What Are Internal Controls?
Internal Controls is a Plan of organization, and the procedures and records concerned with the safeguarding of assets and the reliability of the financial records.
Basic Principles of an Internal Control System
An internal control system should be designed to meet a firm’s specific informational needs. Thus, the system can range, from a simple manual-system to complex computerized on-line system with remote terminals spread across the entire country. Whether manual or computerized, the accounting system must process information efficiently, accurately, and on a timely basis. At the heart of any well designed accounting system is a well-thought-out internal control system.
One of the principal responsibilities of management is to protect the assets under its control. ensure the accuracy and reliability of its accounting records, and see that its policies are carried out. Internal control is the organizational plan, including specific methods and procedures, that management develops to meet these responsibilities. Specifically, Internal control is formally defined as:
the plan of organization and all of the coordinate methods and measures adopted
within a business to safeguard its assets, check the accuracy and reliability of its
accounting data, promote operational efficiency, and encourage adherence to prescribed policies.
A strong internal control system will contain both administrative and accounting controls.
Administrative controls include the plan of organization and the procedures and records that are concerned with the decision processes leading to management’s authorization of transactions. That is, management uses administrative controls to ensure that its policies and procedures are carried out.
Accounting controls are the plan of organization and the procedures and records that are concerned with safeguarding the assets and the reliability of the financial records, These controls are more specific and are designed to ensure that:
- Transactions are executed in accordance with management’s general or specific authorization.
- Transactions are recorded as necessary (1) to permit preparation of financial statements in conformity with generally accepted accounting principles or any other criteria applicable to such statements and (2) to maintain accountability for assets.
- Access to assets is permitted only in accordance with management’s authorization.
- The recorded accountability for assets is compared with the existing assets at reasonable intervals and appropriate action is taken with respect to any differences.
In order for a firm to have a sound system of internal control, both administrative and accounting controls must be present. The administrative controls provide the overall framework in which the specific accounting controls operate. If management is not interested in maintaining administrative controls, specific accounting controls can not ensure that the firm’s assets are being safeguarded.
Necessity of Internal Controls
Internal controls are necessary because accounting systems are designed and run by people and people make errors. These errors may be either true mistakes or deliberate actions. There have been numerous instances in which large corporations have restated their financial reports because of inadvertent errors in the accounting records.
Recently, a large personal computer company discovered that it had not accounted for millions of dollars of inventory. Poor record keeping rather than fraud appears to have been the reason.
There are situations, however, in which individuals falsify accounting records in order to steal or embezzle. In the early 1980s, one individual stole huge sums of money from Wells Fargo Bank by daily making a simple accounting entry in the bank’s computer system. A strong internal control system is necessary to minimize these events and their associated losses.
Recently, a strong impetus for internal controls resulted from payments that U.S. corporations made to foreign officials to obtain business. In many cases these payments were considered legal in the foreign country, although many in the United States considered them a violation of good business ethics. Furthermore, many of the firms that made these questionable payments were large, decentralized multinational firms whose top executives did not even know about them.
Because of these and other events, both the American Institute of CPAs (AICPA) and the U.S. Congress mandated the maintenance of a strong system of internal control. In its auditing guidelines, the AICPA stated that the system of internal control should be under the continuing supervision of management to determine that it is functioning as prescribed and is modified as appropriate for changes in condition.
Congress, alarmed by the number of questionable payments to foreign officials, passed the Foreign Corrupt Practices Act. This act holds management accountable for developing and maintaining a strong Accounting internal control system that would prevent such payments. This act requires every publicly held corporation to maintain such a system of internal control. Furthermore, the act requires that the system of internal control limit the use of corporate assets to the purpose designated by management and that the accounting records be compared with the assets owned by the firm.
Attributes of a Strong Internal Control System
The design of an internal control system and the procedures utilized should be tailored to the firm’s specific needs. However, a well.designed internal control system will center on a properly designed accounting system and include sound personnel and personnel practices and the separation of duties.
A Well-Designed Accounting System
A strong internal control system is difficult to implement without a well-designed accounting system. This accounting system should provide accounting controls over the firm’s assets, liabilities, revenues, and expenses. Whether the accounting system is manual or automated, it should provide for adequate management authorizations and internal checks and balances. The system be well documented with accounting manuals. Surprise checks should be made periodically to ensure that these procedures are being carried out and that the firm’s assets are being safeguarded.
Sound Personnel and Personnel Policies
Any internal control system is dependent on the people who run it. Individuals should be placed in positions commensurate with their abilities. Good personnel policies include the rotation of people in key positions, the requirement that all employees take an annual vacation, and the bonding of individuals who handle cash or other liquid assets. Bonding means checking employees and insuring the company against theft by them.
Separation of Duties
should be a clear separation of duties within the accounting function. That is, those individuals who have responsibility for and control over a particular asset should not also account for it. For example, the individual in the organization who handles cash receipts should not also handle accounts receivable or prepare the bank reconciliation. This makes it more difficult for one individual to steal the company’s assets.
Accounting/Internal Control System Limitations
No system of accounting internal control can be completely foolproof. This is especially true if top management is trying to override the system. Even if possible, the costs of completely fool proofing the system would probably outweigh the benefits derived. However, a properly designed and executed system can eliminate many potential problems and offer management a reasonable assurance that its policies are being carried out and that the firm’s assets are being safeguarded.
About the Author
True Tamplin, BSc, CEPF®
True Tamplin is a published author, public speaker, CEO of UpDigital, and founder of Finance Strategists.
True contributes to his own finance dictionary, Finance Strategists, and has spoken to various financial communities such as the CFA Institute, as well as university students like his Alma mater, Biola University, where he received a bachelor of science in business and data analytics.