2. meaning
• Internal control, as defined in accounting and auditing, is
a process for assuring achievement of an organization's
objectives in operational effectiveness and efficiency,
reliable financial reporting, and compliance with laws,
regulations and policies.
• It is a means by which an organization's resources are
directed, monitored, and measured. It plays an important
role in detecting and preventing fraud and protecting the
organization's resources, both physical (e.g., machinery
and property) and intangible (e.g., reputation or
intellectual property such as trademarks).
MANU H NATESH MBA,M.Com. BMSEAC
manu@bmsec.ac.in
5. Steps to evaluate internal control
system
Organize the process
Segment the company
Develop a schedule for vulnerability
Conduct vulnerability assessments
Establish plans for subsequent actions
Conduct internal reviews
Take corrective action
Prepare summary reports on internal control
Periodical test internal controls of high risk areasMANU H NATESH MBA,M.Com. BMSEAC
manu@bmsec.ac.in
6. Objectives of internal control
• To evaluate the efficiency of performance in the various of
the business.
• To ensure orderly, efficient and economic conduct of the
business
• To see that access to and use of assets are made only with
proper authorization.
• To safe guard the assets of the organization by preventing
frauds wastes and inefficiency
• To ensure that there is periodical verification and
comparison of assets in existence with those of accounting
records and appropriate action taken.
• To ensure that transactions are recorded in the proper
books of accounts regularly, correctly and systematically.
MANU H NATESH MBA,M.Com. BMSEAC
manu@bmsec.ac.in
7. Types of internal controls
• A Vulnerability is a defect in a process, system, application or other asset that creates the potential
for loss or harm. Vulnerabilities are measured primarily through the identification of control
deficiencies (defects or weaknesses) to determine a system's or process' propensity for fIn terms of
taxonomy, there are three, commonly accepted forms of Controls:
• Administrative - These are the laws, regulations, policies, practices and guidelines that govern the
overall requirements and controls for an Information Security or other operational risk program.
For example, a law or regulation may require merchants and financial institutions to protect and
implement controls for customer account data to prevent identity theft. The business, in order to
comply with the law or regulation, may adopt policies and procedures laying out the internal
requirements for protecting this data, which requirements are a form of control.
• Logical - These are the virtual, application and technical controls (systems and software), such as
firewalls, anti virus software, encryption and maker/checker application routines.
• Physical - Whereas a firewall provides a "logical" key to obtain access to a network, a "physical" key
to a door can be used to gain access to an office space or storage room. Other examples of physical
controls are video surveillance systems, gates and barricades, the use of guards or other personnel
to govern access to an office, and remote backup facilities
MANU H NATESH MBA,M.Com. BMSEAC
manu@bmsec.ac.in
8. Types of internal controls
Detective
preventive
corrective
MANU H NATESH MBA,M.Com. BMSEAC
manu@bmsec.ac.in
9. • All three of these elements are critical to the creation of an effective control
environment. However, these elements do not provide clear guidance on
measuring the degree to which the controls mitigate the risk. Instead, the Simple
Risk Model utilizes an alternative set of elements that provide a better means of
weighting the level of mitigation:
• Preventive - These are controls that prevent the loss or harm from occurring. For
example, a control that enforces segregation of responsibilities (one person can
submit a payment request, but a second person must authorize it), minimizes the
chance an employee can issue fraudulent payments.
• Detective - These controls monitor activity to identify instances where practices or
procedures were not followed. For example, a business might reconcile the
general ledger or review payment request audit logs to identify fraudulent
payments.
• Corrective - Corrective controls restore the system or process back to the state
prior to a harmful event. For example, a business may implement a full restoration
of a system from backup tapes after evidence is found that someone has
improperly altered the payment data.
MANU H NATESH MBA,M.Com. BMSEAC
manu@bmsec.ac.in
10. Detective Controls
• Detective Controls are designed to find errors or irregularities after
they have occurred. Examples of detective controls are:
• Reviews of Performance: Management compares information
about current performance to budgets, forecasts, prior periods, or
other benchmarks to measure the extent to which goals and
objectives are being achieved and to identify unexpected results or
unusual conditions that require follow-up.
• Reconciliations: An employee relates different sets of data to one
another, identifies and investigates differences, and takes corrective
action, when necessary.
• Physical Inventories
• Audits
MANU H NATESH MBA,M.Com. BMSEAC
manu@bmsec.ac.in
11. Preventive Controls
• Preventive Controls are designed to discourage errors or irregularities from
occurring. They are proactive controls that help to ensure departmental objectives
are being met. Examples of preventive controls are:
• Segregation of Duties: Duties are segregated among different people to
reduce the risk of error or inappropriate action. Normally, responsibilities for
authorizing transactions (approval), recording transactions (accounting) and
handling the related asset (custody) are divided.
• Approvals, Authorizations, and Verifications: Management authorizes employees
to perform certain activities and to execute certain transactions within limited
parameters. In addition, management specifies those activities or transactions that
need supervisory approval before they are performed or executed by employees.
A supervisor’s approval (manual or electronic) implies that he or she has verified
and validated that the activity or transaction conforms to established policies and
procedures.
• Security of Assets (Preventive and Detective): Access to equipment, inventories,
securities, cash and other assets is restricted; assets are periodically counted and
compared to amounts shown on control records.
MANU H NATESH MBA,M.Com. BMSEAC
manu@bmsec.ac.in
12. Corrective controls
Corrective — Coupled with preventive and detective controls,
corrective controls help mitigate damage once a risk has
materialized. An organization can document its policies and
procedures, enforcing them by means of warnings and
employee termination when appropriate. When
managers wisely back up data they can restore a functioning
system in the event of a crash. If a disaster strikes, business
recovery can take place when an effective continuity and
disaster management plan is in place and followed.
MANU H NATESH MBA,M.Com. BMSEAC
manu@bmsec.ac.in
13. limitations
Limitations of Internal Controls:
• No matter how well internal controls are designed, they can only provide reasonable
assurance that objectives have been achieved. Some limitations are inherent in all internal
control systems. These include:
• Judgment: The effectiveness of controls will be limited by decisions made with human
judgment under pressures to conduct business based on the information at hand.
• Breakdowns: Even well designed internal controls can break down. Employees sometimes
misunderstand instructions or simply make mistakes. Errors may also result from new
technology and the complexity of computerized information systems.
• Management Override: High level personnel may be able to override prescribed policies and
procedures for personal gain or advantage. This should not be confused with management
intervention, which represents management actions to depart from prescribed policies and
procedures for legitimate purposes.
• Collusion: Control systems can be circumvented by employee collusion. Individuals acting
collectively can alter financial data or other management information in a manner that
cannot be identified by control systems.
MANU H NATESH MBA,M.Com. BMSEAC
manu@bmsec.ac.in
14. Internal check
• Internal check is the process of
arrangement of duties of various staffs of
a business in such way that work is
automatically checked by the next staff
while performing their duties. Frauds
which are committed by a staff are
automatically detected and corrected by
the another staff.
• A division of duties that does
not permit one individual to carry out
all stages of a transaction. An internal
check is intended to prevent fraud and
minimize errors.
MANU H NATESH MBA,M.Com. BMSEAC
manu@bmsec.ac.in
15. Objectives Of Internal Check
Objectives Of Internal Check
Following are the objectives of internal check system:
• 1. To eliminate the frauds and errors which may be committed by the staffs.
• 2. To prevent misappropriation of cash or stock.
• 3. To ensure the reliability of information produced by the accounting system.
• 4. To detect errors and frauds promptly which helps to minimize their effects in
long term.
• 5. To exercise moral pressure over the staffs.
MANU H NATESH MBA,M.Com. BMSEAC
manu@bmsec.ac.in
16. Essential Characteristics Of Internal Check System
Essential Characteristics Of Internal Check System
Certain qualities are needed to make an internal check system more effective and efficient. Such qualities
are known as features of internal check system which are as follows:
• 1. Division Of Work
Before applying test check it is necessary to divide the entire tasks among the staffs in such a way so that
work can be checked automatically by the another staff. Like, when staff takes the responsibility of
purchase, then another staff should make its payment.
• 2. Provision Of Check
An organization should set up such provision, so that work can be checked by the another staff. An officer
can check the work of one staff by transferring to the staffs and again.
• 3. Use Of Devices
In this modern world, various devices can be used to do various function like use of time record machine,
wage determination machine etc. An organization should use such machines which help to make work of
internal check easier.
MANU H NATESH MBA,M.Com. BMSEAC
manu@bmsec.ac.in
17. • 4. Self-balancing System
An organization can use self-balancing ledger accounts which helps to make the work of internal
check easier. Its effectiveness depends on its management.
• 5. Change In Work
An organization needs to transfer the staffs from one place to another place so that the work of
previous staffs can be checked by the later staff which helps to make the internal check system
effective.
• 6. Specialization
Every staff may not have such specialized knowledge to maintain accounts properly. So, an
organization should give training to increase their skill so that internal check can be made more
effective.
• 7. Control
There is more chance of frauds where there is direct contact of consumer or public. So, a manager
can keep eyes in those works so that internal check system can be made more effectively.
MANU H NATESH MBA,M.Com. BMSEAC
manu@bmsec.ac.in
18. Internal Check as regards to Cash
• Receipts against cash
• Rough Cash Book
• Remittances – opened before officer
• Automatic tills or cash register
• Deposit all cash receipt every day
• BRS prepared regularly
• Issue of Cheque – authorized by the
officer
• Independent check of Castings of Cash
Book
• Preparation of Wage sheet
• Payment by cheques except petty
• Collection by travellers
MANU H NATESH MBA,M.Com. BMSEAC
manu@bmsec.ac.in
19. Internal Check as regard to
PURCHASES
• Orders – 2 copies (Supplier &
Reference)
• On Receipt – Goods Receipt Book
• Invoice – Goods Receipt Book
Verified
• Check Calculations in Invoice
• Invoice Copy – Person in charge
• Clerk – Purchases Book
• Initial the invoice copy
MANU H NATESH MBA,M.Com. BMSEAC
manu@bmsec.ac.in
20. Duty of an Auditor – CREDIT
PURCHASES
• In clients name
• Authorize person in charge
• Date of Invoice – Period under review
• Review of Verification
• Goods on Invoice – Capital
• Test Check – Purchases Book
• Expenses Debited to Purchases
Account
• Compare the Books
• Stamp, Check Mark, Initial
• Duplicates
• Credit Conformation Statement
MANU H NATESH MBA,M.Com. BMSEAC
manu@bmsec.ac.in
21. Internal Check as Regard to WAGES
• Check inclusion for Dummy Workers
• Errors or Fraud – piece work records
• Clerical Works
• Dispensed Employees – Retained
• Over Stating – Rates
• Over Stating Hours/days of Work
• Conversion of unpaid wages
• Over footing of pay roll sheets
• Understatement of deduction
MANU H NATESH MBA,M.Com. BMSEAC
manu@bmsec.ac.in
22. Duties of an Auditor - WAGES
• Check Loop hole
• Wage Sheet or Wage Book
• Calculation are Correct
• Wages payable, paid & unpaid
• Dummy Workers
• Initialed
• ID verification
• Authorized Number of workers
• Wage sheet – ESI Card, PF Account
• Total wages – estimates of costing department
• Duly signed - comparison
• Leave register
• Wage payment vs. advance payment
• Employment of Casual Labourer
• Test Check
MANU H NATESH MBA,M.Com. BMSEAC
manu@bmsec.ac.in
23. Internal Check as regard to SALES
• Order – Order Received Book
(Name, Particulars of Goods, Date
& Mode of Transport)
• Copy – Dispatch Department
• Clerk compares goods in order
packed by DD
• Rate of charge – Responsible
officer
• Preparation of Invoice – 2/3
copies
• One copy – clerk – sales book
• One copy – gatekeeper – goods
outward book
• Traveler Sales Man – 3 copies
MANU H NATESH MBA,M.Com. BMSEAC
manu@bmsec.ac.in
24. Duties of an Auditor – CREDIT SALES
• Review Internal Check System in Place
• Invoice – Sales Book Compare
• Order Received Book, Goods Outward Book, Gatekeeper’s
Outward Book, Delivery Note etc
• Sale of Asset – treated as a ordinary sale
• Statement of accounts from client
• Check sales during last days and weeks
• Cancelled invoice – duplicates
• Sales Tax & Insurance etc debited & credited into
appropriate accounts
• Sales to sister concerns and associates
• Different trade discounts - examined
MANU H NATESH MBA,M.Com. BMSEAC
manu@bmsec.ac.in