STUDY NOTE 2 – Internal Control
Internal controls summary
Internal control is a process, effected by an
entity’s board of directors, management,
and other personnel, designed to provide
reasonable assurance:
 That information is reliable, accurate
and timely
 Of compliance with applicable laws,
regulations, contracts, policies, and
procedures
 Of the reliability of financial reporting
Internal controls are intended to prevent
errors and irregularities, identify problems,
and ensure that corrective action is taken. In
many cases, process owners within your
department perform controls and interact
with the control structure on a daily basis,
sometimes without even realizing it because
controls are built into operations.
Control definition reflects certain
fundamental concepts:
 Internal control is a process. It is a
means to an end, not an end in itself.
 Internal control is affected by people.
It is not merely policy manuals and
forms, but also people at every level
of an organization.
 Internal control can be expected to
provide only reasonable, not
absolute, assurance to an entity’s
management and board.
Internal controls are established to further
strengthen:
 The reliability and integrity of
information
 Compliance with policies, plans,
procedures, laws and regulations
 The safeguarding of assets
 The economical and efficient use of
resources
 The accomplishment of established
objectives and goals for operations
or programs
8/27/21
Understanding Internal Controls
Internal controls have become a key
business function for every U.S. company
since the accounting scandals in the early
2000s. In their wake, the Sarbanes-Oxley
Act of 2002 was enacted to protect investors
from fraudulent accounting activities and
improve the accuracy and reliability of
corporate disclosures. This has had a
profound effect on corporate governance, by
making managers responsible for financial
reporting and creating an audit trail.
Managers found guilty of not properly
establishing and managing internal controls
face serious criminal penalties.
The auditor’s opinion that accompanies
financial statements is based on an audit of
the procedures and records used to produce
them. As part of an audit, external auditors
will test a company’s accounting processes
and internal controls and provide an opinion
as to their effectiveness.
Internal audits evaluate a company’s
internal controls, including its corporate
governance and accounting processes.
They ensure compliance with laws and
regulations and accurate and timely
financial reporting and data collection, as
well as helping to maintain operational
efficiency by identifying problems and
correcting lapses before they are discovered
in an external audit. Internal audits play a
critical role in a company’s operations and
corporate governance, now that the
Sarbanes-Oxley Act of 2002 has made
managers legally responsible for the
accuracy of its financial statements.
No two systems of internal controls are
identical, but many core philosophies
regarding financial integrity and accounting
practices have become standard
management practices. While internal
controls can be expensive, properly
implemented internal controls can help
streamline operations and increase
STUDY NOTE 2 – Internal Control
operational efficiency, in addition to
preventing fraud.
Regardless of the policies and procedures
established by an organization, only
reasonable assurance may be provided that
internal controls are effective and financial
information is correct. The effectiveness of
internal controls is limited by human
judgment. A business will often give high-
level personnel the ability to override
internal controls for operational efficiency
reasons, and internal controls can be
circumvented through collusion.
Internal control types
Different risks and environments require
different controls. The control types
described below can be used in combination
to mitigate risks to the organization.
Preventive and detection controls
 Preventive controls attempt to deter
or stop an unwanted outcome before
it happens. Examples include use of
passwords, approval, policies and
procedures.
 Detection controls attempt to
uncover errors or irregularities that
may already have occurred.
Examples include reconciliations,
monitoring of actual expenses vs.
budget, prior periods and forecasts.
Hard vs. soft controls
 Hard controls are formal and
tangible. Examples include
organizational structure, policies,
procedures and segregation of
duties
 Soft controls are informal and
intangible. Examples include tone at
the top, ethical climate integrity, trust
and competence
8/27/21
Manual vs. automated controls
 Manual controls are manually
performed, either solely manual or
IT-dependent, where a system-
generated report is used to test a
particular control.
 Automated controls are performed
entirely by the computer system.
Key vs. secondary controls
 Key controls are those that must
operate effectively to reduce the risk
to an acceptable level.
 Secondary controls are those that
help the process run smoothly but
are not essential.
To identify the correct control(s) to
implement, you must know what risks are
present. To know what risks are present,
you need to understand what objectives are
being sought. Therefore, Objectives →
Risks→ Controls.
Examples of Internal Controls
Segregation of Duties
When work duties are divided or segregated
among different people to reduce the risk of
error or inappropriate actions.
Physical Controls
When equipment, inventories, securities,
cash and other assets are secured
physically. This can occur through the use
of locks, safes, or other environmental
controls. Access is restricted to those with
authority to handle them.
Reconciliations
Comparisons are made between similar
records maintained by different people to
verify transaction details are accurate and
that all transactions are properly recorded.
Specific examples would include:
STUDY NOTE 2 – Internal Control
Performing a reconciliation from bank
statements to check register/records.
Balancing/reconciling cash on hand to sales
or transaction activity on the cash register
totals.
Policies and Procedures
Established policies, procedures, and
documentation that provide guidance and
training to ensure consistent performance at
a required level of quality. These should be
available at all levels of the organization.
Departmental and University/Organization
wide.
Transaction and Activity Reviews
Management reviews of transaction,
operating, and summary reports help to
monitor performance against goals and
objectives, spot problems, identify trends,
etc. Specific examples include: Monthly
review of budget statements to actual
expenses. Review of telecommunication
call activity reports for personal or non-
business related phone calls. Review of
timecards and overtime hours by
employees.
Information Processing Controls
When data is processed, a variety of
internal controls are performed to check the
accuracy, completeness, and authorization
of transactions. Data entered is subject to
edit checks or matching to approved control
files or totals. Numerical sequences of
transactions are accounted for, and file
totals are controlled and reconciled with
prior balances and control accounts.
Development of new systems and changes
to existing ones are controlled, as is access
to data, files and programs.
Limitations of Internal Control
Following are the inherent limitations of
Internal Control −
8/27/21
 Management decision to choose
cost effective control system may
reduce the effectiveness of internal
control system.
 There are chances of misuse by a
person of authority who is operating
on internal control system.
 Objectives of internal control
systems may be defeated by
manipulation of management.
 Since internal control system is
involved in routine transactions,
irregular transactions may be
overlooked.
 Changes in conditions may affect the
effectiveness of internal control
system.
Scope of Internal Control
Following are the main areas which are
generally covered by a good internal control
system −
 Cash − Here, internal control is
applied over payments and receipts
of an organization. This is to
safeguard from misappropriation of
cash.
 Control over Sale and Purchase −
With proper and efficient control
system for transactions regarding
purchase and sale of material,
handling of material and accounting
for the same is must.
 Financial Control − It deals with the
efficient system of accounting,
recording and supervision.
 Employee’s Remuneration − Internal
control system is applied to
preparation and maintenance of
records of employees and the
payment methods also. It is also
necessary to safeguard against
misappropriation of cash.
 Capital Expenditure − Internal
control system ensures the proper
STUDY NOTE 2 – Internal Control 8/27/21

sanction of capital expenditure and  Internal audits play a critical role in a

also the use of it for the purpose company’s internal controls and
intended. corporate governance, now that the
 Inventory Control − It covers the Sarbanes-Oxley Act of 2002 has
proper handling of inventory, made managers legally responsible
minimization of slow moving items or for the accuracy of its financial
dead stock, proper valuation of statements.
stock, recording of it, etc.
 Control over Investments − internal REFERENCES:
control system is applied to the
proper recording of transactions be it  https://www.investopedia.com/terms/
purchases, additions, sale or i/internalcontrols.asp
redemption, income on investments,  https://audit.ucsf.edu/internal-
profit or loss on investment. controls
 http://www.wiu.edu/internal_auditing/
Internal Control and Auditor internal_controls/
 https://www.tutorialspoint.com/auditi
An Auditor should ensure that certain rules ng/auditing_internal_control.htm
and procedures are followed by the
business unit he is working on, in spite of
the fact that a sound system of internal
control is as sole responsibility of the
management. The Auditor can simply guide
or help the management if he is asked to do
so, because he has no authority to prescribe
such rules and procedures. The degree of
reliance on the system depends upon the
effectiveness of internal control system;
therefore, the Auditor should review and
evaluate the internal control system of an
organization to prepare his audit Program.

KEY TAKEAWAYS
 Internal controls are the
mechanisms, rules, and procedures
implemented by a company to
ensure the integrity of financial and
accounting information, promote
accountability and prevent fraud.
 Besides complying with laws and
regulations, and preventing
employees from stealing assets or
committing fraud, internal controls
can help improve operational
efficiency by improving the accuracy
and timeliness of financial reporting.