Control Systems or Internal Controls - Explained
What are Internal Controls?
Written by Jason Gordon
Updated at June 26th, 2021
- Marketing, Advertising, Sales & PR
- Accounting, Taxation, and Reporting
- Professionalism & Career Development
-
Law, Transactions, & Risk Management
Government, Legal System, Administrative Law, & Constitutional Law Legal Disputes - Civil & Criminal Law Agency Law HR, Employment, Labor, & Discrimination Business Entities, Corporate Governance & Ownership Business Transactions, Antitrust, & Securities Law Real Estate, Personal, & Intellectual Property Commercial Law: Contract, Payments, Security Interests, & Bankruptcy Consumer Protection Insurance & Risk Management Immigration Law Environmental Protection Law Inheritance, Estates, and Trusts
- Business Management & Operations
- Economics, Finance, & Analytics
- Courses
Table of Contents
What are Internal Controls?Types of Internal Control SystemsWhat are the Limitations of the internal controls?What are the Objectives of internal controls? What are the Major components of the internal control system?Academic Research on Control System (Internal Controls)What are Internal Controls?
Internal control system refers to the processes set by the management of an entity to control and ensure the effective operation of the organization. The system is instituted and managed by the company`s management, the board of trustees, and other personnel in the organization to create assurance regarding the achievement of the following objectives:
- Financial reporting reliability
- Efficiency and effectiveness in the company operation
- Compliance with the instituted laws and regulations.
Back to: OPERATIONS, LOGISTICS, & SUPPLY CHAIN MANAGEMENT
Types of Internal Control Systems
There are three main types of internal control which include; detective, corrective and preventive controls. Detective controls are the internal controls that are designed to detect irregularities and errors that may occur in the system. Secondly, corrective controls are designed to correct the irregularities and errors that have been detected. Lastly, preventive controls are designed to prevent the occurrence of errors and irregularities.
What are the Limitations of the internal controls?
Regardless of how well the internal control systems are developed, they only present reasonable assurance as to whether the set objectives have been achieved. The limitations of the internal control are based on inherent factors which include:
- Judgment- the effectiveness of the internal control system depends on the decisions that are controlled by the human judgment. Some decisions are made under pressure and based on the information at hand.
- Breakdowns - internal control systems are subjects to breakdowns. The employees in the organization may sometimes misinterpret the instruction or make mistakes thus affects the effectiveness of the system. Human errors may also affect the applicability of the system, especially in the complex technology environment.
- Management override - the personnel at the higher level of the organization structure may override the policies set for personal gain. However, this should not be confused with management intervention whereby the management can intervene by avoiding some organization policies and procedures for the benefit of the company.
- Collusion- control system can be subject to employee collusion. Employees may act collectively to change or derail the financial data or other management information in a way that cannot be detected by the system.
What are the Objectives of internal controls?
The objectives of the internal control system aimed at minimizing the potential waste, unauthorized access, loss, or misappropriation. For the objectives of an internal control system to be effective, its compliance must be observable and measurable. The internal control system is evaluated by the internal audit that assesses the ability control processes to achieve the predetermined objectives. Some of the objectives of internal control include completeness, authorization, accuracy, physical security, and safeguard, validity, segregation of duties and handling of errors.
Authorization- this objective ensures that all transactions in the organization are approved by authorized and responsible personnel in compliance with general or specific authority before they are recorded in the financial statements.
Completeness - the main aim of this objective is to ensure that all valid transactions are captured and recorded in the financial records.
Accuracy - the key aim of this objective is to ensure that all the transactions are accurate and reliable to the source data and the financial information is recorded in a timely manner.
Validity - this objective seeks to ensure that all the transactions recorded in the financial books are fairly presented and reflect the economic value of the activity that has occurred. It ensures that economic transactions are recorded according to the provided laws and guidelines and executed according to the authorization by the management.
Physical security and safeguards - this objective aims to control physical access to information and assets of the organization Handling of errors- this objective seeks to ensure that errors in the financial data and other organization`s information are detected at every stage and develop mechanisms to correct the error.
Segregation of responsibilities - this objective ensures that specific duties are assigned to particular individuals in a manner that no individual control or has more than one duty. For examples, it seeks to ensure that no individual is allowed to approve and record the financial transactions.
What are the Major components of the internal control system?
Control environment this refers to the factors that influence the control system and cognitive of the employees. This comprises of seven factors which include: integrity and ethical values, human resource practice and policies, commitment to competence, assignment of responsibility and authority, operating style and management philosophy, organizational structure and lastly the participation of board of directors or audit committees.
Risk assessment- this includes the evaluation of the internal risks that may affect the effectiveness and of the organization record, process, analyze and report financial data. The risk assessment includes the evaluating changes in the: changes in the operating environment, personnel, information system, technology, rapid growth, new activities, lines or products foreign operation, corporate restructuring, and accounting pronouncement.
Control activities- this evaluate various procedures and policies that help in ensuring that necessary actions are taken to address the factors that hinder the achievement of the organization`s objectives. These include the review of performance, processing of information physical security and controls and lastly segregation of duties.
Information and communication- this is concerned with methods that are established to process, record, analyze, and report financial transactions. It also ensures that the accountability of liabilities and assets are maintained. It aims to accomplish the following: determine and record all financial information, present the financial information in a timely basis, appropriate measurement of value, ensuring that financial statements are recording within the appropriate time, ensuring that financial statement is properly disclosed and presented and lastly present the duties and responsibility of each employee.
Monitoring- these include the assessment of the performance of quality control over time.
Academic Research on Control System (Internal Controls)
- Strategic control systems and relative R&D investment in large multiproduct firms, Hoskisson, R. E., & Hitt, M. A. (1988). Strategic management journal, 9(6), 605-621. This paper presents that strict financial controls that have large diversified M-form in the financial systems result in low risks, thus minimize the cost of research and development. The author further presents that increasing the level of diversification needs the organization to install different internal control systems that have a significant impact on the research and development. It was revealed that less diversified firms invest heavily in research and development compared to more diversified firms.
- The disclosure of material weaknesses in internal control after the Sarbanes-Oxley Act, Ge, W., & McVay, S. (2005). Accounting Horizons, 19(3), 137-158. This paper emphasis on data derived from 261 companies that have detected at least one drawbacks of the internal control. The study found out that poor internal control is associated with a lack of commitment of resources towards accounting control. The drawbacks in the internal control system are associated with a lack of segregation of duties, deficient policies regarding the recognition of the revenue, deficiency in the period end reporting and inappropriate accounting policies.
- The discovery and reporting of internal control deficiencies prior to SOX-mandated audits, Ashbaugh-Skaife, H., Collins, D. W., & Kinney Jr, W. R. (2007). Journal of Accounting and Economics, 44(1-2), 166-192. This paper investigates the economic factors that expose the company to the failures of internal control and discuss the incentives of management to detect and report control system. The study discovered that companies report internal control deficiency to have high accounting risks, frequent organizational changes, more auditor turnover and few resources allocated to internal control. With regard to incentives, the study discovered that companies that have ICD have more previous SEC enforcement and financial restatement.
- Planar reorientation maneuvers of space multibody systems using internal controls, Reyhanoglu, M., & McClamroch, N. H. (1992). Journal of guidance, control, and dynamics, 15(6), 1475-1480. This paper examines the maneuvering strategy for linkage of planar tight bodies in space. The study depicts that large-angle maneuvers can be designed to accomplish an arbitrary reorientation of the multi-body system concerning an inertial frame.
- The impact of enterprise resource planning (ERP) systems on the effectiveness of internal controls over financial reporting, Morris, J. J. (2011). Journal of Information Systems, 25(1), 129-157. This paper examines the implications of an enterprise resource planning system on the efficiency and effectiveness of the internal control system with regard to financial reporting. According to the author, there is increased use of software in the system of internal control, and this gives the vendors of enterprise resource planning system an opportunity to take advantage of Sarbanes-Oxley (SOX) legislation. The paper presents that the built-in controls and other features present in the ERP help the companies to improve their internal control regarding the financial reporting as required by the SOX.
- Internal Controls After Sarbanes-Oxley: Revisiting Corporate Law's Duty of Care as Responsibility for Systems, Langevoort, D. C. (2005). J. Corp. L., 31, 949. This article discusses the effectiveness of the internal control after the introduction of Sarbanes-Oxley (SOX). This study also tends to explain the controversy that occurs in the section 404 of the Sarbanes-Oxley (SOX). The authors present that Sarbanes-Oxley (SOX) has both benefits and cost to the implementation of internal control. It creates indeterminacy in the control system that has led a variety of groups that benefit from an inflated construction of the liability threat such as IT professionals, lawyers, accountants, consultants to try to capture the interpretation of the requirement in a self-serving fashion.
- Internal capital market controls and financial performance in multidivisional firms, Hill, C. W. (1988). The Journal of Industrial Economics, 67-83. This paper examines the benefits the M-form firms derive from the internal control system. According to the author, individuals within the M-form companies are likely to realize the benefits that arise for the relationship between sub-unit of the firms and internal capital markets.
- The market for corporate control and firm innovation, Hitt, M. A., Hoskisson, R. E., Johnson, R. A., & Moesel, D. D. (1996). Academy of management journal, 39(5), 1084-1119. This study examines a combined hypothetical model that describes how approaches for taking part in the market for corporate control (acquisitions and divestitures) influence internal control mechanisms and, also its impact on internal and external innovation. The study concludes that participating in the market for corporate control significantly affects the process and the design of innovation, the framework in which innovation is framed, and the control mechanisms applied.
- Internal Control Systems: Effectiveness of Internal Audit in Risk Management at Public Sector Enterprises., Vijayakumar, A. N., & Nagaraja, N. (2012). BVIMR Management Edge, 5(1). This article examines and discusses the effectiveness of the internal control audit in risk management in the public sectors entities. According to the authors, public entities are concerned with providing services to the members of the public for social interest rather than for commercial motive. However, they face a high level of internal and external risks when they provide their services. In this regard, internal audit plays an important role in detecting and preventing some risks in the public entities. An internal audit is an effective tool used to control operational, financial, legal and regulatory risks.
- The composition of boards of directors and strategic control: Effects on corporate strategy, Baysinger, B., & Hoskisson, R. E. (1990). Academy of Management review, 15(1), 72-87. This paper examines the impacts of strategic control on corporate strategy. According to the author, board of directors, especially in the large companies, provides the guidelines that govern the management equity capital and employment contracts. In this regard, the paper presents that board of directors play an important strategic role in controlling the activities of the company.
- Accounting control systems and business strategy: an empirical analysis, Simons, R. (1987). Accounting, organizations and society, 12(4), 357-374. This paper seeks to test the hypothesis by the accounting theoretician who argues that control systems should be revised in accordance with the business strategy of a company. The study further examines the relationship between business strategy, accounting control systems, and performance of the firm.