What Is Internal Control? Show
Internal controls are detective, corrective, or preventive by nature. Detective controls are designed to detect errors or irregularities that may have occurred. Corrective controls are designed to correct errors or irregularities that have been detected. Preventive controls, on the other hand, are designed to keep errors and irregularities from occurring in the first place. Controls may be automated, manual or hybrid. Internal Control Concepts Control Environment - This sets the tone of the organization, influencing the control consciousness of its people. It is the foundation for all other components of internal control, providing discipline and structure. Control environment factors include the integrity, ethical values and competence of the organization's people; management's philosophy and operating style; the way management assigns authority and responsibility; how it organizes and develops its human resources; and the attention and direction provided by the Board of Visitors. Risk Assessment Control Activities Transaction Authorizations - to ensure that all transactions are approved by responsible personnel in accordance with their specific or general authority before the transaction is recorded. Examples: Authorized signatures should be on all purchase orders, travel vouchers, key request forms, etc.; validation that the person signing the form is an authorized signee for the department. Documentation - all back-up documentation required is properly maintained. Review For Completeness - to ensure that no valid transactions have been omitted from the accounting records. Accuracy - to ensure that all valid transactions are accurate, consistent with the originating transaction data, and information is recorded in a timely manner. Examples: Comparison of book and bank balances and accounting for differences; comparison of time records to payroll payment records; monthly review of expenditures posted to the budget with expenditure documentation on hand. Validity (fairly represents events) to ensure that all recorded transactions fairly represent the economic events that actually occurred, are lawful in nature, and have been executed in accordance with management's general authorization. Example: Determination that expenditures are allowable per University and State guidelines. Physical Safeguards - to ensure that access to physical assets and information systems is controlled and properly restricted to authorized personnel. Examples: Office doors are locked, when no one is present, to guard against theft of office furniture and equipment; periodic inventories are taken to confirm the existence of assets; to protect the integrity of the data, passwords are not shared or revealed. Error Handling - to ensure that errors detected at any stage of processing receive prompt corrective action and are reported to the appropriate level of management. Segregation Of Duties - to ensure that duties are assigned to individuals in a manner that ensures that no one individual can control both the recording function and the procedures relative to processing a transaction. Examples: The petty cash custodian maintains funds and submits receipts for reimbursement; the review of receipts and approval of reimbursement is performed by someone other than the custodian; receipting, recording, and reconciliation of funds should not be under the complete control of one individual. A well designed process with appropriate internal controls should meet most if not all of these control objectives. Additional information about assessing internal controls activities. Information and Communication Monitoring Benefits And Weaknesses of Internal Controls In an organization where controls are weak or non-existent, a number of problems can result, such as:
Who Is Responsible For Internal Control? Internal and external auditors are responsible for making periodic reviews of internal controls to determine if they are functioning as intended. Limitations of Internal Control What are the 5 components of internal controls?There are five interrelated components of an internal control framework: control environment, risk assessment, control activities, information and communication, and monitoring.
What are the 4 types of internal controls?Preventive Controls
Separation of duties. Pre-approval of actions and transactions (such as a Travel Authorization) Access controls (such as passwords and Gatorlink authentication) Physical control over assets (i.e. locks on doors or a safe for cash/checks)
What are the 3 types of internal controls?Internal controls fall into three broad categories: detective, preventative, and corrective.
Which of the internal control components provides the foundation for all the other components of internal control?Control Environment
This is the foundation for all other components of internal control, providing discipline and structure.
|