Learn about Internal Controls Best Practices
Internal Control activities are those specific policies and procedures that help ensure management directives are implemented. They include a wide range of activities that occur throughout the organization, by supervisory and front-line personnel.
Below are some examples of common control activities.
A variety of controls are performed to check accuracy, completeness, and authorization of transactions, including the following:
- Data entered are subject to edit checks or matching to approved control files.
- Numerical sequences of transactions are accounted for, and file totals are controlled and reconciled with prior balances and control accounts.
- Development of new systems and changes to existing ones are controlled, as is access to data, files, and programs.
Equipment, inventories, securities, cash and other assets are secured physically, and periodically counted and compared with amounts shown on control records. Access is restricted to those with authority to handle them.
Established policies, procedures and job descriptions provide guidance and training to ensure consistent performance at a required level of quality.
Segregation of duties means that duties are divided, or segregated, among different people to reduce the risk of error or inappropriate actions.
For instance, responsibilities for authorizing transactions, recording them and handling the related asset are divided.
No one person should do all of the following:
- Initiate transaction
- Approve transaction
- Record transaction
- Reconcile balances
- Handle assets
- Review reports
Segregation of duties is critical to effective internal control; it reduces the risk of both erroneous and inappropriate actions. In general, the approval function, the accounting/reconciling function, and the asset custody function should be separated among employees. When these functions cannot be separated, a detailed supervisory review of related activities is required as a compensating control activity. Segregation of duties is a deterrent to fraud because it requires collusion with another person to perpetrate a fraudulent act.
Specific examples of segregation of duties are as follows:
- The person who requisitions the purchase of goods or services should not be the person who approves the purchase.
- The person who approves the purchase of goods or services should not be the person who reconciles the monthly financial reports.
- The person who approves the purchase of goods or services should not be able to obtain custody of checks.
- The person who maintains and reconciles the accounting records should not be able to obtain custody of checks.
- The person who opens the mail and prepares a listing of checks received should not be the person who makes the deposit.
- The person who opens the mail and prepares a listing of checks received should not be the person who maintains the accounts receivable accounting records.
Managers running functions or activities review performance reports. They may relate different sets of data—operating or financial—to one another, together with analyses of the relationships.