Internal controls are simply policies and procedures that are implemented to deter or prevent business related internal theft by employees. Most of these controls involve the accounting system and the related books and records of the business. When effective internal controls are in place, employees will usually have to collude to facilitate a theft. Internal controls are designed to ensure:
• Safeguarding of assets
• Prevention and detection of fraud or error
• Accounting records are accurate, complete and up-to-date
• Compliance with relevant laws and restrictions
• Employees are protected - from themselves and each other
There are two important aspects of an internal control system: the control environment, and the control procedures that take place within that environment.
The control environment includes the management style, organisational values and culture. Do management lead by example? Is recruitment done fairly, or is there nepotism? Is priority given to induction, training and internal audit? Are procedures written down and shared?
You can have the best designed control procedures in the world, but in a poor control environment they simply won’t be effective.
Nearly all internal control procedures fall into one of seven categories:
• Physical verification – cash counts, asset verification and stock counts
• Limited access – locks, passwords and bank signatories
• Standard documents – standard formats for receipts, payment vouchers, requisitions, local purchase orders, travel allowance sign sheet etc
• Segregation of duties – making sure not one person can carry out a transaction from beginning to end, no self review or self authorisation. We see this in action in a Procurement process.
• Checks and balances – Balancing the manual cashbook, double entry controls over accounting records, reviewing the bank reconciliation
• Approval and authorisation – budget holders approval of...