There are forces at work to stop a business from achieving its objectives. To make sure it achieves its objectives, the business takes measures to stop those forces from negatively impacting the business. We call the forces that threaten the business, risk. The counter measures to stop these forces are controls. Effective internal control affects the success or failure of the business.
In this article we discuss internal control and the components that make them effective..
What are internal controls?
[i]Internal control is a process, effected by an entity’s board of directors, management, and other personnel, designed to give reasonable assurance of achieving objectives relating to operations, reporting and compliance.
The definition emphasizes that internal control is:
- Geared towards achievement of objectives in one or more separate overlapping categories – operations, reporting and compliance.
- A series of ongoing tasks and activities.
- Performed by people – it is not about policy and procedure manuals, systems, and forms, but people and the actions they take at every level of an organization to effect internal controls.
- Able to give reasonable assurance – but not absolute assurance, to an entity’s senior management and board of directors.
Components of internal control
A good internal control arrangement has five components that work together to achieve the goals set. The five components are:
- Control environment
- Risk assessment
- Control activities
- Monitoring activities
A supportive environment is necessary for controls to work. Some control environments promote good controls, whilst others hinder them.
A good control environment enables the components of internal control to work effectively.
The factors that influence the control environment are management’s philosophy, operating style, ethical values, and commitment to competence.
Risk is the possibility that an event will occur that affects the entity’s ability to achieve its objectives. It is important because it affects the entity’s ability to succeed.
Risk assessment is a means for finding and analyzing risks to achieving the entity’s objectives. The management assesses thenature, effect and likelihood of occurrence of the risks identified to decide how to manage them.
Management issues directives to mitigate risks to achieving its objectives. Control activities are the actions, required by policies and procedures, to prevent or mitigate risk.
Control activities occur daily at every level of the entity, and at various stages within business processes.
Information and communication
To carry out its internal control obligations, the entity needs information. Communication provides the information needed to do day-to-day controls.
Communication enables personnel to understand internal control responsibilities, and their importance to achievement of objectives.
Monitoring activities are periodic reviews of the system of internal control to establish whether it is effective.
Ongoing evaluation is used to find out whether each of the five components of internal controls are present and working as intended.
The reviewer communicates his findings to management for action.
Why is internal control important?
Internal control helps an entity to realize its mission, goals and objectives.
An effective internal controls system:
- Promotes effective operations.
- Safeguards resources against loss from waste, abuse, mismanagement, errors and fraud.
- Promotes adherence to laws and regulations, policies and procedures.
- Helps to produce reliable and timely financial reports.
- A business faces many risks. Risk is anything that will prevent the business from achieving its goals.
- Internal controls are deliberate measures to prevent or mitigate risks to achieving its goals.
- To have effective controls, the five components must be present and functioning.
Do you have adequate controls? Are the five components present? You can use these ideas to assess your internal control.