Internal control definition
/What is Internal Control?
Internal control is a set of activities that are layered onto the normal operating procedures of an organization, with the intent of safeguarding assets, minimizing errors, and ensuring that operations are conducted in an approved manner. Another way of looking at internal control is that these activities are needed to mitigate the amount and types of risk to which a firm is subjected. Controls are also useful for consistently producing reliable financial statements.
A key concept is that even the most comprehensive system of internal control will not entirely eliminate the risk of fraud or error. There will always be a few incidents, typically due to unforeseen circumstances or an exceedingly determined effort by someone who wants to commit fraud.
Outside auditors may rely upon a company’s system of internal controls when planning an audit. If the firm has a robust system of internal controls, then the auditors will test the reliability of those controls, and then reduce their other audit activities. The result is a more efficient and less expensive audit. Conversely, if the organization has poor internal controls, then the auditors must include substantially more audit procedures in their plan, which drives up the cost of the audit. In short, a robust system of internal control can reduce the price of the year-end audit. This is a significant issue for publicly-held companies, which spend inordinate amounts on annual audits and quarterly reviews by their auditors.
Related AccountingTools Courses
Accounting Procedures Guidebook
Disadvantages of Internal Control
Internal control comes at a price, which is that control activities frequently slow down the natural process flow of a business, which can reduce its overall efficiency. Control activities can also be expensive, especially in terms of the extra time required by employees to perform them. Consequently, the development of a system of internal control requires management to balance risk reduction with efficiency. This process can sometimes result in management accepting a certain amount of risk in order to create a strategic profile that allows a company to compete more effectively and at a lower cost, even if it suffers occasional losses because controls have been deliberately reduced.
Internal Controls and Organization Size
A system of internal controls tends to increase in comprehensiveness as a firm increases in size. This is needed, because the original founders do not have the time to maintain complete oversight when there are many employees and/or locations. Further, when a company goes public, there are additional financial control requirements that must be implemented, especially if the firm's shares are to be listed for sale on a stock exchange. Thus, the cost of controls tends to increase with size.
Preventive Controls
Preventive controls are intended to keep a loss from occurring in the first place. For example, a business could segregate certain duties and install physical protections for assets. Ideally, these controls are fully integrated into a process, so that they can be applied on an ongoing basis. Preventive controls are most commonly employed when the perceived risk of loss is high; using the controls in these situations lowers the risk of a loss ever occurring.
Detective Controls
Detective controls are intended to identify issues after they have occurred. Once these issues have been identified, managers can take steps to reduce the risk of their re-occurrence, typically by altering the underlying process. For example, a physical inventory count can spot cases in which actual inventory quantities are lower than what is recorded in the accounting records. Or, a bank reconciliation is used to detect unexplained withdrawals from a savings account.
Related Articles
Components of an Internal Control System