Internal Controls are broadly defined as a process, affected by an organization’s structure, work and authority flows, people and management information systems, designed to provide reasonable assurance regarding the achievement of objectives in the following categories:

1. Effectiveness and efficiency of operations
2. Reliability of financial reporting; and
3. Compliance with laws and regulations.

The overall attitude to internal controls and their importance in the business creates an environment or culture within the organization.

Internal Control Objectives are achieved by implementing effective Control Procedures. Control procedures are the policies and procedures that have been put in place to ensure that the managers can take the correct action to ensure the achievement of objectives.

The Control Procedures explain the how, why, what, where and when for any set of actions.

Many procedures are very detailed but forget to tell the reader why they are needed. Remember that internal controls are a process – only a means to an end – not the end in itself.

Why should an organization have internal controls?

Internal controls filter through the whole organization to:

• Help align objectives of the business
• Safeguard its assets – ensuring the business’s physical and monetary assets are protected from fraud, theft and errors.
• Prevent and detect fraud and error – ensuring the systems quickly identify errors and fraud if and when they occur
• Encourage good management – allowing the manager to receive timely and relevant information on performance against targets, as well as key figures that can indicate variances from the target.
• Allow action to be taken against undesirable performance
• Reduce exposure to risks by minimizing the chance of unexpected events.
• Ensuring proper financial reporting – maintaining accurate and complete reports required by legislation and management, and minimizing time lost in correcting errors and ensuring resources are correctly and efficiently allocated.

Each internal control procedure is designed to fulfill at least one of these eight criteria:

• Completeness – that all records and transactions are included in the reports of business.
• Accuracy – the right amounts are recorded in the correct accounts.
• Authorization – the correct levels of authorization are in place to cover such things as approval, payments, data entry and computer access.
• Validity – that the invoice is for work performed or products received and the business has incurred the liability properly.
• Existence – of assets and liabilities. Has a purchase been recorded for goods or services that have not yet been received? Do all assets on the books actually exist? Is there correct documentation to support the item?
• Handling errors – that errors in the system have been identified and processed.
• Segregation of duties – to ensure certain functions are kept separate. For example, the person taking cash receipts does not also do the banking.
• Presentation and disclosure – timely preparation of financial reports in conformity with applicable Accounting Standards

All internal controls, whether administrative or accounting, are linked to a financial consequence. For example, keeping records for long service leave entitlements is an administrative control but it does ultimately have a financial consequence.

Consequences of poor internal controls

Some of the many consequences of having poor internal controls are:

• Fraud
• Bad decisions for the business
• Wrong decisions made by people ill-equipped to deal with a situation
• Not taking appropriate action in time to correct errors
• Not allocating resources of the business correctly or most efficiently
• Time is spent fixing problems that could have been avoided.

This post previously appeared at https://bit.ly/2O3gJRE