DRAF INTERNAL CONTROL

1.0 Definition

An internal control is a process or system that helps to assure reliability, compliance,

security, or efficiency. Internal controls are effectively a set of checks and balances that are
critical to any business, especially as it becomes larger. Adequate internal controls can
reduce the risk of fraud or theft by employees or vendors, protect against lawsuits, and help
ensure decision making that is in the best interest of the organization. Some commonly used
internal controls include authorization signatures, segregation of duties, IT passwords,
management reviews, archiving of records, and the use of locked areas or cameras. In other
words, an internal control is a process put in place to prevent employees from stealing
assets or committing fraud.

Internal control also helps organization to

(1) Conduct its business in an orderly and efficient manner

(2) Safeguard its assets and resources

(3) Deter and detect errors, fraud, and theft

(4) ensure accuracy and completeness of its accounting data

(5) Produce reliable and timely financial and management information

(6) Ensure adherence to its policies and plans.

2.0 Objective

 Authorization - The objective is to ensure that all transactions are approved by

responsible personnel in accordance with specific or general authority before the
transaction is recorded and fairly represent the economic events that actually occurred,
are lawful in nature, and have been executed in accordance.
 Completeness and accuracy - The objective is to ensure that no valid transactions have
been omitted from the accounting records and all valid transactions are accurate,
consistent with the originating transaction data and information is recorded in a timely
manner.
 Physical Safeguards & Security - to ensure that access to physical assets and
information systems are controlled and properly restricted to authorized personnel.
 Error handling - to ensure that errors detected at any stage of processing receive prompt
corrective action and are reported to the appropriate level of management.
 Segregation of Duties - to ensure that duties are assigned to individuals in a manner that
ensures that no one individual can control both the recording function and the
procedures relative to processing the transaction.
3.0 Limitation of Internal Control

Even with the best internal control system, financial misstatement still can occur. There are
few limitation for the internal control. This happen because no matter how we had designed
and try to prevent any mistake, but still had limitation to this system. This limitation as
following:

 Collusion
Collusion between two or more individuals can result in control failures. Individuals
acting collectively often can alter financial data or other management information in a
manner that cannot be identified by the control system.

 Management override
Top-level employees who have the ability to override internal control features also have
opportunity to commit fraud. Even if the lower-level employees suspect make
wrongdoing, they may feel intimidate to confront the issues.

 Natural risk
Effective internal control and ethical employee cannot ensure a company’s success or
even survival because there are natural risk to running any business.

 Judgment
This is because effective internal control still need human judgment to make decision.
The judgment based on person’s experience and qualifications, the information and time
available, and pressures to conduct business.

 Breakdowns
Because of misunderstanding instruction, faulty assumption, distraction because need to
focus on too many task and mistake due to careless the system of internal control can
break down.

 External events
The factor outside the organization such as federal regulations, responsiveness of
customers or program partners, and natural disasters can influence the internal control.
 Internal control at least needs to allow the agency to be informed of progress, or lack
thereof, to achieving good internal control.

 Resource limitations
Every agency must prioritize efforts to implement or improve controls within resource
limitations.

4.0 Cash control

Cash is the most susceptible to employee fraud, because the obvious way employee can
steal they cash when they remove the cash from the company. There are other less obvious
way, where the employee could falsify documents. Because of this possibilities, many
companies applied strict procedures to maintain control cash.

4.1 Cash and Cash Equivalent

The amount of cash recorded in the company’s balance sheet includes currency, coins,
and balance in saving and checking accounts, as well as item acceptable for deposit in
the account, such as check received from customer.
The balance of cash also includes cash equivalents, which are defined as short term
investment that have maturity date no longer than three month from the date of
purchase.

Management must safeguard all asset against possible misuse, they need to make cash
control. Cash control can be divided by two,

1) Control over cash receipts

2) Control over cash disbursements
4.1.1 Control over Cash Receipts

For the control over cash receipts, most business receives payment from the sale
in the form of cash or as check received immediately or through mail. Internal
control over cash receipts need to include the following policies:

1. Open mail each day, and make list of checks received, including the amount
and payer’s name.
2. Designate an employee to deposit cash and checks into the company’s bank
account each day, different from the person who receives cash and checks.
3. Have another employee record cash receipts in the accounting records as
soon as possible. Verify cash receipts by comparing the bank deposit slip
with the accounting records.
4. Accepts credit cards or debit cards to limit the amount of cash employees
handle.

Acceptance of credit card, the acceptance of credit card provides an additional

control by reducing employees’ need to directly handle cash. The transaction are
recorded similar to debit card transaction.

Acceptance of debit card, debit card also provide an additional control for cash
receipts. Like credit card, debit card offer customer a way to purchase good and
service without a physical exchange of cash.

4.1.2 Control over Cash Disbursement

For the control over cash disbursements, manager need to design proper
control system for cash disbursements. This can help to prevent any
unauthorized payments and make sure there are proper recording. Cash
disbursement include not only disbursing physical cash, but also writing checks
and using credit card and debit card to make payment to seller. All these form of
payment will make cash disbursement and require formal internal control
procedures.
 There are a few important elements of cash disbursements control system
include the following policies,

1. Make all disbursement, other than very small ones, by check, debit card or
credit card. Need to have permanent record of all disbursement
2. Authorize all expenditure before make purchase and need to verify accuracy
of the purchase itself. Need to have two different employee to authorize
payment and another one prepare the check.
3. Make sure the check are serially number and need to be signed only by
authorized employee, for larger check required to have two signed.
4. Periodically check amounts show in the debit card and credit card statements
against purchase receipts. The employee verify the accuracy of the debit card
and credit card statement.
5. Need to set maximum purchase limit for debit card and credit card, if
purchase above the limit amount need to get approval by upper-level
employee.
6. Make sure the employees who responsible for making cash disbursement
shout not also in charge of cash receipts.

5.0 Principles of Internal Control

The main internal control principles include:

 Establish Responsibilities
Every companies must clearly establish responsibilities, assigning specific
responsibilities to individuals and ensures they understand what their part is in
maintaining internal control.

 Maintain Records
Having correct record-keeping procedures will enable companies to have an
accurate history of transactions on hand. The records such as historical data will
allow company to refer to it later, if a problem is discovered or if clarification is
necessary.
  Insure Assets by Bonding Key Employees
By insuring assets and bonding employees, an organization can rest assured that it
will be reimbursed for the value of an asset if the asset is stolen, or otherwise
misappropriated.

 Segregate of Duties
Different employees need to perform separate task when they need to handle
several tasks in order to complete a single transaction.

 Use Technological Controls

Electronic keypads, burglar alarms, and other technology-based security features
can help organizations to protect assets because this technology can often go where
people cannot, and can be on the job 24 hours a day without requiring extra pay or
breaks.

 Perform Regular Independent Reviews

Companies must review their internal control systems regularly. That should be done
by an individual who did not perform any of the work being checked. Through the
internal control process and no reason to cover mistakes or be overly optimistic
about the control procedures.

6.0 Components of Inventory Control

6.1 Control environment

Control environment is overall ethical of the company. It includes formal policies related
to management’s philosophy, responsibility and organizational structure. The control
environment will effect on attitude an action of management. For example, if the
employees notice unethical behavior or comments by management they will be act
similar which is wasting company resources.
6.2 Risk assessment

Risk assessment functions are to identify and analyzes internal and external risk factor
that prevent a company’s objective from being achieved. Example of internal factor such
as unsafe lighting, faulty video projectors and unsanitary bathrooms. Example of external
factor such as vendor supplying lower grade of inventory, security in parking lot or
decline in customers. This external and internal factor put company’s objective in
danger.

6.3 Control activities

Control activities are policies and procedures that helps ensure that management’s
directives are being carried out. There are two types of two types which is preventive
controls and detective controls.

1) Preventive controls are designed to keep error or fraud from occurring. Example of
preventive controls include:
a) Employee management. The company should provide employees with
appropriate guidance to ensure they have the knowledge necessary to carry out
their job duties. Employee should be aware of the company’s internal control
procedures and ethical responsibilities.
b) Physical control over asset and accounting records. Each night, money from
ticket sales should be placed in the theatre’s safe or deposited at the bank.
Important document should be kept on fireproof files, and electronic records
should be backup daily and requires user ID and password for access.

2) Detective controls are designed to detect errors or fraud that already have occurred.
Example of detective controls include:
a) Performance reviews. The actual management of individuals or processes should
be check against their expected performance. For example, the amount of food
sold should be compared to the number of tickets sold over a period of time. If
food sales are lower than expected number of tickets, employee could be wasting
food, stealing food or giving it to their friends for free.
 b) Audit. Many companies, such as companies listed on exchange, are required to
have an independent auditor attest to the adequacy of their internal control
procedure. Other companies can voluntarily choose every year to have an expert
auditor assess their internal control procedures to detect any deficiencies or
fraudulent behavior of employees.

6.4 Monitoring

Monitoring are reporting of deficiencies required. Theatre manager needs to actively

review daily operations to ensure that control procedures work effectively. For example,
the manager should compare daily cash from ticket sales with the number of ticket
issued.

6.5 Information and communication

It depends on the reliability of the accounting information system itself. If the

accountant’s office has papers scattered everywhere, and you learn the company still
does all it accounting by hand without a computer, you as investor will be a bit worried. A
system should be in place to ensure that current transaction of the company is reflected
in current reports.

7.0 Procedure of Inventory Control

7.1 Separation of Duties

There are many responsibilities that are need to be considered in internal control such as book
keeping, deposits, reporting and auditing. Separation of duties is essential in gaining the best
outcomes from a company in which it means dividing the responsibilities between the
employees in the department. In order to avoid the employees in committing any fraudulent acts
and errors, the company is required to take further actions in separating the duties and tasks
among the employees. This actions can also be implemented by small businesses with only a
few accounting employees in which they can share the responsibilities and tasks between two
or more people and it is important that the co-workers to review the critical duties among the
employees and guide them in preventing any mistakes being made.
7.2 Access Controls

Organizing an access controls within the employees is crucial in preventing any important
information being leaked to other parties. A company needs to ensure that different parts of an
accounting system are required to have an access controls such as via passwords, lockouts
and electronic access logs in order to prevent unauthorized users out of the system to access
any important information. Hence, it is also to provide a better way for the employees to audit
the usage of the system and identifying the root of any problems, errors or discrepancies
regarding the internal control. Moreover, strong access tracking can also help a company to
hold any attempts of fraudulent access in the first place.

7.3 Physical Audits

Next, physical audits involve any hand-counting and any physical assets that are being tracked
in the accounting system such as inventory, materials and tools. The benefit of physical audits is
that through it, the company can reveal and identify any well-hidden discrepancies in account
balances by checking the electronic records and systems altogether. For example, counting
cash in sales outlets or branches can be made daily or even several times per day. The
situations differ for a larger company as hand counting inventory should be implemented less
frequently such as annually or on quarterly basis as doing it more frequently will decrease the
efficiencies of the performance of a company because it is rather time consuming.

7.4 Standardized Documentation

Some of the functions of standardizing documents is that it is being used for financial
transactions such as invoices, internal materials requests, inventory receipts and travel expense
reports. Standardized documentation is required for a company as it helps to maintain
consistency in record keeping over time. It is also need to be considered as using standard
document formats can make it easier to review and search past records and looking for errors
and discrepancy in the system. One of the major problems that can occur by not implementing a
standardized documentation is that some of the items can be misinterpreted or overlooked
within a company record.
7.5 Trial Balances

One of the benefits of a double-entry accounting system is that it increases the reliability of the
data by ensuring that the books and records within it are always balanced. However, the
potential for the occurrence of errors is still possible in which a double-entry system can be out
of balance at any given period. This problems can be reduced by calculating the trial balanced
daily or even weekly in order to provide a regular awareness into the state of the system as it
allows the company to detect and scrutinize any errors from the very beginning.

7.6 Periodic Reconciliations

Irregular accounting reconciliations can ensure that the balances in an accounting system
match up with the balances in an accounts held by other parties including banks, suppliers and
credit customers. This is because a bank reconciliation includes in comparing cash balances
and records of deposits and receipts between your accounting system and bank statements.
Differences between these types of complementary accounts can expose any errors or
discrepancies in your account or even the errors might even come from other entities.

7.7 Approval Authority

Approval authority is a very important procedures as specific managers are needed to authorize
certain types of transactions. The accounting records and transactions that have been made
must be given to the managers in order for them to review, analyse and approve by the selected
authorities. Moreover, some of the important things that requires an approval such as large
payments and expenses must be done in order to avoid any untrustworthy employees from
making any large fraudulent acts or transactions with the company funds.
8.0 Internal audit

The role of internal audit to provide to the governing body on the adequacy control system and
risk management system within the business process and the operations of the institute.

Next, internal audit also helps to provide an unbiased and objective view. The auditor must
evaluate the operation and report to the highest level in an organization such senior managers.

Other than that, the roles of internal audit are to improve operations. Internal audit can look at
the operations in a department and compare them with the organization’s objectives. Internal
audit can help determine if unit operations are effective and efficient.

After that, internal audit will evaluate and present annual report to the Audit Committee on the
effectiveness of the Risk Management System and the System of Internal Financial Controls.

Besides that, the Head of Internal Audit give an annual opinion to the Audit Committee on the
adequacy and effectiveness of the whole system on and how far the governance body may rely
on the internal control system.

Next, audit can help organization to evaluate risks in addition to the annual risk assessment
conducted by Internal Audit annually. Internal auditors can come to a department and help
assess risks and determine how effectively they are managed

After that the roles is to promote ethics. Internal auditors abide by a Code of Ethics that upholds
the principles of integrity, objectivity, confidentiality and competency, promotes these principles
in all of its projects.

Besides that, internal control can investigate occurrences of fraud, embezzlement, theft, waste
and recommends controls to prevent or detect such occurrences which is happen in an
organization.

9.0 Bank reconciliation

A bank reconciliation helps in maintaining control of cash and matches the balance of
cash in the bank account with the balance of cash in the company’s own records. The
differences in these balances most often occur because of either timing differences or errors.
 Timing differences in cash occur when the company records transactions either before
or after the bank records the same transactions. For example, when a movie theatre pays its
popcorn supplier $2,000 by check, the company records a decrease in cash immediately, but
the bank does not record a decrease in cash until the popcorn supplier later deposits the check.
If the supplier waits a week before depositing the check, the balance of cash in the company’s
records will be reduced one week earlier than will the bank’s.

Errors can be made either by the company or its bank and may be accidental or
intentional. For example, an accidental error might occur if the company mistakenly were to
record a check being written for $117 as $171 in its records. An intentional error is the result of
theft. If the company records a daily deposit of $5,000 but an employee deposits only $500 into
the bank account and pockets the rest, the bank reconciliation will reveal the missing $4,500.

Illustration 9.1: Bank Statement

 Illustration 9.2: Company Records of Cash Activities

Illustration 9.3: Company Records of Cash Activities (concluded)

First Bank’s ending balance of cash ($4,100) differs from Starlight’s ending balance of
cash ($2,880). Reconciling the bank account involves three steps: (1) adjust the bank’s cash
balance, (2) adjust the company’s cash balance and (3) update the company’s Cash account by
recording items identified in step (2).

STEP 1: RECONCILING THE BANK’S CASH BALANCE

Compare cash receipts recorded by Starlight (Illustration 9.2) to those reported as

deposits in the bank statement (Illustration 9.1) reveals that cash sales receipts of $2,200 on
March 31 are not yet reflected in the bank’s balance by the end of March. This is a deposit
outstanding. Comparing the checks written by Starlight to those reported in the bank statement
shows that the bank received checks #293, #294, and #296 by the end of March. This means
checks #295 ($1,200) and #297 ($900) remain outstanding and are not yet reflected in the
bank’s balance.
STEP 2: RECONCILING THE COMPANY’S CASH BALANCE

Six cash transactions recorded by First Bank (Illustration 9.1) are not reported in
Starlight’s cash records (Illustration 9.2) by the end of March:

1. Note received by First Bank on Starlight’s behalf ($3,000 consisting of $2,800 plus
related interest received of $200).
2. Interest earned by Starlight on its bank account ($20).
3. NSF check ($750).
4. Debit card purchase of office equipment by an employee ($200).
5. Electronic funds transfer (EFT) related to the payment of advertising ($400).
6. Service fee ($50).

Comparing Starlight’s record of checks written to those in the bank statement reveals an
error by Starlight. Check #294 for rent was written for $2,900 but Starlight’s accountant recorded
it incorrectly as $2,600. First Bank processed the check for the correct amount of $2,900. This
means Starlight needs to reduce its cash balance by an additional $300 for rent expense.

STEP 3: ADJUSTING THE COMPANY’S CASH ACCOUNT BALANCE

As a final step in the reconciliation process, a company must update the balance in its
Cash account, to adjust for the items used to reconcile the company’s cash balance.

Illustration 9.4: Reconciling the Bank Statement

 We record items that increase the company’s cash with a debit to Cash. We credit Notes
Receivable because the company has collected cash from the note, decreasing that asset
account (-$2,800). We also credit Interest Revenue for interest earned (+$220).

We record items that decrease the company’s cash with a credit to Cash.

Account Receivable is debited in order to increase that asset account (+$750), to show
that the customer who paid with an NSF check still owes the company money. The other debits
are needed to record the items related to cash outflows equipment purchased and expenses
incurred.

In the uncommon event that the two balances at the end of the bank reconciliation
schedule are not equal, management investigates the discrepancy to check for wrongdoing or
errors by company employees or the bank. If the company cannot resolve the discrepancy, it
records the difference to either Miscellaneous Expense or Miscellaneous Revenue, depending
on whether it has a debit or credit balance. For example, suppose a company is unable to
account for $100 of missing cash. In this event, the company records the following transaction,
increasing Miscellaneous Expense and decreasing Cash.