8.2 Define and Explain Internal Controls and Their Purpose within an Organization
Internal controls are the systems used by an organization to manage risk and diminish the occurrence of fraud. The internal control structure is made up of the control environment, the accounting system, and procedures called control activities . Several years ago, the Committee of Sponsoring Organizations (COSO) , which is an independent, private-sector group whose five sponsoring organizations periodically identify and address specific accounting issues or projects, convened to address the issue of internal control deficiencies in the operations and accounting systems of organizations. They subsequently published a report that is known as COSO’s Internal Control-Integrated Framework . The five components that they determined were necessary in an effective internal control system make up the components in the internal controls triangle shown in Figure 8.3 .
Here we address some of the practical aspects of internal control systems. The internal control system consists of the formal policies and procedures that do the following:
- ensure assets are properly used
- ensure that the accounting system is functioning properly
- monitor operations of the organization to ensure maximum efficiency
- ensure that assets are kept secure
- ensure that employees are in compliance with corporate policies
A properly designed and functioning internal control system will not eliminate the risk of loss, but it will reduce the risk.
Different organizations face different types of risk, but when internal control systems are lacking, the opportunity arises for fraud, misuse of the organization’s assets, and employee or workplace corruption. Part of an accountant’s function is to understand and assist in maintaining the internal control in the organization.
Link to Learning
See the Institute of Internal Auditors website to learn more about many of the professional functions of the internal auditor.
Internal control keeps the assets of a company safe and keeps the company from violating any laws, while fairly recording the financial activity of the company in the accounting records. Proper accounting records are used to create the financial statements that the owners use to evaluate the operations of a company, including all company and employee activities. Internal controls are more than just reviews of how items are recorded in the company’s accounting records; they also include comparing the accounting records to the actual operations of the company.
For example, a movie theater earns most of its profits from the sale of popcorn and soda at the concession stand. The prices of the items sold at the concession stand are typically high, even though the costs of popcorn and soda are low. Internal controls allow the owners to ensure that their employees do not give away the profits by giving away sodas and popcorn.
If you were to go to the concession stand and ask for a cup of water, typically, the employee would give you a clear, small plastic cup called a courtesy cup. This internal control, the small plastic cup for nonpaying customers, helps align the accounting system and the theater’s operations. A movie theater does not use a system to directly account for the sale of popcorn, soda, or ice used. Instead, it accounts for the containers. A point-of-sale system compares the number of soda cups used in a shift to the number of sales recorded in the system to ensure that those numbers match. The same process accounts for popcorn buckets and other containers. Providing a courtesy cup ensures that customers drinking free water do not use the soda cups that would require a corresponding sale to appear in the point-of-sale system. The cost of the popcorn, soda, and ice will be recorded in the accounting system as an inventory item, but the internal control is the comparison of the recorded sales to the number of containers used. This is just one type of internal control. As we discuss the internal controls, we see that the internal controls are used both in accounting, to provide information for management to properly evaluate the operations of the company, and in business operations, to reduce fraud.
It should be clear how important internal control is to all businesses, regardless of size. An effective internal control system allows a business to monitor its employees, but it also helps a company protect sensitive customer data. Consider the 2017 massive data breach at Equifax that compromised data of over 143 million people. With proper internal controls functioning as intended, there would have been protective measures to ensure that no unauthorized parties had access to the data. Not only would internal controls prevent outside access to the data, but proper internal controls would protect the data from corruption, damage, or misuse.
Bank Fraud in Enid, Oklahoma
The retired mayor of Enid, Oklahoma, Ernst Currier, had a job as a loan officer and then as a senior vice president at Security National Bank . In his bank job, he allegedly opened 61 fraudulent loans. He used the identities of at least nine real people as well as eight fictitious people and stole about $6.2 million. 4 He was sentenced to 13 years in prison on 33 felony counts.
Currier was able to circumvent one of the most important internal controls: segregation of duties. The American Institute of Certified Public Accountants (AICPA) states that segregation of duties “is based on shared responsibilities of a key process that disperses the critical functions of that process to more than one person or department. Without this separation in key processes, fraud and error risks are far less manageable.” 5 Currier used local residents’ identities and created false documents to open loans for millions of dollars and then collect the funds himself, without any oversight by any other employee. Creating these loans allowed him to walk up to the bank vault and take cash out of the bank without anyone questioning him. There was no segregation of duties for opening loans, or if there was, he was able to easily override those internal controls.
How could internal controls have helped prevent Currier’s bank fraud in Enid, Oklahoma?
Simply having someone else confirm the existence of the borrower and make the payment for the loan directly to the borrower would have saved this small bank millions of dollars.
Consider a bank that has to track deposits for thousands of customers. If a fire destroys the building housing the bank’s servers, how can the bank find the balances of each customer? Typically, organizations such as banks mirror their servers at several locations around the world as an internal control. The bank might have a main server in Tennessee but also mirror all data in real time to identical servers in Arizona, Montana, and even offshore in Iceland. With multiple copies of a server at multiple locations across the country, or even the world, in the event of disaster to one server, a backup server can take control of operations, protecting customer data and avoiding any service interruptions.
Internal controls are the basic components of an internal control system , the sum of all internal controls and policies within an organization that protect assets and data. A properly designed system of internal controls aims to ensure the integrity of assets, allows for reliable accounting information and financial reporting, enhances efficiency within an organization, and provides guidelines and possible consequences for dealing with breaches. Internal controls drive many decisions and overall operational procedures within an organization. A properly designed internal control system will not prevent all loss from occurring, but it will significantly reduce the risk of loss and increase the chance of identifying the responsible party.
Continuing Application
Fraud controls for grocery stores.
All businesses are concerned with internal controls over reporting and assets. For the grocery industry this concern is even greater, because profit margins on items are so small that any lost opportunity hurts profitability. How can an individual grocery store develop effective controls?
Consider the two biggest items that a grocery store needs to control: food (inventory) and cash. Inventory controls are set up to stop shrinkage (theft). While it is not profitable for each aisle to be patrolled by a security guard, cameras throughout the store linked to a central location allow security staff to observe customers. More controls are placed on cash registers to prevent employees from stealing cash. Cameras at each register, cash counts at each shift change, and/or a supervisor who observes cashiers are some potential internal control methods. Grocery stores invest more resources in controlling cash because they have determined it to be the greatest opportunity for fraudulent activity.
The Role of Internal Controls
The accounting system is the backbone of any business entity, whether it is profit based or not. It is the responsibility of management to link the accounting system with other functional areas of the business and ensure that there is communication among employees, managers, customers, suppliers, and all other internal and external users of financial information. With a proper understanding of internal controls, management can design an internal control system that promotes a positive business environment that can most effectively serve its customers.
For example, a customer enters a retail store to purchase a pair of jeans. As the cashier enters the jeans into the point-of-sale system, the following events occur internally:
- A sale is recorded in the company’s journal, which increases revenue on the income statement. If the transaction occurred by credit card, the bank typically transfers the funds into the store’s bank account in a timely manner.
- The pair of jeans is removed from the inventory of the store where the purchase was made.
- A new pair of jeans is ordered from the distribution center to replace what was purchased from the store’s inventory.
- The distribution center orders a new pair of jeans from the factory to replace its inventory.
- Marketing professionals can monitor over time the trend and volume of jeans sold in a specific size. If an increase or decrease in sales volume of a specific size is noted, store inventory levels can be adjusted.
- The company can see in real time the exact inventory levels of all products in all stores at all times, and this can ensure the best customer access to products.
Because many systems are linked through technology that drives decisions made by many stakeholders inside and outside of the organization, internal controls are needed to protect the integrity and ensure the flow of information. An internal control system also assists all stakeholders of an organization to develop an understanding of the organization and provide assurance that all assets are being used efficiently and accurately.
Environment Leading to the Sarbanes-Oxley Act
Internal controls have grown in their importance as a component of most business decisions. This importance has grown as many company structures have grown in complexity. Despite their importance, not all companies have given maintenance of controls top priority. Additionally, many small businesses do not have adequate understanding of internal controls and therefore use inferior internal control systems. Many large companies have nonformalized processes, which can lead to systems that are not as efficient as they could be. The failure of the SCICAP Credit Union discussed earlier is a direct result of a small financial institution having a substandard internal control system leading to employee theft. One of the largest corporate failures of all time was Enron , and the failure can be directly attributed to poor internal controls.
Enron was one of the largest energy companies in the world in the late twentieth century. However, a corrupt management attempted to hide weak financial performance by manipulating revenue recognition, valuation of assets on the balance sheet, and other financial reporting disclosures so that the company appeared to have significant growth. When this practice was uncovered, the owners of Enron stock lost $40 billion as the stock price dropped from $91 per share to less than $1 per share, as shown in Figure 8.4 . 6 This failure could have been prevented had proper internal controls been in place.
For example, Enron and its accounting firm, Arthur Andersen , did not maintain an adequate degree of independence. Arthur Andersen provided a significant amount of services in both auditing and consulting, which prevented them from approaching the audit of Enron with a proper degree of independence. Also, among many other violations, Enron avoided the proper use of several acceptable reporting requirements.
As a result of the Enron failure and others that occurred during the same time frame, Congress passed the Sarbanes-Oxley Act (SOX) to regulate practice to manage conflicts of analysts, maintain governance, and impose guidelines for criminal conduct as well as sanctions for violations of conduct. It ensures that internal controls are properly documented, tested, and used consistently. The intent of the act was to ensure that corporate financial statements and disclosures are accurate and reliable. It is important to note that SOX only applies to public companies. A publicly traded company is one whose stock is traded (bought and sold) on an organized stock exchange. Smaller companies still struggle with internal control development and compliance due to a variety of reasons, such as cost and lack of resources.
Major Accounting Components of the Sarbanes-Oxley Act
As it pertains to internal controls, the SOX requires the certification and documentation of internal controls. Specifically, the act requires that the auditor do the following:
- Issue an internal control report following the evaluation of internal controls.
- Limit nonaudit services, such as consulting, that are provided to a client.
- Rotate who can lead the audit. The person in charge of the audit can serve for a period of no longer than seven years without a break of two years.
Additionally, the work conducted by the auditor is to be overseen by the Public Company Accounting Oversight Board (PCAOB) . The PCAOB is a congressionally established, nonprofit corporation. Its creation was included in the Sarbanes-Oxley Act of 2002 to regulate conflict, control disclosures, and set sanction guidelines for any violation of regulations. The PCAOB was assigned the responsibilities of ensuring independent, accurate, and informative audit reports, monitoring the audits of securities brokers and dealers, and maintaining oversight of the accountants and accounting firms that audit publicly traded companies.
Visit the Public Company Accounting Oversight Board (PCAOB) website to learn more about what it does.
Any employee found to violate SOX standards can be subject to very harsh penalties, including $5 million in fines and up to 20 to 25 years in prison. The penalty is more severe for securities fraud (25 years) than for mail or wire fraud (20 years).
The SOX is relatively long and detailed, with Section 404 having the most application to internal controls. Under Section 404, management of a company must perform annual audits to assess and document the effectiveness of all internal controls that have an impact on the financial reporting of the organization. Also, selected executives of the firm under audit must sign the audit report and state that they attest that the audit fairly represents the financial records and conditions of the company.
The financial reports and internal control system must be audited annually. The cost to comply with this act is very high, and there is debate as to how effective this regulation is. Two primary arguments that have been made against the SOX requirements is that complying with their requirements is expensive, both in terms of cost and workforce, and the results tend not to be conclusive. Proponents of the SOX requirements do not accept these arguments.
One available potential response to mandatory SOX compliance is for a company to decertify (remove) its stock for trade on the available stock exchanges. Since SOX affects publicly traded companies, decertifying its stock would eliminate the SOX compliance requirement. However, this has not proven to be a viable option, primarily because investors enjoy the protection SOX provides, especially the requirement that the companies in which they invest undergo a certified audit prepared by CPAs employed by national or regional accounting firms. Also, if a company takes its stock off of an organized stock exchange, many investors assume that a company is in trouble financially and that it wants to avoid an audit that might detect its problems.
The Growing Importance of the Report on Internal Controls
Internal controls have become an important aspect of financial reporting. As part of the financial statements, the auditor has to issue a report with an opinion on the financial statements, as well as internal controls. Use the internet and locate the annual report of a company, specifically the report on internal controls. What does this report tell the user of financial information?
The annual report informs the user about the financial results of the company, both in discussion by management as well as the financial statements. Part of the financial statements involves an independent auditor’s report on the integrity of the financial statements as well as the internal controls.
Many companies have their own internal auditors on staff. The role of the internal auditor is to test and ensure that a company has proper internal controls in place, and that they are functioning. Read about how the internal audit works from I.S. Partners to learn more.
- 4 Jack Money. “Fraudulent Loans Lead to Enid Banker’s Arrest on Numerous Felony Complaints.” The Oklahoman . November 15, 2017. https://newsok.com/article/5572195/fraudulent-loans-lead-to-enid-bankers-arrest-on-numerous-felony-complaints
- 5 American Institute of Certified Public Accountants (AICPA). “Segregation of Duties.” n.d. https://www.aicpa.org/interestareas/informationtechnology/resources/value-strategy-through-segregation-of-duties.html
- 6 Douglas O. Linder, ed. “Enron Historical Stock Price.” Famous Trials. n.d. https://www.famous-trials.com/images/ftrials/Enron/documents/enronstockchart.pdf
As an Amazon Associate we earn from qualifying purchases.
This book may not be used in the training of large language models or otherwise be ingested into large language models or generative AI offerings without OpenStax's permission.
Want to cite, share, or modify this book? This book uses the Creative Commons Attribution-NonCommercial-ShareAlike License and you must attribute OpenStax.
Access for free at https://openstax.org/books/principles-financial-accounting/pages/1-why-it-matters
- Authors: Mitchell Franklin, Patty Graybeal, Dixon Cooper
- Publisher/website: OpenStax
- Book title: Principles of Accounting, Volume 1: Financial Accounting
- Publication date: Apr 11, 2019
- Location: Houston, Texas
- Book URL: https://openstax.org/books/principles-financial-accounting/pages/1-why-it-matters
- Section URL: https://openstax.org/books/principles-financial-accounting/pages/8-2-define-and-explain-internal-controls-and-their-purpose-within-an-organization
© Dec 13, 2023 OpenStax. Textbook content produced by OpenStax is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike License . The OpenStax name, OpenStax logo, OpenStax book covers, OpenStax CNX name, and OpenStax CNX logo are not subject to the Creative Commons license and may not be reproduced without the prior and express written consent of Rice University.
Ask Another Question
Follow class ace :.
Case study on internal control
You have recently been appointed as an audit senior and have been assigned to the audit of TNO Limited (TNO) a listed public company. It is the beginning of January 2014 and you are gathering information in order to prepare the audit plan for the year ended 31 December 2013. The firm for which you work has been the auditor of TNO for a number of years. The following information has been gathered to date.
Add your answer:
Case study of process control?
what kind of process control case study??
What is the areas of consideration in case study?
the internal and external environment of the company discernible in the case.
Internal control procedures for cash receipts require that?
go to study
Why is it important to match case subjects and control subjects so closely in a case control study?
so that there is no bias
What are the differecies between cross-sectional study and case-control study?
cohort is frm exposure to outcome, where a group of individuals are "followed up"case control is frm outcome to exposure.
What is the point of using a case control study?
The point of using a case control study is typically to identify factors that may cause a medical condition by comparing people with the condition and people who do not but share common personal traits.
Is a case control study qualitative or quantitative?
A case-control study is qualitative. This is because this kind of study is an observational study, meaning that it involves observing how groups differ in their behavior. The word qualitative measures the quality of something rather than the quantity (qualitative), meaning that a qualitative study measures their data through characteristics rather than numbers.
Is a case-control study qualitative or quantitative?
Difference between internal audit and internal control systems.
Distinguish between internal audit and internal control.
Do ballistic experts study bombs?
A ballistic expert is unlikely to study the nature of a bomb, ie, the chemistry and engineering of the internal components, but they will surely study the physics of their flight, behaviour and effects, in the case of projectile or gravity explosives.
There are GAO internal control standards?
there are how many GAO internal control standards?
Which is a type of detective internal control?
Which of the following is a type of "detective" internal control
Top Categories
COMMENTS
Internal Controls - Cash Operations. The office manager controlled the company's financial operations. She did payroll, accounts payable, invoicing and cash receipts. She rarely took time off ...
Case study on Internal Controls (Answers) Strengths Weaknesses Corporate management has high integrity Divisions operate autonomously with and accountability on the work performed. limited monitoring (management intervenes It is a good approach in enhancing the only when planned results are not obtained). core values among employees in delivering tasks given.
Internal Control Requirements. Required by 2 CFR § 200.303 "The non-Federal entity must establish and maintain effective internal controls over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the ...
3- Case Studies 59 Best Practice References 68. 4 Internal Control Handbook Benefits of a strong internal control system facilitates a company's ... implementing new practices to enhance their internal control systems, whereby each case highlights one of the five components of the COSO IC Framework and showcases its practical application. _
Incorrect. See correct answer (a). c. Internal control over financial reporting. Incorrect. See correct answer (a). d. Fraud risks. Incorrect. See correct answer (a). 14. Ensuring internal audit teams have the right competen-cies with right level of work experience and designing effective internal audit procedures can reduce the risk
Internal control is a process, effected by an entity's governing bodies, management and other personnel, designed to provide reasonable assurance. regarding the achievement of objectives in effectiveness and efficiency of. operations, reliability of financial reporting and compliance with laws and. regulations.
Sarbanes-Oxley is a piece oflegislation passed into law on July 30, 2002 (The Sarbanes-. Oxley Act of 2002 With Analysis, 2002, p. iii). The act was developed to, " .. . to enhance public. company governance, responsibility, and disclosure (p. l)." The official name of the act is.
Case Study #13: The Great Buca Restaurant Fraud R equire active audit committee oversight of internal controls over fi nancial report-ing, including, if appropriate, conducting independent reviews of compliance with rules governing internal controls over fi nancial reporting. Require audit commit-tee review and reporting on tone at the top.
The value of the internal control audit, including the identification of weaknesses, also depends on the coordination of the audit (Lin et al., 2011). During the case study, meetings between IAF and EA were observed. These meetings related primarily to detailed planning and sharing of the results of the work performed.
INTRODUCTION. Rapid growth and under-developed financial and operational controls are common characteristics of many start-up operations, including companies, joint ventures, departments, and divisions. Inadequate or improperly working controls can lead to fraud, loss of customers, and even business failure.
Six short, open-ended internal control cases are presented here. One or more of the cases can be utilized in auditing or accounting information systems courses. These cases address the following ...
University of Mississippi
Internal controls are the systems used by an organization to manage risk and diminish the occurrence of fraud. The internal control structure is made up of the control environment, the accounting system, and procedures called control activities.Several years ago, the Committee of Sponsoring Organizations (COSO), which is an independent, private-sector group whose five sponsoring organizations ...
18 Case Studies in Internal Control. All material stores should be sorted and grouped according to part and machine numbers. All raw materials and parts should be controlled by perpetual inventory records. All employees taking physical inventories should be properly instructed and supervised.
This series of case studies is designed to support that response. Arranged under six themes common to all internal audit teams, they draw on interviews with private and public sector heads of internal audit, who explain their approaches to the challenges of, for example, building relationships with audit committees, evaluating the impact of
Required: (a) In respect of the internal control of Garcia International Co: (i) Identify and explain SIX deficiencies; (ii) Recommend a control to address each of these deficiencies; and. (iii) Describe a test of control Suarez & Co would perform to assess if each of these controls is operating effectively.
Answers. Title: Strengthening Internal Control Systems for XYZ Company Introduction: This case study focuses on XYZ Company, a medium-sized manufacturing firm. The company has experienced rapid growth in recent years, leading to an increase in its business operations and financial transactions. With this growth, management recognizes the need ...
Sample Practice Questions, Answers, and Explanations 441 7. In planning a system of internal operating controls, the role of the internal auditor is to: a. Design the controls. Incorrect. This is a role of management. b. Appraise the effectiveness of the controls. Correct. This is the proper role of the inter-
View Answer. Internal control is enhanced by combining the control of a transaction with the record-keeping function. a. True. b. False. View Answer. For efficiency of operations and better control over cash, a company should maintain only one bank account. i. True. ii. False. View Answer.
This book has been prepared to assist clients and others in understanding the implications of the ICAEW publication Internal Control: Guidance for Directors on the Combined Code.Whilst every care has been taken in its preparation, reference to the guidance should be made, and specific advice sought where
The assumption for this case study is that the internal audit department is located in the Ministry of Transport and Roads and has the scope to engage in internal audit activities in all areas of the Ministry of Transport and Roads. Decentralised internal audit is a relatively new function in the public administration. The service was
Internal control systems. Return to subject. December 2014. AA Paper Exam. Specimen. MC Question 4. Related topics: The 5 components of Internal Control. MC Question 12. Related topics: The 5 components of Internal Control. December 2022. AA Computer Based Exam. Question 1. Related topics: The 5 components of Internal Control.
Case study on internal control. Updated: 11/5/2022. Wiki User. ∙ 9y ago. Best Answer. You have recently been appointed as an audit senior and have been assigned to the audit of TNO Limited (TNO ...