment in auditing.

4. Confidentiality

Mustafiz Rahman Farhad

Security of information.

5. Independence

The basis for the impartiality of the audit and objectivity of the audit conclusions.

6. Evidence-based approach

The rational method for reaching reliable and reproducible audit conclusions in a systematic
audit process.

7. Risk-based approach

An audit approach that considers risks and opportunities.

By ensuring your auditors adhere to these principles, you can have confidence in your audit
conclusions. If you’re planning an audit, and looking for support from a certified lead auditor,
send me a message to see how I can help.

Mustafiz Rahman Farhad

Mustafiz Rahman Farhad
Mustafiz Rahman Farhad