Embed Size (px)
Citation preview
Introduction
Internal control
In accounting and auditing, internal control is defined as a process affected by an organization's
structure, work and authority flows, people and management information systems, designed to
help the organization accomplish specific goals or objectives.[1] It is a means by which an
organization's resources are directed, monitored, and measured. It plays an important role in
detecting and preventing fraud and protecting the organization's resources, both physical (e.g.,
machinery and property) and intangible (e.g., reputation or intellectual property such as
trademarks
Roles in Internal Controls
Establish the “tone at the top” and promote an ethical business environment by providing
structure, feedback, and discipline.
Assess risks specific to your operations and develop a control system to address risks that
could prevent achieving established goals.
Establish and maintain control activities such as reconciliations, approvals, and review of
operating activities.
Ensure appropriate access to and use of university information and systems.
Monitor control system and activities to identify and correct breakdowns timely.
Objectives of Internal Control
Internal controls are the methods and procedures designed by management to safeguard assets
and to manage resources. It’s the system of checks and balances. A system of internal control
serves to minimize errors in the accounting records and to deter fraud, embezzlement and theft
by employees, customers and vendors. The system of internal control provides reasonable
assurance of the following:
Reliable financial and operational reports.
Efficient and effective operations.
Compliance with applicable state and federal laws and/or regulations and university
policies and procedures.
As department head, you are responsible for setting the “tone at the top” of your department’s
control environment and ensuring that adequate controls are included in your daily operations. In
plain language, a system of internal controls is essentially a system of checks and balances. This
system of checks and balances over financial transactions is needed for much the same reasons
why such systems are needed for democratic governments: absolute power leads to undesirable
results. In government, absolute power can result in despotism; total control by one person over
financial transactions can result in theft or fraud.
Components of Internal Control
Types of Internal Controls:
Detective controls are designed to detect errors or irregularities that may have occurred.
Corrective controls are designed to correct errors or irregularities that have been detected.
Preventive controls are designed to keep errors or irregularities from occurring in the first
place.
Types of Control Activities:
Approvals
Authorizations
Verifications
Reconciliations
Review of operating performance
Security of assets
Segregation of duties
Why are monthly reconciliations and reviews so important?
Monthly reviews of reconciliations prepared by your staff and the concurrent reviews of the
detail transactions posted to the funds in your department are some of the most important internal
accounting control procedures that you will perform. Reviews and reconciliations are detective
controls. They accomplish two primary objectives. First, these reviews are one of the key
processes in the system of checks and balances (internal controls) needed in your department to
prevent fraud, theft, or inappropriate use of public funds. Second, these monthly reviews can also
enable you to assess the effectiveness and efficiency of the business practices in your
department.
Obviously, as department head you must delegate responsibility and authority for some of the
clerical and administrative functions of your department to the staff and/or faculty you supervise.
To build effective working relationships with such employees, you must trust these employees to
do the right thing and treat them with respect. On the whole, the university is very fortunate to
have honest and dedicated employees, however, as in any company, not all employees are
deserving of your trust. Absolute trust is not appropriate: you cannot abdicate your responsibility
for oversight and management reviews of the financial and administrative duties of your
department. The majority of the frauds and thefts occurring in university departments resulted
from inadequate reviews by department heads. Such inadequate reviews have enabled seemingly
honest and trustworthy employees (faculty and staff) to steal thousands of dollars per month over
a period of years in several departments. These employees didn’t need a gun to steal; they just
needed an overly trusting department head.
What elements compose Internal Controls?
Internal control consists of five interrelated components: the control environment, risk
assessment, control activities, information and communications, and monitoring. Each of these
components is an integral part of the management process and plays a specific role in
departmental internal control procedures.
Control Environment: The control environment sets the tone of an organization,
influencing the control consciousness of its people. It is the foundation for all other
components of internal control, providing discipline and structure. Control environment
factors include the integrity, ethical values, and competence of the organization’s people;
management’s philosophy and operating style; the way management assigns authority
and responsibility, and organizes and develops its human resources; and the attention and
direction provided by the board of visitors.
Risk Assessment: Every organization faces a variety of business risks from external and
internal sources that must be assessed. A precondition to risk assessment is establishment
of objectives, linked at different levels and internally consistent. Risk assessment is the
identification and analysis of relevant risks that may prevent the achievement of
established objectives.
Control Activities: Control activities are the policies and procedures implemented by
management to ensure management directives are carried out to meet organizational
objectives. They are designed to address risks that could prevent achieving the
organization’s objectives. Control activities occur throughout the organization, at all
levels and in all functions. Each department is unique, and only the most basic of control
activities are specifically outlined in university policy and procedures. The department
head is responsible for identifying other appropriate control activities to address the
unique risks to which his or her department may be exposed.
Information and Communication: Pertinent information must be identified, captured, and
communicated in a form and time frame that enables people to carry out their
responsibilities. Effective communication also must occur in a broader sense, flowing
down, across, and up the organizational structure. All personnel must have a means of
communicating significant information upstream. The department must also effectively
communicate with external parties, such as students, sponsors of research, alumni, and
administrative departments. The administrative departments are here to assist you in
achieving your operational goals without violating applicable laws, regulations, or
policies. If you are unsure of the legal and/or business risks associated with a particular
transaction, it is definitely NOT “better to ask forgiveness than request permission.”
Monitoring: Effective monitoring is a process that assesses the quality of the system’s
performance over time. It includes the regular management and supervisory activities as
well as separate evaluations by central units, Internal Audit, or other independent parties.
Limitations of Internal Controls
No matter how well internal controls are designed, they can only provide reasonable assurance
that objectives will be achieved. Segregation of duties decreases the chances of controls being
circumvented through collusion, but controls can still break down through human error and
judgment, as well as management override. Management override should not be confused with
management intervention, which represents management actions to depart from prescribed
policies and procedures for legitimate purposes. Internal control deficiencies should be reported
to the department head and/or dean, with serious matters reported to executive management.
Internal Control Process Objectives
A well-designed process with appropriate internal controls should meet most if not all of the
system’s control objectives. A system of internal control can be evaluated by assessing its ability
to achieve seven commonly accepted control objectives:
Authorization: All transactions are pre-approved by responsible personnel.
Completeness: All valid transactions are included in the accounting records.
Accuracy: All valid transactions are accurate, consistent with the originating transaction
data, and information is recorded in a timely manner.
Validity: All recorded transactions fairly represent the economic events that actually
occurred, are lawful in nature, and have been executed in accordance with management’s
general authorization.
Physical Safeguards and Security: Access to physical assets and information systems are
controlled and properly restricted to authorized personnel.
Error Handling: Errors detected at any stage of processing receive prompt corrective
action and are reported to the appropriate level of management.
Segregation of Duties: Duties are assigned to individuals in a manner that ensures that no
one individual can control both the recording function and the procedures relative to
processing a transaction.
Payroll Cycle System
Wages are one of the major portions in the total cost of production. There is always a chance of
fraud in wage payment. Therefore, an effective administrative and accounting control system
must be implemented by the management to minimize fraud and to keep the labor cost minimum.
As already stated a number of departments are set up for the effective utilization of labor force
and its proper accounting and controlling. These departments are required to work in a
coordinated manner and to support the management in controlling labor cost by recording and
reporting their activities on regular basis. The management should evaluate and revise its
controlling system to find out leakages and to stop such leakages in time. Fraud in wage payment
may result in various ways like inclusion of dummy worker in pay-roll, manipulating hours,
recording extra overtime, using a wrong wage rate and registering absent workers.
Payroll Cycle Activities
Seven basic activities performed in the payroll cycle:
1) Update payroll master file.
2) Update tax rates and deductions.
3) Validate time and attendance data.
4) Prepare payroll.
5) Disburse payroll.
6) Calculate employer paid benefits and taxes.
7) Disburse payroll taxes and miscellaneous deductions.
Payroll is an AIS application that is processed in the batch mode.
