Internal control, in the context of accounting and auditing, refers to the procedures and processes put in place by a company to ensure the integrity of financial and accounting information, meet operational and strategic goals, and respond to an array of business risks.
Internal controls are designed to safeguard assets, produce reliable financial reports, ensure compliance with laws and regulations, and facilitate effective and efficient operations. They are also intended to prevent and detect fraud.
Internal control systems are influenced by the board of directors, management, and other personnel and are designed to provide reasonable assurance regarding the achievement of objectives in the following categories:
- Effectiveness and efficiency of operations: Controls are put in place to ensure that the company’s operations are managed effectively and efficiently, and that resources are adequately safeguarded.
- Reliability of financial reporting: Controls are used to ensure that all financial reporting is accurate and reliable, facilitating sound decision-making.
- Compliance with laws and regulations: Controls help ensure that the business is compliant with all relevant laws, regulations, and standards, thus avoiding penalties and reputational damage.
There are several types of internal control, including:
- Preventive controls: Designed to discourage errors or irregularities from happening (e.g., segregation of duties, approvals, and reconciliations).
- Detective controls: Designed to identify an error or irregularity after it has occurred (e.g., surprise cash counts, inventory counts, and audits).
- Corrective controls: Designed to correct identified errors or irregularities (e.g., backup copies of files, insurance policies, and disaster recovery plans).
The internal control system’s effectiveness can be evaluated through ongoing monitoring, periodic reviews, and audits. However, it’s important to note that no internal control system can offer absolute assurance due to inherent limitations, such as the potential for human error or circumvention by collusion.
Example of Internal Control
Let’s consider a hypothetical retail business “FastFashions Inc.” to illustrate some examples of internal controls:
- Preventive Controls:
- Segregation of Duties: At FastFashions, the cashier who collects cash from customers is not the same person who records these transactions in the company’s financial system. This division of responsibilities reduces the risk of fraud or theft.
- Approvals: All refunds to customers that exceed a certain amount must be approved by a store manager. This policy helps prevent fraudulent refunds.
- Detective Controls:
- Regular Inventory Counts: Periodic physical counts of inventory are performed and compared to the inventory records in the company’s financial system. This helps to detect any discrepancies, which might indicate theft, loss, or record-keeping errors.
- Reconciliation of Bank Statements: The company’s bank statements are regularly reconciled with the company’s cash account records. This helps to detect any errors or irregularities in cash handling or recording.
- Corrective Controls:
- Backup Copies of Files: FastFashions maintains backup copies of all its financial records. In case of a data loss event, these backups can be used to restore lost information.
- Insurance Policies: FastFashions maintains insurance coverage for various risks, including theft and property damage. If a loss is detected, the insurance can help to mitigate the financial impact.
- Other Controls:
- Training and Supervision: FastFashions provides regular training to its employees on policies and procedures, such as handling customer payments and managing inventory. Employees are also supervised to ensure that they are following correct procedures.
Through these and other internal controls, FastFashions works to ensure the integrity of its financial information, protect its assets, and operate effectively and efficiently.