“Internal (Management) Control is the set of accounting & administrative controls and practices that help ensure that approved and appropriate decisions are made in an organization” * in other words, to make sure that the right thing happens and the wrong thing does not happen, either purposely or accidentally
Why Internal Control? 1. To safeguard the assets against waste, loss & misuse 2. Check the accuracy and reliability of accounting data 3. Promote operational efficiency 4. Encourage adherence to managerial policies 5. Enable management to ascertain that expenditures are properly authorized and made in accordance with appropriate laws and regulations
Controls
Design controls to be: Preventive Detective Corrective
It is best to install a series of preventive, detective and corrective controls (both administrative & accounting) to prevent theft and poor management, by removing the opportunity or temptation to steal or engage in lax practices (plus the threat of detection/punishment)
Environment & Risk
Management should promote a good internal control environment – a “commitment to competence”
A cost-benefit analysis and assessment of risk should be performed before installing a control.
Characteristics of Effective Internal/ Management Control 1. Honest, Capable Employees* 2. Clearly-Defined Formal Plan of Operation* 3. Appropriate System of Authorizations 4. Separation/Segregation of Duties 5. Sound Accounting Practices 6. Adequate Safeguards Over Access To & Use of Assets & Records 7. Independent Checks on Performance (Auditors)
EDP/Computer Auditing
In addition to the controls needed for manual systems, additional controls must be in place and working whenever computers are used: * General Controls: organizational controls, systems development controls, controls over program changes, operating systems software & hardware