Internal Control


Internal control is the policy and procedures that the company set in place in order to have an efficient and effective business operation, minimize risk, and ultimately to achieve its objective. Internal control in a company is usually set up with the intentions of minimize the risk of error and fraud and safeguard of the assets.

Internal control can be seen by the day to day activities in the company such as:

  • Use password to lock into the computer
  • Use fingerprint clocking system to take attendance
  • Lock the office door at the end of the day
  • Verify or review the work of others
  • Have your work verified or reviewed by other
  • Any request on purchase or payment on certain expenses requires approval etc.

Objectives of Internal Control

The common objectives of internal control are to ensure efficiency and effectiveness of the operation, reliability of financial reporting, and compliance with laws, regulations and internal policies as described in the table below:

Objectives of Internal Control

Efficiency and Effectiveness of Operation

Efficiency means the internal control can help reduce waste and increase productivity in operation. This can be accomplished by ensuring smooth operation and free from disrupting. On the other hand, effectiveness means the control can help achieve the task that is meant for each operating activity.

For example, by implementing a fingerprint clocking system in the internal control, the company can increase its efficiency of attendance taking process or operation by eliminating time performing on manual headcount and entering data into spreadsheet. It is more effective in attendance taking process as the data is generated from the system which is less error than manually entering data in spreadsheet.

Reliability of Financial Reporting

Reliability can be achieved by ensuring the accuracy and timeliness of financial reporting. Accuracy means the financial reports are prepared and presented in a fair manner with the lack of material misstatements. While timeliness means the financial reports are prepared on time and relevant to the current events.

For example, each business transaction of the company is required to be posted daily into its accounting software by a junior accountant, but each transaction requires authorization from a senior accountant before going into general ledger in the accounting software.

This internal control procedure helps to ensure accuracy as the transaction doesn’t go directly into the general ledger since it requires a senior accountant to verify and review each transaction first. It also helps to ensure timeliness of financial reporting as accounting software can automatically generate financial reports such as balance sheet and income statement and each transaction is required to be posted daily into the accounting system.

Compliance with laws, regulations and internal policies

One such internal control would be the regular monitoring of the internal practices of business to ensure that they do not breach any regulation or policy. The monitoring activities can be done by internal audit staff, risk officer or any staff with such responsibility.

For example, a senior accountant at the head office might have a responsibility to monitor the accounting practices of accountants at the branch level to ensure they follow the applicable standards and internal policies.

Also, clear communications and regular training are usually provided in the company in order to ensure that staff at every level follow the laws, regulations and internal policies.

Control Activities

Control activities are the activities that the company performs in its internal control in order to minimize the risks that prevent the company from achieving its objective. Control activities are performed at all levels within the company.

Control activities in the company can be preventive controls or detective controls.

Control Activities

Preventive Controls

Preventive controls are the controls that attempt to prevent or deter error or fraud from occurring. This type of internal control activities prevent misstatements before they occur.

Documentation, authorization, segregation of duties, and security over the assets are examples of the preventive controls.

Detective Controls

Detective controls are the controls that attempt to detect or identify errors or fraud. They detect misstatements after they occur.

They provide evidence of loss that has already occurred due to error or fraud. Review, reconciliation, physical count of inventories, and performing the audit are examples of detective controls.

In general, preventive controls are preferable to detective controls because the possibility of being caught by a detective control might prevent someone from committing an error or a fraud. Also, preventive controls are usually more cost-efficient in the internal control system.