Nature: Internal control is not necessarily a control over finance only. Its scope is wider. It covers the control of the whole management system. The control may be financial or even non-financial. But the main objectives are to safeguard all the assets of the entity, to run the business smoothly and to have accuracy and reliability of all the records. So the control may spread even to the books of accounts. The internal control may be in respect of production or even quality.
The internal control is the responsibility and function of the management. The management is responsible not only for establishing an adequate system of internal control but also to see that such an adequate system is maintained throughout. Where internal control is good, the recording of fictitious or fraudulent transactions would be rare. Chances of fraud in accounts or in documents would be reduced to the minimum. Where, however, there is no system of internal control or such a system in inadequate, the chances of fraud and error may be more.
The auditor should study and evaluate the internal control existing in the organization of the client. He should ascertain whether the system is adequate or otherwise. On the evaluation of internal control will depend the extent of the test checks which the auditor may apply during the audit of such organization.
International Control Defined
Internal control system is defined by ISA as follows:
“The internal control system means all policies and procedures (internal control) adopted by the management of an entity to assist in achieving management objective of ensuring, as far as practicable the orderly and efficient conduct of its business, including:
a. Adherence to management policies.
b. Safeguarding of assets.
c. Prevention and detection of fraud and error.
d. Accuracy and completeness of accounting records.
e. Timely preparation of financial statements.
2. Millichamp has defined the expression internal control as:
Internal control system—the whole system of controls, financial and otherwise, established by the management in order to carry on the business of the enterprise in an orderly and efficient manner, ensure adherence to management’s policies, safeguard the assets and secure as far as possible to completeness and accuracy of the records.
Note: The individual components of an internal control system are known as controls or internal controls.
From the above definition the following salient points emerge:
a. Whole system: Internal control can be seen as a whole system rather than as single system.
b. Financial and otherwise: Financial includes the use of control accounts and otherwise includes physical access restriction to computer terminals.
c. Established by management: Internal control is established by management either directly or by means of external consultants, internal auditor accounting personnel.
d. Carry on-efficient manner: This is acceptable to every business.
e. Ensure adherence to management policies: Budget or selling prices are expressions of management policies and adherence to them can be achieved by variance analysis.
f. Safeguarding assets: Assets are not to be allowed to be broken, lost or stolen – there must be locks and keys. An assets register should be kept. The debtors’ balances should be reviewed regularly.
g. Secure-Completeness: All transactions should be recorded and processed.
h. Accuracy of records: This includes the checking of work of one person by another.