of Internal Controls
controls are key processes and actions introduced by management into an
organization to ensure that objectives and goals are ultimately met. These
controls are designed to (1) conduct business in an effective and efficient
manner, (2) safeguard the company’s assets and resources, (3) prevent and
detect fraud and error, (4) ensure accuracy, completeness and integrity of accounting
data, (5) produce reliable and timely financial and management information, and
(6) ensure adherence to regulation, policies and procedures.
of Internal Controls
A system of internal control represents the
attitude of an organisation to ensure that sound management practices are
implemented to achieve the objectives of the organization. Internal controls
provide reasonable assurance to stakeholders (e.g. customers, investors) that
transactions are recorded completely, timely and in an effective and efficient
of the Internal Auditor in Internal Controls
Audit is an independent and unbiased activity, and consequently they hold a
neutral position within an organization. It is managements’ role to design and implement appropriate
systems of internal control to identify and mitigate risks effectively and
efficiently. Internal audit’s role is to evaluate the adequacy and
effectiveness of those systems and processes across the organization (Ultimately,
the role of internal audit is to provide independent assurance to the board and
executives on whether the internal controls are working as intended and whether
there is adequate and effective governance and risk management processes.
and Examples of Internal Controls
designed to prevent errors, inaccuracy or fraud before it occurs. They are
built into internal control systems in the initial design and implementation
stages. Examples of preventive controls are:
of Duties: Duties are segregated among different people to reduce the risk
of error or inappropriate action (like recording, approval and custody
control over assets for protection – like locks on stock warehouses
passwords to restrict access to confidential data
documents with sensitive information
These are designed
to find irregularities in transactions after they have occurred. Examples of
detective controls are:
Bank reconciliations (i.e. cash per
the bank account is reconciled to the cash per the company’s books).
A security camera to detect
Exception reports which list out of
Physical stock counts (i.e. stock is
physically counted and then compared to the inventory ledger)
Petty cash counts
c. Corrective controls
These are designed to fix errors that have occurred. Coupled with detective
controls that identify an anomaly, corrective controls are activated to see
what should be done to fix an error, and hopefully design a new control to
prevent recurrence of the error. Examples of Corrective controls are:
backups can be used to restore lost data in case of a fire or other disaster
is used to help replace damaged or stolen assets
Management accounting reports can highlight
variances from budget to actual for management corrective action
Enhanced training and awareness can be provided to
prevent future errors and irregularities
actions taken to encourage the right behaviour so that a desirable event can occur.
They are generally of a guidance nature to employees and are broad in nature.
Examples of Directive Controls are:
and procedures – sets compliance standards within the company to adhere to when
regulations enforce a company to adhere to certain standards that govern
ethical behaviour and good corporate governance.
(provides ongoing guidance to employees on performing a task)
descriptions (e.g. sets roles and responsibilities with performance
expectations for employees)
(e.g. a morning meeting in a factory to discuss expectations and output for the
must conduct and effective risk management process to proactively identify the
potential factors that may stop an organization from achieving its objectives
and to build mitigating controls to manage the associated exposure to risks. Risk
management is made up of two parts – one is the likelihood of something going
wrong and the other is dealing with the negative consequence that arises when a
risk manifests. It is managements’ responsibility to identify those risk
factors that may cause exposure to the organisation.
analysis represents the process that helps management identify and manage internal
and external problems that could undermine the achievement of key business
initiatives or projects. To perform a risk analysis, one must first identify
the possible threats (like financial loss, loss of people, operational
disruption, reputational issues etc.) that the company faces, and then estimate the
likelihood that these threats will materialize and prepare adequate responses
to mitigate the risk. Risk analysis is useful in many situations:
and safety management
recovery and business continuity planning
to changes in regulations
management and overall sustainability
Internal Controls recommended for Inventory
common systems for managing the financial transactions of stock are the
periodic and perpetual systems. Periodic inventory systems update the
accounting ledger once a month or quarterly. A more efficient system is the
perpetual inventory system, which updates inventory after each purchase, sale
and adjustment. Inventory systems equips management with a better idea of
inventory cost and its effects on the balance sheet, which is an important part
of internal controls.
the inventory is a basic inventory internal control – this can be done by numbering
all locations, tag each inventory item, and track these items by location. Most
organisations use an identification system like barcodes to tag each
item so that it can be tracked.
inventory including scrap which states the part number, description, unit of
measure, and quantity.
Goods Ordering and Receiving
incoming inventory to match the quantity stated on the delivery note is correct.
Count the inventory before recording it as being received. This keeps errors
from being introduced into the inventory records.
incoming inventory to verify accuracy of goods received as well as look for any
damages. Damaged goods should be
returned, and the accounts payable staff notified by documents that the
returned items should not be paid for.
duties like ordering and payment process amongst multiple employees is also
important to avoid theft of stock.
Storage and Security
warehouses and distribution centres must be under lock and key with only
authorised personnel having access.
deliveries from suppliers must be counted and tagged before they go into
inventory so that discrepancies between deliveries and purchase orders are
counts of sections of inventory must be conducted to pick up any discrepancies and to investigate
and correct any errors found. This gradually improves the inventory record
for employees is also key in the warehouse – storage space must be adequate and
safe to accommodate pallets and forklifts and to avoid injury or damage.
item is removed from the warehouse, companies must have a standard procedure
for recording the picks as soon as they leave the warehouse.
person removing the inventory must sign for the removal, so that there is a
record of who is responsible should the item go amiss.
Review obsolete stock
periodic obsolete inventory review. The warehouse can fill up with obsolete
inventory that cannot be used, which causes high storage costs and can disrupt
the production process. Analyse inventory records to determine which items
should be sold off or otherwise eliminated.
audits of bills of materials, negative balances in inventory and obsolete stock
will assist in providing assurance that the above controls are working as
Internal Controls recommended for Cash
Safeguarding assets – Companies must protect the
physical cash and the people handling the cash
access shall be restricted to authorized personnel.
and passwords should be given to as few people as is necessary.
and passwords should be changed periodically, at least annually, or when
someone leaves the department.
the proper background checks on prospective cash handlers.
cash in a secure location like a safe or locked storage facility.
the amount of funds held overnight.
a buddy system when taking funds from one location to another.
cash discretely, not easily visible to others.
Segregation of duties – The following cash handling duties
should be performed by multiple people so that no one person has control over
the entire cash handling process. Separating the cash handling duties among
different people will reduce errors, minimize fraudulent activity and increase
the chance of detecting errors.
cash amounts for petty cash floats
bank deposit slip, (preparer and reviewer)
the physical deposit at the bank
cash receipts to daily sales reports
and remediate discrepancies noted from reviews and reconciliations.
Accountability – Cash accountability ensures that cash
transactions are authorized, properly accounted for, documented and
identifiable to specific cash handlers
This will help determine:
Who has access to cash
Why they have access to cash
Where cash is at all times
What has occurred from the transaction’s
beginning to end
Cash accountability controls are to
Record cash receipts when received.
Keep funds secure at all time.
Document transfers used when cash is moved.
Don’t share passwords.
Cash handling staff must have own storage
Supervisors verify cash deposits and approve
Reconciliations – In order to ensure all
transactions have been recorded correctly, (completely and accurately), several
reconciliations should occur on a timely basis.
receipts to deposit records.
cash receipts when received.
and balance cash receipts daily.
periodic surprise cash counts.
Finance Department is responsible for preparing and approving monthly bank
reconciliations and reviewing outstanding deposits to ensure timely clearing
Monitoring – regularly review processes to tighten
controls, train staff, and investigate unusual activity. The following reviews
should be done on a regular basis:
cash shortages and investigate discrepancies
sales forecasts and budgets to actual sales and investigate variances (and
margins where applicable)
cash receipts ledger for unusual items or unapproved changes
and approve returns, refunds and void transaction logs
system security access
and monitor new staff and provide continual training to existing staff on a
regular basis, i.e. at least annually
customer statements on a regular basis
Internal Controls recommended for Tangible Assets
Policies and Procedures
o Policies and procedures for acquisitions, transfers
and disposals of fixed assets should be established. Fixed assets’ useful
lives should be clearly defined and be consistent with the company’s fixed
o An up-to-date Fixed Assets Register must be maintained
showing the following:
– Cost of asset
– Asset useful life or depreciation rate
– Current and accumulated depreciation rate
– Net book value
o As far as possible all tangible fixed assets should
be tagged to permit easy identification.
o Accuracy of the register should be verified through
periodic physical fixed assets counts and confirmations with custodians.
o All adjustments to the Fixed Assets Register should be
authorised by the Finance Manager/Accountant after sufficient investigation.
o Land, buildings should be revalued by an independent
o There should be adequate insurance coverage policy
for fixed assets.
Fixed Assets Movements
o All fixed asset movements should be approved in
accordance with the authority limits
and a fixed asset transfer form must be completed and acknowledged by
the receiving department for all permanent transfer of fixed assets.
o Additions to fixed assets should be approved in
accordance with the authority limits.
o Fixed assets disposals should be authorised in
accordance with the authority limits.
o Fixed Assets Register should be reconciled to the
GL on a monthly basis.
o There should be segregation of responsibilities
between the following functions:
authorities for fixed assets movement
of fixed assets account
o Physical fixed assets at all locations should be
counted and checked against book records at least annually.
o Differences between fixed assets counts and book
records should be investigated thoroughly before adjustments are approved and
made to the books.
of Authority (DOA)
o Appropriate delegation of authority must exist for
fixed assets management and it must cover acquisitions, transfers and disposals
as well as fixed assets write off
Internal Controls recommended for Debtors
business should have adequate policies and procedures on credit and collection procedures,
to ensure that all staff understand the accounts receivable process.
Segregation of Duties
o Different people must deal with invoicing, accounts
receivable, cash collection, and the review and reconciliation of accounting
Invoice Generation to Customer
o Check purchase order prices, terms, and conditions.
o Check authorization levels for order approval.
o Check the credit rating, limits and address of the
o Prepare the sales order with details per the
purchase order and stamp the sales order as approved.
o Check the accuracy of invoice calculations.
o Independently review customer complaints about
o Separate the invoicing function from the cash
o Reconcile the goods dispatched to the customer to
the quantities shown on the sales invoice.
Sales Journal and Accounts Receivable ledger
o Post the sales journal from a copy invoice as soon as the
transaction occurs, and file the invoices by invoice number
o Use the sales journal totals to post the accounts receivable control
the general ledger.
o Separate the accounts receivable function and cash
o Carry out random spot checks on customer trading
activity and check for signs of unusual activity.
o Review credit balances on accounts receivable
o Produce an aged accounts receivable report and
review the balances, particularly on large and overdue accounts.
o Have a strict credit control procedure for
collecting outstanding accounts receivable.
o Review all journal entries made to the accounts
receivable ledger accounts for appropriateness and approvals.
o Check cash settlements discounts given to
customers. Approval limits must be in place.
o Reconcile the accounts receivable ledger with the
accounts receivable control account in the general ledger.
o Review delinquent accounts and ensure that they are
precluded from receiving additional credit