This refers to the various types of control procedures that management can put in place in running the operations of the company. The mix of types of controls implemented by management will depend on the control objectives in each accounting area.
- Organizational plans/controls
Companies should have proper organisation plans.
They seek to ensure that the entity is properly departmentalised. The functions of every department are specified and the duties of every individual in the department are specified. Delegation of authority and limits of authority should be well and clearly defined. Such a plan boosts accountability within the organisation and reduces duplication of effort.
- Segregation of duties
This refers to the separation of the various duties and responsibilities such that one person cannot process and record complete transactions from beginning to the end without being checked by another person. E.g. in the purchase of a company’s fixed assets a single individual should not authorise the purchase, place the order, receive the asset and record the transaction in the accounting records.
To minimise the risk of error and/or intentional manipulation of information. In this regard for every transaction the following functions should be performed by different individuals and departments as much as possible and practicable.
- Authorisation- different levels of management should be given authority limits as to what they can authorise or commit the company’s resources. The authority limit should depend on the position, integrity, qualifications and competence.
- Execution- transactions should be carried out by persons independent from those who authorise the transactions. If one person authorises expenditure a different person should execute.
- Custody of the asset- officials authorisin/executing a transaction should not have custody to the assets arising out of the transaction.
- Segregation of duties also covers internal check which refers to the activities of one person must be complementary to the activities of another or subjected to independent checking.
- Physical controls
These are security measures concerned with the custody of assets by limiting access to authorised people only.
Restriction of access to valuable assets to only authorised persons. There should be direct measures and indirect measures.
Direct measures include:-
- Lock and key
- Watchmen or guards
- Proper fence
- Closed circuit TV’s
Indirect measures will include documentation of all transactions. Controls aim at restricting valuable, portable, exchangeable and desirable assets.
- Authorisation and approval
Authorisation should be done by responsible persons. In other words a transaction that commits organisation’s resources should be subject to authorisation and approval by a responsible official. The limits for authorisation should also be specified.
- Arithmetical and accounting control.
These are controls within the accounting function, which check that transactions are authorised, correctly and accurately recorded. This is aimed at ensuring completeness and accuracy of the accounting records.
Key features are:
- Use of standardised documentation raised at every stage of the transaction.
- Use of pre-numbered documents.
- Documents should be issued in sequence.
- Monitor movement of documents by use of a register.
- Production of exceptional reports for example when a local purchase order has been raised and the order has not been fulfilled by the supplier.
- Reconciliation between the different accounts and related control accounts.
Proper functioning of any system is dependent on the competence and integrity of those operating it. The entity must therefore recruit competent staff who have integrity. Staff should be assigned responsibilities that match their capabilities. Staff should undergo proper training to ensure that the company’s operations are carried out in the best way possible.
Day to day transactions and their recording should be subjected to supervision by competent responsible officials.
- Management controls
These controls are exercised by management outside the day to day routine of the system. They include:
- Review of management accounts.
- Comparison of actual performance with budgets.
- Internal audit function.
- Any other special review procedures.
- Rotation of duties
Duties should be rotated between personnel at the same level. Staff should be encouraged to take annual leave.
- Routine and automatic checks.
These are checks conducted on routine duties and operations to ensure that they are operating efficiently. Such checks are conducted on a surprise basis to minimise errors and frauds. These include controls such as surprise cash counts and physical inspection of fixed assets.
- Internal audit
This is a control function set up by management to review the accounting and internal control systems. Internal audit carries out continuous evaluation of the operating effectiveness of the internal control policies and procedures. The findings and recommendations are reported to management. Refer below
Limitations of the internal control system- ISA 400 Paragraph 14
No internal control system, however elaborate, can be by itself guarantee efficient administration and completeness and accuracy of the records nor can it be proof against fraudulent collusion, especially on the part of those holding positions of authority and trust. This is mainly due to the following inherent limitations of an internal control system:
- Management has to ensure that the benefits expected from an internal control system outweigh the costs. As a result certain important controls might not be put in place due to the costs involved. e.g. a small entity might not have the resources to employ sufficient staff to ensure proper segregation of duties.
- Most internal controls tend to be directed towards routine transactions rather than non-routine transactions. This leaves gaps that can be exploited.
- Human error due to carelessness, distraction, mistakes of judgement and misunderstanding instructions could undermine the internal control system.
- Controls could be circumvented through collusion by a member of management or an employee with persons outside or inside the entity.
- Abuse of responsibility e.g. a member of management overriding an internal control
- The possibility that procedures maybe inadequate due to changes in conditions.