Big Picture D

Week 8-9 : Unit Learning Outcomes (ULO): At the end of the unit, you are
expected to:
a. Understand the concept of Internal Control, explaining the adequacy and
effectiveness of the compliance system, internal compliance reporting
mechanism and ensuring the best practices available for the good
governance principles for compliance issues..

Metalanguage
In this section, the most essential terms relevant to the study of curriculum
and to demonstrate ULOa will be operationally defined to establish a common frame
of refence as to how the texts work in your chosen field or career. You will encounter
these terms as we go through the study of taxation. Please refer to these definitions
in case you will encounter difficulty in the understanding educational concepts.
1. Internal Control. As defined in accounting and auditing, is a process for
assuring achievement of an organization’s objectives in operational
effectiveness and efficiency, reliable financial reporting, and compliance with
laws, regulations and policies. It is a means by which an organization’s
resources are directed, monitored, and measured. It plays an important role in
detecting and preventing fraud and protecting the organization’s resources,
both physical (e.g., machinery and property) and intangible (e.g., reputation or
intellectual property such as trademarks).

Essential Knowledge
To perform the aforesaid big picture (unit learning outcomes) for the first two
(2) weeks of the course, you need to fully understand the following essential
knowledge that will be laid down in the succeeding pages. Please note that you are
not limited to exclusively refer to these resources. Thus, you are expected to utilize
other books, research articles and other resources that are available in the
university’s library e.g. ebrary, search.proquest.com etc.

65
 I. Internal Control

1.0 Concept

 At the organizational level, internal control objectives relate to the reliability of

financial reporting, timely feedback on the achievement of operational or
strategic goals, and compliance with laws and regulations.

 At the specific transaction level, internal controls refers to the actions taken to
achieve a specific objective (e.g., how to ensure the organization’s payments
to third parties are for valid services rendered.) Internal control procedures
reduce process variation, leading to more predictable outcomes.

 The International Standard on Auditing 315 (SA 315) defines internal control.
According to SA 315 the internal control is

 “the process designed, implemented and maintained by those charged with

governance, management and other personnel to provide reasonable
assurance about the achievement of an entity’s objectives with regard to
reliability of financial reporting, effectiveness and efficiency of operations, and
compliance with applicable laws and regulations. The term “controls” refers to
any aspects of one or more of the components of internal control.”

2.0 Nature of Internal Control

 The nature of internal control is to establish preventing measures in the

organization. It follows the principle that key activities in the organizations
should be processed by one person and be checked by the independent
person so that mistake at one stage may be checked by another independent
person. This prevents the occurrence of the fraud and so of deliberate
attempts made any insider may be withheld at once. Thus the nature of the
internal control is preventive.

From the definition provided by the SA 315 the nature of the internal control
depicts the following points:

 Internal control is a process designed, implemented and

maintained by those charged with the governance, management
and other personnel.

 It provides reasonable assurance about the achievement of an

entity’s objectives in the categories of financial reporting,
effectiveness and efficiency of operations, safeguarding of
assets and compliance with applicable laws and regulations.

65
3.0 Classification of Internal Control

3.1 Accounting Controls

Accounting controls comprise the plan of organisation and all methods and
procedures that are concerned mainly with and relate to, the safeguarding of
assets and the reliability of the financial information. They generally include
such controls as the system of authorisation and approval, separation of
duties concerned with record keeping and accounting reports from those
concerned with operations of assets custody, physical controls over assets
and internal auditing e.g. budgetary controls.

Internal control relating to accounting system aims at ensuring that:

o The transactions are executed in accordance with the
management’s authorization;
o All transactions are promptly recorded in an appropriate manner
to permit the preparation of financial information and to maintain
accountability for assets;
o The access to assets is permitted only in accordance with the
management authorization;
o The assets are reviewed and verified at reasonable intervals
and appropriate action is taken with regard to the variances.

3.1 Administrative Controls

A number of controls falling under operational controls can also be
administrative controls. Examples of operational controls are: quality control,
works standards, periodic reporting, policy appraisal etc. Administrative
controls are very wide in their scope. They include all other managerial
controls concerned with decision-making process.

They are concerned with the authorisation of transactions and include

anything from plan of organisation to procedures, record keeping, distribution
of authority and the process of decision-making. They include controls such
as time and motion studies, quality control through inspection, performance
budgeting, responsibility accounting and performance evaluation etc.
Administrative controls have an indirect relationship with financial records and
the auditor may evaluate only those administrative controls which have a
bearing on the financial records.

4.0 Elements of Internal Control

4.1 Segregation of duties

The division of an operation into a series of sub-operations undertaken by
different people allows for internal checks to take place. Such a control merely
reduces the chance of error or irregularity occurring, but it does not eliminate
the risk. It reduces the risk of intentional manipulation and error and increases
the element of checking. Function which should be separated includes those
of authorisation, execution, custody, and recording and in the case of a
computer based accounting system- systems development and daily
operations.

65
4.2 Organizational Structure
The structure or pattern of an organisation will mean system of arrangements
and relations as between various levels of personnel for carrying out of plans
and policies towards achievement of objectives for which the business stands.
Enterprises should have a plan of their organisation, defining and allocating
responsibilities and identifying lines of reporting for all aspects of the
enterprise’s operations, including the controls. The delegation of authority and
responsibility should be clearly specified. It is important that critical operations
are provided with the appropriate status and communications within the
organisations. A common cause of irregularity is imbalance between
responsibility, status and remuneration.

4.3 Objectives and Policy Statements

Objectives are the aims, goals, purposes or accomplishments which the top
management lay down and expect the staff members to achieve. The
functional segments of the company should comply with the policies, plans,
procedures, external laws and regulations and the work should be performed
in a coordinated manner.

Policies and procedures give an indication as to the nature of personnel

behavior in their functioning and reflect the attitude of management. Functions
of different staff members should be integrated in a manner that is
complementary and each acts as check on the other. For instance, wage
sheets should be prepared and checked by different set of staff and their
disbursement should be in the presence of a responsible official.

4.4 Authorization and Approval

All transactions should require authorization or approval by an appropriate
responsible person. The limits of these authorizations should be specified.
While designing procedures, provision should be made for proper
authorization, to establish full accountability for the actions taken.

4.5 Personnel
There should be procedures to ensure that personnel have capabilities
commensurate with their responsibilities. In fact, the proper functioning of any
system depends on the competence and integrity of those operating it. The
qualifications, selection and training as well as the innate personal
characteristics of the personnel involved are important features to be
considered in setting up any control system.

4.6 Management
Management is responsible for establishing, monitoring and reviewing the
systems of internal control. In practice, management may delegate the
reviewing function to internal auditor. It is, thus the duty of internal auditor to
provide management with reassurance concerning the efficiency and
effectiveness of internal controls.

65
 4.7 Records and Reports
The accounting and other records should be maintained accurately and
adequately so as to assist the management in formulating present and future
events in decision making and planning. In order to make reporting effective, it
should be timely, tailor-made and present all facts concerning problem areas,
assessments etc.

4.8 Accounting Controls

These are the controls within the recording function which check that the
transactions to be recorded and processed have been authorised, and that
they are all included and that they are correctly recorded and accurately
processed. Such controls include checking the arithmetical accuracy of the
records, the maintenance and checking of totals, reconciliations, control
accounts and trial balances, and accounting for documents.

4.9 Protections of Assets

These are concerned mainly with the custody of assets and involve
procedures and security measures designed to ensure that access to assets
is limited to authorised personnel. These include both direct access and
indirect access via documentation. These controls assume importance in the
case of valuable, portable, exchangeable or desirable assets.

4.10 Supervision
Any system of internal control should include the supervision by responsible
officials of day-to-day transactions and the recording thereof. The supervisory
role undertaken by staff should be allocated to those with proper training and
suitability to such a function.

5.0 Components of Internal Control

5.1 Control Environment
a. Communication and enforcement of integrity and ethical value.
b. Commitment to competence.
c. Participation by those charged to governance.
d. Management’s philosophy and operating style.
e. Organizational structure.
f. Assignment of authority and responsibility.
g. Human Resource policies and practices.

5.2 Entity’s Risk Assessment Process

For financial reporting purposes, the entity’s risk assessment process includes
how management identifies business risks relevant to the preparation of
financial statements in accordance with the entity’s applicable financial
reporting framework, estimates their significance, assesses the likelihood of
their occurrence, and decides upon actions to respond to and manage them
and the results thereof.

65
For example, the entity’s risk assessment process may address how the entity
considers the possibility of unrecorded transactions or identifies and analyzes
significant estimates recorded in the financial statements. Risks relevant to
reliable financial reporting include external and internal events, transactions or
circumstances that may occur and adversely affect an entity’s ability to
initiate, record, process, and report financial data consistent with the
assertions of management in the financial statements.

5.3 Information System, Including the Related Business Processes,

Relevant to Financial Reporting, and Communication:

An information system consists of infrastructure (physical and hardware

components), software, people, procedures, and data. Many information
systems make extensive use of information technology (IT). The information
system relevant to financial reporting objectives, which includes the financial
reporting system, encompasses methods and records that:
 Identify and record all valid transactions.
 Describe on a timely basis the transactions in sufficient detail to permit
proper classification of transactions for financial reporting.
 Measure the value of transactions in a manner that permits recording
their proper monetary value in the financial statements.
 Determine the time period in which transactions occurred to permit
recording of transactions in the proper accounting period.
 Present properly the transactions and related disclosures in the
financial statements.

5.4 Control Activities

Generally, control activities that may be relevant to an audit may be
categorized as policies and procedures that pertain to the following:

Performance reviews: These control activities include reviews and analyses

of actual performance versus budgets, forecasts, and prior period
performance; relating different sets of data – operating or financial – to one
another, together with analyses of the relationships and investigative and
corrective actions; comparing internal data with external sources of
information; and review of functional or activity performance.

Information processing: The two broad groupings of information systems

control activities are application controls, which apply to the processing of
individual applications, and general IT controls,which are policies and
procedures that relate to many applications and support the effective
functioning of application controls by helping to ensure the continued proper
operation of information systems.
Examples of application controls include checking the arithmetical accuracy of
records, maintaining and reviewing accounts and trial balances, automated
controls such as edit checks of input data and numerical sequence checks,
and manual follow-up of exception reports.

65
 Physical controls: Controls that encompass:
 The physical security of assets, including adequate safeguards such as
secured facilities over access to assets and records.
 The authorization for access to computer programs and data files.
 The periodic counting and comparison with amounts shown on control
records (for example, comparing the results of cash, security and
inventory counts with accounting records).
 The extent to which physical controls intended to prevent theft of
assets are relevant to the reliability of financial statement preparation,
and therefore the audit, depends on circumstances such as when
assets are highly susceptible to misappropriation.
 Segregation of duties: Assigning different people the responsibilities of
authorizing transactions, recording transactions, and maintaining
custody of assets. Segregation of duties is intended to reduce the
opportunities to allow any person to be in a position to both perpetrate
and conceal errors or fraud in the normal course of the person’s duties.

5.5 Monitoring of Controls

An important management responsibility is to establish and maintain internal
control on an on-going basis. Management’s monitoring of controls includes
considering whether they are operating as intended and that they are modified
as appropriate for changes in conditions.
Monitoring of controls may include activities such as management’s review of
whether bank reconciliations are being prepared on a timely basis, internal
auditors’ evaluation of sales personnel’s compliance with the entity’s policies
on terms of sales contracts, and a legal department’s oversight of compliance
with the entity’s ethical or business practice policies. Monitoring is done also
to ensure that controls continue to operate effectively over time. For example,
if the timeliness and accuracy of bank reconciliations are not monitored,
personnel are likely to stop preparing them.
Internal auditors or personnel performing similar functions may contribute to
the monitoring of an entity’s controls through separate evaluations. Ordinarily,
they regularly provide information about the functioning of internal control,
focusing considerable attention on evaluating the effectiveness of internal
control, and communicate information about strengths and deficiencies in
internal control and recommendations for improving internal control.

6.0 Limitations of Internal Control

 Internal control, no matter how effective, can provide an entity with only
reasonable assurance about achieving the entity’s financial reporting
objectives. The likelihood of their achievement is affected by the inherent
limitations of internal control. These include the realities that human judgment
in decision- making can be faulty and that breakdowns in internal control can
occur because of human error. For example, there may be an error in the
design of, or in the change to, a control. Equally, the operation of a control

65
 may not be effective, such as where information produced for the purposes of
internal control (for example, an exception report) is not effectively used
because the individual responsible for reviewing the information does not
understand its purpose or fails to take appropriate action.
 Additionally, controls can be circumvented by the collusion of two or more
people or inappropriate management override of internal control. For
example, management may enter into side agreements with customers that
alter the terms and conditions of the entity’s standard sales contracts, which
may result in improper revenue recognition. Also, edit checks in a software
program that are designed to identify and report transactions that exceed
specified credit limits may be overridden or disabled.
 Further, in designing and implementing controls, management may make
judgments on the nature and extent of the controls it chooses to implement,
and the nature and extent of the risks it chooses to assume.

Self-Help: You can also refer to the sources below to help you
further

Burch, Carl E. (2012). Review Material for Governance, Risk and Ethics.

Cabrera, M.B., & Cabrera, G.B (2019). Corporate Governance, Business Ethics,
Risk Management and Internal Control (2019-2020 edition). GIC Enterprises &
Co., Inc.

Company Secretaries of India (2019). Governance, Risk Management Compliances

and Ethics. AArushi Graphics, Prashant Vihar, New Delhi

65