What is the role of internal controls in the audit process?

Internal control as defined by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) is a process, affected by an entity's board of directors (trustees), management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories:

• Effectiveness and efficiency of operations
• Reliability of financial reporting
• Compliance with applicable laws and regulations

They include a wide range of activities that occur throughout the organization, by supervisory and front-line personnel.   Typically, management is responsible for developing an appropriate system of internal controls, but every employee is responsible for following and applying those practices.

Examples of Internal Controls

Segregation of Duties

When work duties are divided or segregated among different people to reduce the risk of error or inappropriate actions.

Physical Controls

When equipment, inventories, securities, cash and other assets are secured physically.  This can occur through the use of locks, safes, or other environmental controls. Access is restricted to those with authority to handle them.

Reconciliations

Comparisons are made between similar records maintained by different people to verify transaction details are accurate and that all transactions are properly recorded.  Specific examples would include:  Performing a reconciliation from bank statements to check register/records.  Balancing/reconciling cash on hand to sales or transaction activity on the cash register totals.

Policies and Procedures

Established policies, procedures, and documentation that provide guidance and training to ensure consistent performance at a required level of quality.  These should be available at all levels of the organization.  Departmental and University/Organization wide.

Transaction and Activity Reviews

Management reviews of transaction, operating, and summary reports help to monitor performance against goals and objectives, spot problems, identify trends, etc. Specific examples include:  Monthly review of budget statements to actual expenses.  Review of telecommunication call activity reports for personal or non-business related phone calls.  Review of timecards and overtime hours by employees.

Information Processing Controls

When data is processed, a variety of internal controls are performed to check the accuracy, completeness and authorization of transactions. Data entered is subject to edit checks or matching to approved control files or totals. Numerical sequences of transactions are accounted for, and file totals are controlled and reconciled with prior balances and control accounts. Development of new systems and changes to existing ones are controlled, as is access to data, files and programs.

Good internal controls are essential to assuring the accomplishment of goals and objectives. They provide reliable financial reporting for management decisions. They ensure compliance with applicable laws and regulations to avoid the risk of public scandals. Poor or excessive internal controls reduce productivity, increase the complexity of processing transactions, increase the time required to process transactions and add no value to the activities.

Good internal controls help ensure efficient and effective operations that accomplish the goals of the unit and still protect employees and assets.

Our sites

• myACCA
• ACCA mail
• ACCA Careers
• ACCA Career Navigator
• ACCA Learning Community
• Your Future

Useful links

• Make a payment
• ACCA-X online courses
• Find an accountant
• ACCA Rulebook
• News
• Work for us

Most popular

• Professional insights
• ACCA Qualification
• Member events and CPD
• Supporting Ukraine
• Past exam papers

Internal control is relevant to everyone in the workplace. It represents our moral responsibility to understand and comply with University policies and procedures, as well as to hold ourselves and one other accountable.

The primary purpose of internal controls is to help safeguard an organization and further its objectives. Internal controls function to minimize risks and protect assets, ensure accuracy of records, promote operational efficiency, and encourage adherence to policies, rules, regulations, and laws.

What is the definition of internal control?

Internal control—a process affected by a college or university's governing board, administration, faculty, and staff—is designed to provide reasonable assurance regarding the achievement of objectives in the following categories:

• effectiveness and efficiency of operations;
• reliability of financial reporting; and
• compliance with applicable laws and regulations.

This definition reflects certain fundamental concepts:

• Internal control is a process. It is a means to an end, not an end in itself.
• Internal control is affected by people. It involves not only policy manuals and forms, but also people functioning at every level of the institution.
• Internal control is geared to the achievement of objectives in several overlapping categories.
• Internal control can be expected to provide only reasonable assurance to an institution's leaders regarding achievement of operational, financial reporting, and compliance objectives.

What are some examples of internal controls?

Internal controls can take many forms. On a daily basis, we encounter many controls both inside and outside of the office.

Why is internal control important in audits?

What are role of auditing in the control process?

What is the main role of internal audit?

What are the 5 internal controls in auditing?