The internal control structure of a company is made up of the policies and procedures set up to provide reasonable assurance that specific business objectives will be achieved.
In small business organizations, generally, the ‘owner-manager’ controls all the activities of his/her business by personal supervision and direct participation.
For instance; The owner generally purchases required business materials and other assets or business. They oversee the appointment of employees, complete the contract with them through discussion and keep, constant watch over their activities. They sign cheques for payments and since they sign all the cheques, they can easily have an idea what commodities, assets, and services they are signing for.
However, with the expansion of business, the appointment of additional employees and officers is needed, and the scope of the business may also widen.
Given the new business reality, it becomes almost impossible on the part of the ‘owner-manager’ to perform all the activities of the business alone; for this reason, the delegation of authority is inevitable and so overall control tends to decrease. In such circumstances the introduction of internal control becomes essential.
The internal control system is introduced to avoid errors, fraud and for systematic control of business activities; in other words, internal control systems help businesses steer clear of potential risk issues.
There are 3 major types of internal controls:
- Preventive Internal Control – these are put into place to keep errors and irregularities from happening. They range from locking the building before leaving to entering a password before completing a transaction. Other preventative controls include backing up computer data, employee screening and training programs, or obtaining approval before processing a transaction.
- Detective Internal Control – these are designed to find errors after they have occurred. They serve as part of a checks-and-balances system and to determine how efficient policies are. Examples include mystery shopping and taking inventory.
- Corrective Internal Control – these are put into place to correct any errors that were found by the detective internal controls. When an error is made, employees should follow whatever procedures have been put into place to correct the error, such as reporting the problem to a supervisor. Training programs and progressive discipline for errors are other examples of corrective internal controls.
It is important to keep in mind that internal controls, while effective, are not a guarantee that a company’s objectives will be met; internal controls assume employees are honest and that they would not bypass guidelines or alter data to benefit themselves.
Next week we’ll explore the COSO (Committee of Sponsoring Organizations of the Treadway Commission) Integrated Framework for Internal Control and it’s five (5) components.