This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
Management have to design controls to assure that their transactions are done according to the program of real operation, otherwise they will have many risks including improper use of funds and unreliable reporting of financial data and many others
This control is imposed by the government and it includes all the policies and procedures that management has to follow. Also, there must be internal audit which gives recommendations to management about control system.
Objectives of Management Control
Management can have so many mechanisms to assure that their policies and procedures are done in a proper way, and this is done for private and non-private business. It is very important to management to make sure that there will not be conflicts between the controls and its philosophy, and if management gives discretion power, it should have accountability for it. Management also must consider the change in circumstances, which means controls may need to be changed because of external environment. This is one of the internal audit priorities that strengthen management controls.
Management has to document its transactions and properly classify them. There must be authority in doing the transactions for special people; there must be segregation of duties and supervision.
-Having an effective control is the responsibility of the top management which must demonstrate integrity and professionalism and assess risk and suggest procedures to reduce those risks. Also they must involve in decisions for daily operations.
The management's control must be cost effective that means it must not be more than the cost of the risk it avoids.
Types of management controls
There are many types of management controls. First of all, financial reporting must be reliable and done on a timely basis. They must be audited to assure that they are timely and reliable. Also, they must monitor performance to make sure that their activities are achieved and their goals are done. Another thing is physical control which limits access of unauthorized people to certain items. Also, we have accounting control over the procedures of recording events.
Control system can't provide absolute assurance; it only provides reasonable assurance because there are certain risks that management should be aware of. For example, poor implementation of an effective control can be very risky. However, external audit help management in improving its control as in pre-audit.
Effective management control must define plans that can be understood and measured within its available resources (realistic plans) and it must check to see whether they are achieved or not.
Management is also responsible for the financial and non-financial issues. For the financial information, management has the responsibility to show shareholders the result in the accounting period in a reliable way.
In order to assess the effectiveness of control of the organization, the company or the organization must make sure that it clearly understands its mission and vision, and the objectives of the groups in the company and the information that is available to the company that enables it to identify its risks. Also, it is important to the company to understand the policies that affect their work.
Each company must have performance target. In addition, a company must make sure that its integrity and ethical values are practiced.
Another important thing is that good employees deserve to be rewarded fairly according to the objective of the company. Also, they should be in their right position. (There should be a clear definition of authority and responsibility.)
A company should be aware of the necessity of expertise, knowledge, skills, good performance and good communications between its employees.
The last important thing for the company to make sure of is monitoring and learning. For example, there must be monitoring of performance against targets and there must be relevant information for decision making, correcting errors, mistakes and updating the system.
Management Control Standards for Internal Control
Government Accountability Office gives us the standards for management control, it actually gives us the minimum accepted quality of the control and management have the responsibility of doing its best to achieve it.
Management always needs to assess and evaluate its internal control structure to make sure it is well designed and is working effectively.
Also, they must assure that their internal control is appropriately updated to meet any kind of change, and to avoid any fraud or waste of resources or mismanagement and control weaknesses and the most important thing the misuse of assets.
Management must have reliable financial statements and information that complies with laws, rules, and regulations. Management must provide and show annual statements and correct weaknesses in them.
The managers and the employees should have positive attitude toward the system of the company, and this is important for achieving its effectiveness.
They must follow the ethical values descriptions and the appropriate policies of the company and avoid conflict of interest. Employees must act according to due professional care, they must be aware of all the acceptable things. Managers must conduct meetings to inform employees about any problems they face. They should know that management always takes action when there is any problem or violation of the regulation.
One important thing is that management must set realistic goals so that it can prevent unethical behaviors and also so that the employees can achieve them. Also, it must analyze the skills and abilities of its employees through job descriptions and train them and improve their abilities.
The company must evaluate its management's philosophy and operating style. For example, it should know whether it emphasize short-term profits, and goals to determine long-term goals. A second thing to consider is the business risk that the company takes.
The company must delegate authority to employees in the right way and it must approve the changes to its systems and update it. It also should give attention to employees that means they should work in a safe and healthy environment.
There must be a clear and consistent established goal and objective for the departments of the company. After that all risks should be identified by the company and analyzed to be aware of its effects. After that management should try to limit these things in order to have reliable financial statements.
To do this, it is important for the management to specify its mission and relate to legislation, also it must obtain feedback.
Management can easily identify its risk, for example, there is risk for computerized systems or technological advancements. There is risk for political and economic changes; also there is a risk of natural catastrophist, and the change in currency.
Other risks might be lack of qualifications and unavailability of future funds.
Information and communication
In order to be able to run and control the operations, the company must have relevant and reliable information, so it should record all its information and give them to people who need to use them.
Information is gathered from internal and external resources. And the management uses it for the reports and is given to the right people who need them.
Communication is important also, to be effective; you have to have good communication with employees. For example, you may need to inform them about weaknesses in their duties. Also, you may need communication to ease the flow of information between them.
The main purpose of monitoring is to assess the quality of the performance, by using ongoing monitoring activities and separate monitoring activities (audits and records).
It must include procedures and policies to make sure that management knows about the findings and use them for judgment.
Existing control activities
There should be policies, practices, and procedures to make sure that the employees do their activities in a proper way and it is used to identify the risk also. This helps provide reliable information. The need for activity control increases as the size of the company becomes bigger.
The manager is responsible for the developing and implementing of the internal control. One important thing to know is that not all companies have the same internal control. I mean that each company has its own and special internal control and this is the responsibility of the management to achieve its activities.
COSO (the committee of sponsoring organization of the Treadway commission) which consists of:
IIA: Institute of Internal Auditors
IMA: Institute of Management Accountants
AAA: American Accounting Association
FEI: Financial Executives Institute
Defines internal control and its importance in providing Reasonable Assurance of the reliability of information, regarding laws, rules, and regulations.
Its job is to control and direct and organize the activities. By using it, managers can determine well how they can delegate the responsibilities to their employees because internal control consists of many subsystems and all of them work together to achieve its goal.
Management exists to provide the leadership that the company needs to go on. This can happen by using internal control because it has all the procedures and policies to follow.
Management is responsible for the effectiveness of its internal control, its efficiency and its compliance with laws, rules, and regulations, and is responsible for the decision making.
Why do we need internal control?
Internal control is needed because management must perform its goals according to laws, rules and regulations. Also, it is needed to safeguard the company's assets and finally to achieve efficient and effective goals. Internal control is also important for the preparation of audits.
However, internal control has some limitations because it only provides reasonable assurance (not absolute assurance) that means there is no ideal system or it may be very costly. Another problem might be human errors in judgments in the implementation of the control. But reasonable assurance can provide reliable information despite its limitations.
The standards of internal control:
There are certain things that departments of a company must do, the first thing is that the department must document its internal control. The second thing is the transactions; they must be recorded and classified properly. Another important thing is authority and access because only authorized people should access and do their authorized job. Finally there should be supervision over the activities.
Internal control activities that management must consider:
Managers must establish clear lines of authority and responsibility, they must assign the tasks for the employees and write the procedures, they must also review their staff's work and approve it. Moreover, they might need to train employees if necessary and all this must happen in the right time.
Segregation of duties
It is very important specially when using computerized system, that means a person should not be doing two of the following jobs for the same action:
Custody of assets
To have control over revenue collection and expenditures, we need to approve any transaction by authorized people.
Control access to assets and resources
There should also be control over cash and inventory and equipment to make sure that they are only used to achieve management's goal.
Documentation of internal control
To ease reviewing and monitoring internal control system.
To conclude, management control can achieve a lot of goals, for example: we can know whether the work is achieved as it was planned, we can assure that there is no waste of resources or mismanagement ( that is considered unethical) or fraud. Also, we can obtain our information on a timely basis and the most important thing is that we follow the laws, rules and regulations