Every day, during the normal course of our lives, we encounter numerous controls or safeguards.
Whether your place of work requires an identification badge or a key fob, a password to log onto your computer or an access code to use a copier, controls are a way of life.
Internal control is a process. It’s a series of actions that govern an organization’s activities, put into effect by the board of directors, management and other personnel, designed to provide reasonable assurance in:
Primary internal controls
Internal controls are defined in five broad categories:
A financial statement audit determines whether an organization’s financial statements are free of material misstatement.
Auditors may assess risk at the maximum and not rely on the internal control system while performing their audit. Therefore, internal controls may not be tested as thoroughly because the auditors rely more on substantive testing.
In contrast, an internal control review determines whether internal controls exist and are sufficient. And it may test whether the controls are working as designed.
Evaluating internal control involves:
Taking responsibility for internal control
The board of directors is ultimately responsible for a company’s system of internal control. It should set appropriate policies on internal control and seek regular assurance that the system is functioning effectively.
It is the role of management to implement the board’s policies on risk and control. Management should identify and evaluate the risks faced by the company for consideration by the board. And management should design, operate and monitor a suitable system of internal control to meet the board’s intent.
Additionally, all employees have some responsibility and accountability within the internal control environment. They should have the necessary skill, knowledge and authority to operate and monitor the system of internal control that is put in place.
Reviewing internal controls
Internal controls go beyond safeguarding an organization from financial loss. They can also assist in maintaining reliable financial reporting and maximizing effective operations.
The best way to protect and ensure that your organization is operating efficiently is to have an internal control review performed on your operation. Whether you’re a for-profit, not-for-profit or governmental entity, your current practices should be compared against peers in your sector.
The goal is twofold:
An internal control review can highlight weaknesses in the internal control structure or expose processes that could be strengthened to maximize efficiency. Detailed recommendations to mitigate risk or strengthen areas of weakness should be included in a formal report issued to the board of the organization.