Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

According to Strauss (2003) internal Controls are to be an integral part of any organization's financial and business policies and procedures. Internal controls consists of all the measures taken by the organization for the purpose of protecting its resources against waste, fraud, and inefficiency; ensuring accuracy and reliability in accounting and operating data; securing compliance with the policies of the organization; and evaluating the level of performance in all organizational units of the organization. Internal controls are simply good business practices. Similarly, Vitez (2010) states that internal controls are reviews, procedures or guidelines to protect and safeguard a company's business and financial Information.


According to Carrington and Chaderton (2004), the objectives of internal controls are:

The safeguarding of assets.-Assets are safeguarded and used for business purposes. Internal controls can safeguard assets by preventing theft, fraud, misuse, or misplacement. One of the most serious breaches of internal controls is employee fraud.

To ensure business information is reliable and accurate - Authorizing, recording, and safeguarding are related to establishing the system of accountability and are aimed at the prevention of errors and irregularities. The reason is that employees attempting to defraud a business will also need to adjust the accounting records in order to hide the fraud.

To ensure that laws and regulations are complied with - Businesses must comply with applicable laws, regulations, and financial reporting standards.

To promote operating efficiency to achieve the desired goals of the business.

Control Environment

The control environment creates the foundation for all other aspects of internal controls on an organization. It ensures that management maintains an ethically sound structure. (Refer to diagram 1 above)

Risk Assessment

This is the in depth analysis of all possible risks the organization may need to take in achieving the firm's relevant objectives. There may be need for mechanisms to identify and deal with special risks associated with changes in the economy. (Refer to diagram 1 above)

Control Activities

These are the strategies and procedures that must be established and applied to diminish all risks within the internal controls. Control activities occur throughout the organization, at all levels and in all functions. (Refer to diagram 1 above)

Information and Communication

As a means for members of the organizations to manage their operations responsibly, information and communication systems need to be enabled internally and externally. (Refer to diagram 1 above)


Internal control systems need to be monitored and modified as necessary by the organization to support changing business conditions. It includes regular management and supervisory activities, and other actions personnel take in performing their duties. (Refer to diagram 1 above)


According to Weygandt, Kieso, and Kimmel (2005), a company follows specific control principles to safeguard its assets and enhance the accuracy and reliability of its accuracy and reliability of its accounting records.

Segregation of Duties

According to Strauss (2003), all work in an organization is divided up so that no one individual has control over every aspect of the operation especially for related functions. It is recommended that the person who keeps the records about an asset should be separate from the person who has physical custody of the asset.

Establishment of responsibility

According to Weygandt, Kieso, & Kimmel (2005), this involves specialization of the workload. Employees should be assigned to specific assignments because control is most effective when only one person is responsible for a given task. Establishing responsibility includes proper authorization and approval of transactions and activities which mean every transaction must be properly authorized if controls are to be satisfactory. The individual or group who can grant either specific or general authorization for transactions should hold a position proportionate to the nature and significance of the transactions.

Documentation Procedures

According to Weygandt, Kieso, and Kimmel (2005), documents provide evidence that transactions and events have occurred. Documents and records should be:

∙Pre-numbered consecutively to facilitate control over missing documents, and as an aid in locating documents anytime.

∙Prepared at the time the transaction takes place. When there is a longer time interval, records are less credible and the chance for misstatement is increased.

∙Constructed in such a way that encourages correct preparation. Providing a degree of internal check within the form or record can do this.

∙Designed for multiple use whenever possible, to minimize the number of different forms.

Independent Internal Verification

According to Carrington and Chaderton (2004), this is the situation where, periodically, on a surprise basis, an independent individual reviews, compares and reconciles date prepared by another employee.

Physical, Mechanical, and Electronic Controls

According to Weygandt, Kieso, and Kimmel, Physical Controls are solely important to safeguard assets such as having locked warehouses for inventory or fencing company property. Mechanical and Electronic controls also help with safeguarding assets. Mechanical controls improve the accuracy and reliability of accounting information such as cash registers or time clocks which employees use to show when they arrive. Electronic controls may be in the form of electronic burglar alarm systems and television cameras to monitor thefts.

Other Controls

According to Carrington and Chaderton (2004), other controls are very general and include:

∙Rotation of employees to different departments or areas of work

∙Requirement of employees to take mandatory annual vacations.

∙Requirement of employees to obtain fidelity insurance.

∙Recruitment of competent personnel.


The development of internal control objectives incorporates the scope that covers the following three functional considerations:


Operational audits review the operation of your business in order to identify potential improvements in efficiency and effectiveness, control procedures or other specialist areas. 


A compliance audit is a broad review of an organization's adherence to all corporate legal and regulatory responsibilities.


This is the review of the financial statements of a company, resulting in the publication of an independent opinion on whether those financial statements are relevant, accurate, complete, and fairly presented on a timely basis.


Internal Auditor

Internal auditing is an activity designed to improve an organization's operations. It helps an organization accomplish its objectives by bringing a more systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. Professionals called internal auditors are employed by organizations to perform the internal auditing activity. Internal auditors handle financial, compliance and operational audits. Internal auditors are appointed by and report to the management of the organization. These auditors perform audits annually.

External Auditor

An external auditor is a professional personnel who performs an audit on the financial statements of a company, government, individual, or any other legal entity or organization. External auditors are appointed by and report to the shareholders of an organization. According to Teck, Etal (2007), external auditors must hold the professional qualifications of Certified Public Accountants (CPA) or Chartered Accountants (CA). Audits are performed by these auditors at the end of each financial year.

Audit Committee

The audit committee's role is to ensure that management has developed and followed an adequate system of internal control.


According to Carrington and Chaderton (2004), the limitations of internal controls are as follows:

The need to balance the cost of the control with its benefits.

The potential for human error.

The possibility fraudulent collusion designed to get round controls that segregate duties.

The abuse of authority and override of controls, such as ordering personal goods through the firm. It is very easy for directors and managers of organizations to instruct staff to bypass normal procedures such as the requirement for authorization for payments.

The obsolescence of controls - becoming outdated.

Generally, a firm should select controls where the benefits of use exceed the costs of implementation and operation.