Internal Controls are systematic and procedural steps adopted by an organization to mitigate risks, primarily in the areas of financial accounting and reporting, operational processing and compliance with laws and regulations.
Internal Controls (ICs) are essentially risk mitigation steps taken to strengthen the organization’s systems and processes, as well as help to prevent and detect errors and irregularities. The actual steps of mitigation (e.g., review, approval, physical count, segregation of duty, etc.) are referred to as ‘Control Activities’.
When ICs mitigate the risk of financial exposure, they are also referred to as Internal Financial Controls (IFCs) and when they mitigate operational risks, they are also referred to as Operational Controls (OCs). ICs generally operate with human intervention (Manual Controls), but in an automated environment, computer controls are deployed to secure the systems and called IT General Controls (such as access controls) or check transaction processing at an application level and called Application Controls (such as sequential numbering of invoices, etc.).
Internal Controls can be broad-based covering the whole entity (i.e., Code of Conduct), or focused to a specific process or area (such as Order processing or Payroll, etc.). In the former case they are generally referred to as “Entity Level Controls (ELCs)” as part of the “Control Environment”. In the case of latter, they are also referred to as “Process Level Controls (PLCs)”.
“Internal Controls Framework” is a pre-defined benchmark Internal Control System, based on suitable criteria, which can be used by management or auditors to assess the design, adequacy and operating effectiveness of the overall internal control system.
Responsibilities for internal control
As per Companies Act, 2013, in a limited company, the board of directors are responsible for ensuring that appropriate internal controls are in place. Their accountability is to the shareholders, as the directors act as their agents. In turn, the directors may consider it prudent to establish a dedicated internal control function. The point at which this decision is taken will depend on the extent to which the benefits of function will outweigh the costs.
The directors must pay due attention to the control environment. If internal controls are to be effective, it is necessary to create an appropriate culture and embed a commitment to robust controls throughout the organization.
Internal Control Procedures:
Internal audit testing is the internal assessment of internal controls and as such is a management responsibility to ensure compliance and conformity of internal controls to pre-determined standards.
Internal audit provides independent assurance on the effectiveness of internal controls and risk management processes to enhance governance and achieve organizational objectives.
As per SIA (Standards on Internal Audit) 210 issued by ICAI, the Internal Audit Function is the responsibility of the Chief Internal Auditor or the designated person. He performs a number of activities to achieve the objectives as outlined in Terms of Engagement. A few of the critical activities are as follows:
Responsibility of Internal Auditor
The internal auditor shall review and reports on internal controls in relation to key risks affecting the organization. The objective should be to test the extent to which the controls will manage the risk if it crystallizes. The conclusions of these reports should enable management to reconsider the controls and modify or redesign them if appropriate.
Organizations have to implement performance standards in relation to compliance. This may be to satisfy the demands of external regulators, or to operate to pre-determined internal standards. Internal audit should review operations for compliance with such standards. In this respect, the work of internal auditors has broadened, as organizations increasingly pursue compliance not only with industry standards for products and service provision, but also with criteria relevant to environmental standards.
About the Author
Author is Rahul Jindal, partner in PK Chopra & Co., Chartered Accountants providing Auditing Accounting, Taxation and Advisory services and having head office at New Delhi Connaught Place and branches at Mumbai, Ahmedabad, Kochi, Lucknow, Bangalore, Coimbatore and Gurgaon. Rahul is highly skilled business practitioner and a great strategist with distinguished expertise in the matters related to Due Diligence, Valuation and Assessments of the Companies, Direct and Indirect Taxation and Accounting. Firm is focused on helping Foreign Companies in setting up Business in India and complying with various tax laws applicable, Building Business, Strategy Planning, NGO NPO CSR sector.