Internal Controls is a plan of organization, and the procedures and records concerned with the safeguarding of assets and the reliability of the financial records. An internal control system should be designed to meet a firm’s specific informational needs. Thus, the system can range, from a simple manual-system to complex computerized on-line system with remote terminals spread across the entire country. Whether manual or computerized, the accounting system must process information efficiently, accurately, and on a timely basis. At the heart of any well designed accounting system is a well-thought-out internal control system. One of the principal responsibilities of management is to protect the assets under its control, ensure the accuracy and reliability of its accounting records, and see that its policies are carried out. Internal control is the organizational plan, including specific methods and procedures, that management develops to meet these responsibilities. Specifically, Internal control is formally defined as: Administrative controls include the plan of organization and the procedures and records that are concerned with the decision processes leading to management’s authorization of transactions. That is, management uses administrative controls to ensure that its policies and procedures are carried out. Accounting controls are the plan of the organization and the procedures and records that are concerned with safeguarding the assets and the reliability of the financial records. These controls are more specific and are designed to ensure that: For a firm to have a sound system of internal control, both administrative and accounting controls must be present. The administrative controls provide the overall framework in which the specific accounting controls operate. If management is not interested in maintaining administrative controls, specific accounting controls can not ensure that the firm’s assets are being safeguarded. Internal controls are necessary because accounting systems are designed and run by people and people make errors. These errors may be either true mistakes or deliberate actions. There have been numerous instances in which large corporations have restated their financial reports because of inadvertent errors in the accounting records. Recently, a large personal computer company discovered that it had not accounted for millions of dollars of inventory. Poor record keeping rather than fraud appears to have been the reason. There are situations, however, in which individuals falsify accounting records to steal or embezzle. In the early 1980s, one individual stole huge sums of money from Wells Fargo Bank by daily making a simple accounting entry in the bank’s computer system. A strong internal control system is necessary to minimize these events and their associated losses. Recently, a strong impetus for internal controls resulted from payments that U.S. corporations made to foreign officials to obtain business. In many cases, these payments were considered legal in the foreign country, although many in the United States considered them a violation of good business ethics. Furthermore, many of the firms that made these questionable payments were large, decentralized multinational firms whose top executives did not even know about them. In its auditing guidelines, the AICPA stated that the system of internal control should be under the continuing supervision of management to determine that it is functioning as prescribed and is modified as appropriate for changes in condition. Congress, alarmed by the number of questionable payments to foreign officials, passed the Foreign Corrupt Practices Act. This act holds management accountable for developing and maintaining a strong Accounting internal control system that would prevent such payments. This act requires every publicly held corporation to maintain such a system of internal control. Furthermore, the act requires that the system of internal control limits the use of corporate assets to the purpose designated by management and that the accounting records be compared with the assets owned by the firm. The design of an internal control system and the procedures utilized should be tailored to the firm’s specific needs. However, a well-designed internal control system will center on a properly designed accounting system and include sound personnel and personnel practices and the separation of duties. A strong internal control system is difficult to implement without a well-designed accounting system. This accounting system should provide accounting controls over the firm’s assets, liabilities, revenues, and expenses. Whether the accounting system is manual or automated, it should provide for adequate management authorizations and internal checks and balances. The system is well documented with accounting manuals. Surprise checks should be made periodically to ensure that these procedures are being carried out and that the firm’s assets are being safeguarded. Any internal control system is dependent on the people who run it. Individuals should be placed in positions commensurate with their abilities. Good personnel policies include the rotation of people in key positions, the requirement that all employees take an annual vacation, and the bonding of individuals who handle cash or other liquid assets. Bonding means checking employees and insuring the company is against theft by them. Should be a clear separation of duties within the accounting function. That is, those individuals who have responsibility for and control over a particular asset should not also account for it. For example, the individual in the organization who handles cash receipts should not also handle accounts receivable or prepare the bank reconciliation. This makes it more difficult for one individual to steal the company’s assets. No system of accounting internal control can be completely foolproof. This is especially true if top management is trying to override the system. Even if possible, the costs of completely fool proofing the system would probably outweigh the benefits derived.Basic Principles of an Internal Control System
"The plan of organization and all of the coordinate methods and measures adopted within a business to safeguard its assets, check the accuracy and reliability of its accounting data, promote operational efficiency, and encourage adherence to prescribed policies."
A strong internal control system will contain both administrative and accounting controls.
Necessity of Internal Controls
Because of these and other events, both the American Institute of CPAs (AICPA) and the U.S. Congress mandated the maintenance of a strong system of internal control.Attributes of a Strong Internal Control System
A Well-Designed Accounting System
Sound Personnel and Personnel Policies
Separation of Duties
Accounting/Internal Control System Limitations
However, a properly designed and executed system can eliminate many potential problems and offer management a reasonable assurance that its policies are being carried out and that the firm’s assets are being safeguarded.
Internal Controls FAQs
Internal controls are procedures, policies, processes, and organizational structures implemented by an entity to provide reasonable assurance that its objectives in the areas of financial reporting, operational efficiency, and compliance with laws and regulations will be achieved.
Internal controls are important because they protect an organization's assets from theft or misuse; ensure accuracy and reliability of data for financial reporting purposes; safeguard against fraud and errors; promote compliance with applicable laws and regulations; help prevent waste, abuse, mismanagement and unauthorized use of resources; enhance decision-making accuracy; and improve overall operations.
The purpose of internal control systems is to ensure the accuracy of financial information, safeguard assets, protect against fraud and theft, maintain compliance with laws and regulations, promote efficiency in operations, ensure the reliability of information, and facilitate the achievement of an entity's goals.
The components of an internal control system include establishing policies and procedures; designing controls to ensure those policies and procedures are followed; establishing communication channels between personnel responsible for implementing the controls; providing training on relevant policies and procedures; conducting risk assessments; monitoring performance through regular reviews or audits; and making appropriate adjustments as needed.
Management is ultimately responsible for maintaining effective internal controls. The board of directors should oversee the design and implementation of the system, while management is responsible for ensuring that controls are in place and operating effectively. Additionally, internal auditors may be employed to provide an independent evaluation of internal control systems.
True Tamplin is a published author, public speaker, CEO of UpDigital, and founder of Finance Strategists.
True is a Certified Educator in Personal Finance (CEPF®), author of The Handy Financial Ratios Guide, a member of the Society for Advancing Business Editing and Writing, contributes to his financial education site, Finance Strategists, and has spoken to various financial communities such as the CFA Institute, as well as university students like his Alma mater, Biola University, where he received a bachelor of science in business and data analytics.
To learn more about True, visit his personal website or view his author profiles on Amazon, Nasdaq and Forbes.