INTERNAL CONTROL

Internal control, as defined by accounting and auditing, is a process for

assuring of an organization's objectives in operational effectiveness and
efficiency, reliable financial reporting, and compliance with laws,
regulations and policies.
Fundamental concepts of Internal Control:
1. It is not one event, but a series of ongoing actions and activities:
examples include edit checks of data entered, accounting for transactions
in numerical sequences, comparing file totals with control accounts,
controlling access to data, files and programs.
2. People are what make internal control work. While the responsibility for
good internal control ultimately rests with organizations’ leadership, all
members play important roles.
3. It represents our moral responsibility to understand and comply with
policies and procedures, as well as to hold ourselves and one other
accountable.
 The primary purpose of internal controls is to help safeguard an
organization and further its objectives. Internal controls function
to minimize risks and protect assets, ensure accuracy of records,
promote operational efficiency, and encourage adherence to
policies, rules, regulations, and laws.
 Financial Controllership – is a management function that
supervises the accounting and financial reporting of an
organization.
 Internal Control
Management should identify risks to help the company:
Achieve its performance and profitability targets
Prevent loss of resources
Enjoy reliable financial reporting
Ensure compliance of laws and regulations, avoiding damage of its
reputation and other consequences

 Internal Control is the process by an entity’s board of directors, management and

other personnel, designed to provide reasonable assurance regarding the
achievement of objectives in the following categories:
Effectiveness and efficiency of operations
Reliability and financial reporting
Compliance with reliable laws and regulations
 The three main categories of internal controller:

 1. Preventative- As they say in medicine, the best cure is prevention. It is

always easier, less stress-inducing and thereby more efficient to establish the
appropriate measures to prevent an event from occurring rather than working
under pressure of an active security event. For example, most web applications
have built-in checks and balances to avoid and minimize a user from entering
incorrect information.
 An organization may begin by assigning one person to write cheques, and
another erson to authorize the payments. This segregation of duties is an
example of preventive internal control from an administrative standpoint.
 Preventive control include the use of video surveillance or
strategized placement of security guards at entry point, verifying
identification credentials and restricting access
 Firewalls, computer and server backups, training programs
and event routine drug testing are all types of preventative
internal controls that are put in place to prevent asset loss and
detrimental events from transpiring.
 2. Detective Internal Controls- are controls that are used after a security event has
occurred. From business perspective, some common examples are audits, inventory,
financial reports and financial statements

 3. Corrective Controls are those controls that are put in place after detective
internal controls identify a problem. These controls may include software patches or
modifications, disciplinary action, reports filing and new or refined policies
prohibiting inefficient practices

 A financial controller is sometime called “comptroller” – is the lead accounting

executive in a company. A controllers’ duty varies depending upon the size of the
company, complexity and financial operations and the number of people employed in
the accounting department.
 Five components of internal control:
 1. Control environment: The control environment is an intangible factor. Yet, it is the
foundation for all other components of internal control, providing discipline and structure
and encompassing both technical competence and ethical commitment
 2. Risk assessment: Risk assessment is the process of identifying risks to achieving
objectives; analyzing potential events, considering their likelihood of occurring and impact
on achieving objectives; and deciding how to respond to the risks.
 3. Control activities: Control activities help ensure risk responses are effectively carried
out and include policies and procedures, approvals, authorizations, verifications,
reconciliations, security over assets, and segregation of duties.
 4. Information and communication: Information communicated should be timely and
accurate.
 5. Monitoring: Monitoring is effective when it leads to the identification and correction of
control weaknesses before they materially affect the achievement of the chapter’s
objectives.
 The Six Principles of Internal Control
 1. Establishment of Principle
 2. Segregation of Duties
 3. Documentation and Procedures
 4. Physical Controls
 5. Independent Internal Verification
 6. Human Resource Controls
 Four Purposes of Internal Control
 1. Safeguard the assets of a company from any form of loss. The
loss can be accidental loss that occurs from honest mistakes
being made by individuals or intentional loss that results to
fraudulent activity.
 2. Ensure financial information is accurate, reliable and timely
 3. Ensure compliance with state and local business laws (SEC,
GAAP)
 4. Provide for a company to monitor goals that has set for itself
 AUDITING
 Audit is the examination or inspection of various books of
accounts by an auditor followed by physical checking of
inventory to make sure that all departments are following
documented system of recording transactions. It is done to
ascertain the accuracy of financial statements provided by the
organization.
 A financial audit is an objective examination and evaluation of
the financial statements of an organization to make sure that
the financial records are a fair and accurate representation of
the transactions they claim to represent.
 Responsibilities of Audit Committee’s
An audit committee should be engage mainly in an overnight
function and ultimately is responsible for the company’s
financial reporting processes and the quality of its financial
reporting. The committee member should independent from the
operational aspect of the business. This means that a company’s
senior management should not be a committee members.
Examples of issues that the audit committee should consider:
 Risk identification
 Pressure to manage earnings
 Internal controls and company growth
  
 Risk Identification and Response
 To be effective, an audit committee must have an understanding of the
risks the company faces, the company’s internal control system for identifying
and mitigating those risks. Risks that could affect the company:
 External Risk (Independent)
 1. Rapid Technological changes
 2. Downturns in the industry – The product that the company is selling may have
passed already its maturity stage and it is already its way down. The audit
committee should have clear picture of the “what if” scenario. Example is the
Nokia began as a textile company then went into electronics, and from
electronics migrated to wireless devices but they missed the next boat.
 3. Unrealistic earnings expectations by analysts – An audit committee is
expected not to be just composed and collected but also less aggressive when it
comes to expectations of business outcomes. They should reasonably know how
much meat within a cup of soup because this should be the real basis in putting
up plans for the company’s future.
 Operating/ Internal Risk
 Recurring organizational changes, turnover of key personnel are
some danger signs that the audit committee cannot afford to
neglect. It also includes the complexities of transactions, complex
organizational structure, swift growth, inappropriate
compensation, exposure to currency differences in foreign loan
 Information and Control Risk
 Lack of sincere management supervision and inappropriate
management override of existing controls, timeliness is
considered since information needs to be communicated early
enough to the stakeholder for these information to be useful.
 ETHICAL DUTIES OF CORPORATE CONTROLLER

 A corporate controller is responsible for providing investors,

lenders and other stakeholders with an accurate view of the firm’s
financial condition. Controllers ensure that accounting procedures are
in place and that internal controls are functioning properly. A controller
must consistently behave in an ethical manner in both private and
 Professional life to be credible. A personal lapse may shake public
confidence and the company.
 1. Professional Competence – The sensitive nature of accounting data, a
controller must meet minimum standards of professional
competence, must have an up to knowledge of industry development
and enrolling in a continuing classes. Controllers have an ethical duty
to disclose any professional limitations or deficiencies that may prevent
them from performing their job duties effectively.
 2. Due Care – Financial results may be misinterpreted if accounting standards
are in an improper or inconsistent manner. A controller must exercise due care
in the creation of financial statements and the reports that support them, The
American Institute of Certified Public Accountants defines due care as a “quest
for excellence”, controllers must strive to attain, failure to do so may result in
misstatements that could damage confidence in the firm.
3. Objectivity – In preparing the financial statement, the controller must be
objective.
Accounting regulations include hard and fast rules that are used to resent
results fairly. Any inconsistency with management directives, controllers may face
pressure to “cook the books” and present inaccurate financial results. Controller
must stand firm against challenges even at the risk of losing his job.
4. Integrity- Senior management should consider both the personal and
professional behavior of the candidates. A good controller understands this
responsibility and strives to behave in an exemplary manner at all times.
 Five Significant Role of a Controller
 1. General Accounting oversight
 2. Creating internal policies and control
 3. Coordinating external tax accountants
 4. Setting up bank accounts
 5. Ensuring payments is received from customers and other debtors
 Responsibilities of a Controller
 1. Preparing Financial Reports
 2. Analyzing Financial Data
 3. Monitoring Internal Controls
 4. Overseeing and preparing income statements
 5. Participating in budgeting process
 6. Managing financial transactions
 7. Streamlining accounting functions and operations
 8. Developing plans for financial growth
 The finance department of an enterprise is prone to the following unethical practices
  
 Overestimating promoters’ capital utilization
 Over budgeting project costs
 Purchasing capital equipments at a time when there is no requirement for it
 Selling the capital requirements in order to raise additional and uncollected
funds
 Overestimating promoters’ capital utilization
 Siphoning funds for the promoter’s personal benefit
 Investing unapproved funds in order to gain extra profits
 Claiming insurance cover for losses that never happened
 Overpricing the current assets in order to gain more working capital than
permitted
 Using working capital funds for personal gains
 The accounts department of an enterprise is prone to the following types of
unethical issues:
  
 Showing inflated salaries and getting receipts from employees for an amount
larger than what they actually get
 Paying inflated supplier bills in order to get discounts or commissions
 Paying overtime wages when there is no requirement for them
 Maintaining two sets of books, one for the management and the other for
the income tax
 Refusing to reject unacceptable raw materials when the supplier’s bills have
to be paid
 The following are unethical practices of the costing manager
 Reducing manufacturing costs by manipulating work hours
 Ignoring costs of reject
 Ignoring costs of rework
 Not accounting for man-hours lost due to strikes and absenteeism
 Not accounting for man-hours lost in maintenance work
 Not considering the work stoppages due to change in models;
 Ignoring the man-hours lost due to change in the manufacturing process;
 Not taking into accounts the benefits of economies of sales
 The following describe the unethical behavior of the auditing manager

 Ignoring major deviations from the budgets

 Rejecting the tender having lowest cost among all due to personal reasons
 Helping in hiding black money in order to reduce the tax payable amount
 Ignoring inflated travel bills of selected employees
 Accepting payments made by the directors for personal purchases as official
payments
 Enabling the directors in sending and receiving money from overseas through
unofficial channels
 Approving payments to suppliers without checking bills or deliverables
 The following are unethical practices in the banking industry

 Having undue access to customers’ account and taking advantage of the same and
tampering of the accounts
 Diverting bank funds by the bank staff
 Illegal transfer of funds
 Opening fictitious account
 Lending to fictitious borrowers
 Collaborating from with outsiders to defraud the bank
 Defrauding the investors and creditors by the bank top management who has the
confidential information and custodian of safety.