Briefing Internal Controls & Its Testing

A business or an organization that is running smoothly is also contributed by the proper internal controls in place. Hence, to understand internal controls & its relevance in business processes, first let us know what it is.

What are Internal Controls?

Internal controls are the policies, rules, and procedures implemented by a company to ensure the integrity of financial and accounting information, promote accountability, and prevent fraud.

Hence, in every process of the organization, suitable Internal Controls are placed so that actions such as prevention, detection & correction of errors & frauds can take place.

Why Internal Controls?

Internal controls are established to strengthen:

• The reliability and integrity of information produced to top management/ board
• Compliance with policies, plans, procedures, laws and regulations
• safeguarding of assets
• economical and efficient use of resources
• accomplishment of established objectives and goals for operations or programs and projects

What are the types of Internal Controls?

Two main types of controls in any organization would be:

• Preventive Controls – These are the controls focused on decreasing the potential errors or frauds, i.e., they are proactive in nature. For e.g. approval of certain transactions.
• Detective Controls – These are the controls designed to identify the errors or frauds after the transaction has occurred. For e.g. monthly reconciliation of transactions, physical inventory count etc.

 They should both be in place i.e., preventive controls to ensure prevention of errors or frauds before hand and detective controls to trace whether preventive controls are adequately working.

Internal Control Procedures in Accounting

There are seven Internal Control Procedures that are designed to prevent, detect & correct errors or frauds. These are:

• Separation of Duties – Separation of duties involves splitting responsibility for bookkeeping, deposits, reporting and auditing. The further duties are separated, the less chance any single employee has of committing fraudulent acts.
• Access Controls – Controlling access to different parts of an accounting system via passwords, lockouts and electronic access logs can keep unauthorized users out of the system while providing a way to audit the usage of the system to identify the source of errors or discrepancies.
• Physical Audits – Physical audits include hand-counting cash and any physical assets tracked in the accounting system, such as inventory, materials and tools. Physical counting can reveal well-hidden discrepancies in account balances by bypassing electronic records altogether.
• Standardized Financial Documentation – Standardizing documents used for financial transactions, such as invoices, internal materials requests, inventory receipts and travel expense reports, can help to maintain consistency in record keeping over time.
• Daily or Weekly Trial Balances – Using a double-entry accounting system adds reliability by ensuring that the books are always balanced. Even so, it is still possible for errors to bring a double-entry system out of balance at any given time. Calculating daily or weekly trial balances can provide regular insight into the state of the system, allowing you to discover and investigate discrepancies as early as possible.
• Periodic Reconciliations in Accounting Systems – Occasional accounting reconciliations can ensure that balances in your accounting system match up with balances in accounts held by other entities, including banks, suppliers and credit customers. For example, a bank reconciliation involves comparing cash balances and records of deposits and receipts between your accounting system and bank statements.
• Approval & Authorisation – Requiring specific managers to authorize certain types of transactions can add a layer of responsibility to accounting records by proving that transactions have been seen, analyzed and approved by appropriate authorities.

Illustration on one Major Business Process and related Internal Controls

Let us discuss one of the major business process i.e., procurement process in a typical manufacturing entity. Logical flow in this process would be:

• Purchase Requisition – These are written or electronic documents raised by personnel from the production area seeking the emerging needs in the production process.
• Review of requisition – Mainly the stores department would check the genuineness of such requisition and availability of required goods or spares. After approval from the stores, the same is being sent to the purchase department.
• Solicitation Process – Once the requisition is approved, Purchase Order(PO) is generated and quotations are invited from the selective vendors to receive and compare bids to shortlist the perfect vendor that fulfills all the needs. The PO is then being sent to the selected vendor. Many a times a proper binding contract is formed with the selected vendors.
• Order Management – The vendor delivers such goods as per PO or the formed contact. After receiving such goods, the stores department checks whether the goods of required quantity & quality are received or not. After such review, the stores department prepares a Goods Receipt Note (GRN) w.r.t the received goods or spares.
• Generation of Invoice – After the order is confirmed, then according to the business terms set, an invoice is generated by the vendor and sent to the organization.

In the above stated process, what are the preventive & detective controls?

Preventive Controls would be review of requisitions, inviting quotations for best bid, P.O & formation of contract & verification of received goods by stores whereas

Detective Controls would be processes such as 4 way checking of the procurement done on certain time intervals i.e., reconciling Purchase Requisition→Purchase Order→Purchase Invoice→GRN. Another detective control would be physically verifying the stock and its movement w.r.t entries in the books, confirmation from the vendors etc.

What to do being an auditor?

As an auditor, one needs to obtain understanding of each major process to be audited whether be it procurement, sales, administration etc.

He/ she needs to apply compliance procedures and substantive procedures where compliance test would deal with understanding the process and related controls. Few of the most effective methods for such test are Walk through of full process by selecting a few transactions of that process on random basis and ascertaining the nature of error/ fraud/ flaws prevailing. Another can be system audit for testing presence of appropriate controls in different processes.

On similar count, substantive procedures or checking in details would involve ascertaining the existence of items. For e.g. physical verification of inventories/ fixed assets with books of account. Also, checking certain transactions by conducting a three or four way checking of certain transactions. For. e.g. four way checking in case of procurement process; reconciling Purchase Requisition→Purchase Order→Purchase Invoice→GRN.

Hence, it is utmost important to note that Internal Controls in an organization are very much necessary to provide first shield to fight against serious errors & frauds and reduce or refrain from potential losses.