Internal Control may be of following types:
a. Organisation
b. Segregation of duties
c. Physical
d. Authorisation and approval
e. Arithmetical and accounting
f. Personnel
g. Supervision
h. Management
i. Acknowledgment of performance
j. Budgeting
Organization: An entity should have a plan of organisation which should define and allocate responsibilities, and identify the line of reporting.
Segregation of duties: A single person should not handle recording and processing of a complete transaction. Several persons should be entrusted with these works. Functions that should be separated are: initiation, authorisation, execution, custody, issues of delivery order, and recording.
Physical: Physical custody and access: Authorisation and approval. All transaction should require authorisation or approval by a senior auditor and his limits of authority be specified.
Arithmetical and Accounting: This can be achieved through arithmetical accuracy of records, and checking of totals, reconciliations, control accounts, trial balance, accounting of documents.
Personnel should be designated to ensure that the task assigned has been properly done.
Supervision: All actions at all levels of authority should be supervised.
Management: Certain controls should be enforced like, services by management, comparison with budgets, internal audit, or any special services procedure.
Acknowledgement of performance: Persons doing the work must initial, or put rubber stamp to identify responsibility.
Budgeting is the common technique used in business.
Components of Internal Control
Internal control comprises of the following
a. Control environment
b. Control procedures
(a) Control Environment: Control environment has been defined by (ISA 6.8) as:
Control environment means the overall attitude, awareness and actions of directors and management regarding internal control and their importance in the entity. The control environment encompasses the management style, and corporate culture and values shared by all employees.
Factors reflected in the control environment include:
1. Function of the directors and its committees.
2. Management philosophy and operating style.
3. Entity’s organizational structure and methods of assigning authority and responsibility.
4. Management’s control system including internal audit function, personal policies and procedures.
Control Procedures are those policies and procedures in addition to the control environment which are established to provide a management with procedure so that specific entity objectives are achieved.
Specific control procedures include:
1. Reporting, review and approving reconciliations.
2. Checking arithmetical accuracy of records.
3. Controls over computerized application and information technology environment.
4. Maintaining and reviewing control accounts and trial balances.
5. Approving and controlling documents.
6. Comparing internal data with external sources of information.
7. Comparing results of cash, security and inventory accounts with accounting records.
8. Limiting direct physical access to assets and records.
9. Comparing and analyzing financial results with budget.
Essential Features of Internal Control
A system of internal control will have the following features or characteristics.
1. Plan of organization
2. Authorization, recording and control procedures.
3. Sound practice in performance of functions.
4. Competency of personnel
1. Plan of organization: It should establish clear line of duties, responsibilities, segregation of operations, and subordination of each member of the staff. Organization structure must provide for adequate independence for various functions performed at different levels. The division of duties should be such that activities of a department are controlled by records maintained outside it.
2. Authorization, recording and control procedures: They should ensure that (a) every item of expenditure has been properly authorized and accounted for, (b) every item of receipt has in fact been received and accounted for, (c) there is proper custody of the funds and assets, and (d) there is no misapplication or misuse of any property of the enterprise.
3. Sound practice in performance of functions: An effective system of internal check should lie down that no single person should alone handle any transaction completely from beginning to end. The system should provide that the work of one person will be checked by another, the management shall be able to detect errors and frauds.
4. Competency of personnel: It means the competency of departmental heads, key personnel and all persons performing routine tasks at different levels. This will require proper selection, training, effective direction, supervision and control, quick corrective action to avoid violation of prescribed procedures.
Auditor’s Interest in Internal Control
In the case of a large enterprise and sometimes even in case of a medium sized organization, it is not possible for the auditor to complete the audit if he indulges himself in verifying all, or even a major portion of the transactions. In such situation he should apply sampling technique in carrying out a routine verification of transaction. In order to determine up to what extent he can reduce his work would depend upon the effectiveness of the internal control system. So there should be a proper study and evaluation of the existing internal control as a basis for reliance thereon and for the determination of the resultant extent of the tests to which auditing procedures are to be restricted.
An auditor is only interested in assessing policies and procedures which are relevant to financial statement assertions. The understanding of relevant aspects of the accounting and internal control system enables the auditor.
a. to assess the adequacy of the accounting system as a basis for preparing the financial statement.
b. to identify the types of potential misstatement that could occur in the financial statement.
c. to consider the factors that effect the risks of misstatements, and
d. to design appropriate audit procedure.
The auditor should place reliance on internal controls, only after ascertaining and evaluating these controls. If the auditor has reasons to believe that a client has set up a strong system of internal control, the reliance on that system will help the auditor to reduce the detailed checking which would otherwise be undertaken.