Internal Control
Shish Haider Chowdhury
Director, FAPAD
Cell: 018 19225594
�Definition
Internal control refers to the whole system of
control in undertaking operational activities
which includes internal check, internal audit
and any other form of control.
�Definition
In accounting and auditing, internal control is defined
as a process effected by an organization's structure,
work and authority flows, people and management
information systems, designed to help the
organization accomplish specific goals or objectives.
It is a means by which an organization's resources
are directed, monitored, and measured. It plays an
important role in preventing and detecting fraud and
protecting the organization's resources.
�Internal control process
�Internal control process
�Is it internal control?
�Is it internal control?
�What about this?
�Why internal control?
Promote operational efficiency and
effectiveness
Provide reliable financial information
Safeguard assets and records
Encourage adherence to prescribed policies
Comply with regulatory agencies
�Basic Concepts of Internal Controls
Management, not auditors, must establish and
maintain the entitys controls
Internal controls structure should provide reasonable
assurance that financial reports are correctly stated
No system can be regarded as completely effective
Should be applied to manual and computerized
systems
�Value of Internal Controls
Transactions are:
valid
property authorized
Recorded
properly valued
Properly classified
Timely
Reconciled to subsidiary records
�Control Environment Consists of:
Management philosophy and operating style
Organization structure
Tone at the top
Separation of duties
Fiscal officer reporting lines
Assignment of authority and responsibility
Does everyone understand their role?
Responsibility without authority
�Control Environment Consists of:
Competent, knowledgeable personnel
Communication and information systems
Internal audit function
Personnel policies and procedures
Training and development
Either in-source or outsource
External influences
Compliance
External auditors
�Internal Control Procedures
Personnel
Proper procedures for authorization
Adequate separation of duties
Adequate documents and records
Physical control over assets and records
Independent checks on performances
�Other Elements to Remember
Consistency of policy compliance
Coordination in a decentralized environment
Completeness and relevancy of policies
Issue escalation and resolution process
Accountability
Flow of financial information
�Key Concepts to Retain
Internal control is a process. It is a means to
an end, not an end itself.
Internal control is affected by people. It is not
just manuals and policies, but the people at
all levels of the organization.
Internal control can be expected to provide
reasonable assurance, not absolute
assurance, to an entities management or
board.
�Want some examples?
�Think about what YOU do
You lock your home and your vehicle.
You keep your ATM/debit card pin number
separate from your card.
You review bills and credit card statements
before paying them.
You dont leave blank checks or cash just lying
around.
You expect your children to ask permission
before they can do certain things.
�Internal controls are meant to:
Protect assets
Ensure records are accurate
Promote operational efficiency
Encourage adherence to policies, rules,
regulations, and laws.
�Internal controls are usually
PREVENTIVE or DETECTIVE
Preventive - lets stop an
unwanted outcome before it
happens.
Detective - lets find the
problem before it grows.
�Goals of an internal control system
621
Resources are safeguarded
Policies of management are
followed
Designed to prevent errors
and fraud
�Elements of Internal Control
Separation of duties
Quality of employees
Bonded employees
Periods of absence
Procedures manual
Clear lines of authority &
responsibility
Pre-numbered documents
Physical control over assets
Performance evaluations
�Separation of duties
623
Whenever possible, the
functions of
authorization, recording
and custody should be
exercised by separate
individuals.
This minimizes the
likelihood of errors and
embezzlement.
�Quality of employees
Hire and keep employees
that are:
Competent
Honest
Trained to do a variety of
tasks.
624
�Bonded Employees
625
A Fidelity Bond is insurance
coverage to protect the
employer if an employee is
dishonest (embezzles).
�Periods of Absence
Require vacations and rotate
employees
626
Illegal activities are often
uncovered when someone
else performs the offenders
duties for a few days.
�Procedures Manual
Provide Procedures Manuals
detailing the correct
procedures for processing
transactions.
627
These procedures should be
designed to promote accuracy
and internal control.
�Clear lines of authority & responsibility
Organization Chart
628
Make sure employees
understand the extent of
their authority and
responsibilities.
Define and
communicate the
appropriate chain of
command.
�Pre-numbered documents
629
Reduces the likelihood
of unauthorized
transactions.
Reduces the likelihood
of embezzlements.
Be sure to account for
the sequence of
documents periodically
�Physical control over assets
630
Safeguard all assets-cash, equipment,
inventory, etc.
Be sure to keep all
records and supporting
documents in a fireproof
safe.
�Performance Evaluations
631
Independent verification
of performance.
Includes such things as
an external audit by
SAI, the internal audit
function, count of
inventory, etc.
Good job!
�Internal Control in Computer Systems
Basic internal controls apply to
both manual and computerized
systems.
Some controls are specific to
computerized systems.
632
Tests of reasonableness
Audit around the computer
Proper documentation and
system (both program and data)
backup are essential.
Significant technical
expertise may be needed.
�Controlling CASH
633
Cash has universal appeal and
ownership is difficult to prove.
Both cash receipts and cash
payments should be recorded
immediately when received and
made.
Checks should be pre-numbered
and kept secure.
�Accounting for Cash
Reconciling the Bank Statement
An important part of internal control
Need for calculating a true cash balance
Two sections to be reconciled
balance per bank
balance per books
If there are any mistakes or transactions that
have not been recorded in the companys books,
adjusting journal entries will be needed.
�Internal Audit Perspective
Effectiveness of Internal Controls related to operations and financial
statement reliance
- Whether or not your organization is audited by any external party
and/or has an internal audit function, as an ICO or coordinator, you
are responsible for:
1. Establishing the system of internal control
2. Establishing the system of internal control review
3. Making management guidelines and policies
available to all employees
4. Implementing education and training about internal
control
5. Performing internal control evaluations and
assisting in the improvement of the effectiveness of
the internal control program
�Differences between Internal
Control and Internal Audit
Internal controls and program development
are the responsibility of agency
management.
IAs goal, while concerned with accounting
rule compliance, has a much larger scope
including functional and operational
effectiveness and compliance with
applicable laws and regulations. The
objectives of the internal auditor should be
aligned with the strategic objectives of the
company.
�Differences
Management is responsible for self
monitoring and identifying and mitigating
risks. Internal Audit evaluates managements
IC program.
IA is responsible to the Audit Committee of
the Board of Directors.
IA activities are not a control it is an
evaluation over the effectiveness of the IC
program.
�Differences
EA is responsible to financial statement users and
the Audit Committee of the Board of Directors.
IA staff and ICO are employed by an organization;
EA firms are not employed by the organization
they audit.
EAs goal is to verify that a company they audit
complies with accounting standards. Auditing is
not a control.
Report distribution differs.
Materiality thresholds differ.
ICO is prospective; IA and EA are retrospective.
