Upload
pallavijain
View
3
Download
0
Embed Size (px)
DESCRIPTION
Internal Contraol Project
Citation preview
5
INTERNAL!CONTROL!
CONTENT& Sr.&No.& PARTICULARS& Page&No.&&CHAPTER&I&&INTRODUCTION&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&6&1.1& What!is!Cost!Accounting! 6&1.2& Objectives!of!Cost!Accounting! 7&1.3& Essentials!of!a!good!Costing!system! 8&1.4& Types!of!Costing!Systems! 9&1.5& Classication!of!costs!for!Management!decision!making! 10&
&CHAPTER&II&&PROCESS&OF&INTERNAL&CONTROL&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&12&2.1& Control!Environment! 13&2.2& Risk!Assessment! 14&2.3& Control!Activities! 16&2.4& Information!&!Communication! 22&2.5& Monitoring! 23&
&CHAPTER&III&&PRACTICE&OF&INTERNAL&CONTROL&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&24&3.1& Cash!Reciepts! 24&3.2& Cash!Disbursements! 26&3.3& Bank!Accounts!&!Bank!Reconciliation! 27&3.4& Payroll! 28&3.5& Distinguishing!Employees!from!Independent!Contractors! 31&3.6& Equipment!&!Consumables! 31&3.7& Information!Technology! 32&
&CHAPTER&IV&&CONCLUSION&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&34&4.1& Need!for!an!effective!Internal!Control!System& 34&4.2& Different!Approaches!for!Internal!Control& 34&
&APPENDIX&
& !!!!Bibliography& 36&
6
I.#INTRODUCTION! Accounting is a very old science which aims at keeping records of various transactions. The
accounting is considered to be essential for keeping records of all receipts and payments as well
as that of the income and expenditures. Accounting can be broadly divided into three categories.
1. Financial Accounting, aims at nding out prot or losses of an accounting year as well
as the assets and liabilities position, by recording various transactions in a systematic manner.
2. Cost Accounting helps the business to ascertain the cost of production/services offered
by the organization and also provides valuable information for taking various decisions and also
for cost control and cost reduction.
3. Management Accounting helps the management to conduct the business in a more
efcient manner.
1.1 WHAT&IS&COST&ACCOUNTING& As compared to the nancial accounting, the focus of cost accounting is different. In the modern
days of cut throat competition, any business organization has to pay attention towards their cost
of production. Computation of cost on scientic basis and thereafter cost control and cost
reduction has become of paramount importance. Hence it has become essential to study the basic
principles and concepts of cost accounting. These are discussed in the subsequent paragraphs.
Cost :- Cost can be dened as the expenditure (actual or notional) incurred on or attributable to a
given thing. It can also be described as the resources that have been sacriced or must be
sacriced to attain a particular objective. In other words, cost is the amount of resources used for
something which must be measured in terms of money. For example Cost of preparing one cup
of tea is the amount incurred on the elements like material, labor and other expenses, similarly
7
cost of offering any services like banking is the amount of expenditure for offering that service.
Thus cost of production or cost of service can be calculated by ascertaining the resources used
for
the production or services.
Costing:-Costing may be dened as the technique and process of ascertaining costs. According
to Wheldon, Costing is classifying, recording, allocation and appropriation of expenses for the
determination of cost of products or services and for the presentation of suitably arranged data
for the purpose of control and guidance of management. It includes the ascertainment of every
order, job, contract, process, service units as may be appropriate. It deals with the cost of
production, selling and distribution.
Cost%Accounting% :-!Cost!Accounting!primarily!deals!with!collection,!analysis!of!relevant!of!cost!data!for! interpretation!and!presentation!for!various!problems!of!management.!Cost!accounting!accounts!for!the!cost!of!products,!service!or!an!operation.!It!is!dened!as,! the!establishment!of!budgets,!standard!costs!and!actual!costs!of!operations,!processes,!activities!or!products!and!the!analysis! of! variances,! protability! or! the! social! use! of! funds.! Cost accounting helps in the determination of selling price. Cost accounting enables to determine the cost of production on
a scientic basis and it helps to x the selling price the production processes/services offered.
1.2 &OBJECTIVES&OF&COST&ACCOUNTING&:I&&
Objectives of Cost Accounting can be summarized as under
To! ascertain! the! cost! of! production! on! per! unit! basis,! for! example,! cost! per! kg,! cost! per!meter,cost!per!liter,!cost!per!ton!etc.! Cost accounting helps in cost control and cost reduction.!
8
Ascertainment of division wise, activity wise and unit wise protability becomes possible
through cost accounting.! Cost accounting also helps in locating wastages, inefciencies and other loopholes! Cost accounting helps in presentation of relevant data to the management which helps in
decision making. Decision making is one of the important functions of Management and
it requires presentation of relevant data. Cost accounting enables presentation of relevant
data in a systematic manner so that decision making becomes possible.! Cost accounting also helps in estimation of costs for the future.!
1.3 &ESSENTIALS&OF&A&GOOD&COSTING&SYSTEM&:I&& For availing of maximum benets, a good costing system should possess the following
characteristics.
Costing system adopted in any organization should be suitable to its nature and size of
the business and its information needs.
A costing system should be such that it is economical and the benets derived from the
same should be more than the cost of operating of the same.
Costing system should be simple to operate and understand. Unnecessary complications
should be avoided.
Costing system should ensure proper system of accounting for material, labor and
overheads and there should be proper classication made at the time of recording of the
transaction itself.
Before designing a costing system, need and objectives of the system should be
identied.
The costing system should ensure that the nal aim of ascertaining of cost as accurately
9
possible should be achieved.
1.4 TYPES&OF&COSTING&SYSTEMS&:I&& There are different costing systems used in practice. These are described below.
1.Historical Costing :- In this system, costs are ascertained only after they are incurred and that
is why it is called as historical costing system. For example, costs incurred in the month of April,
2007 may be ascertained and collected in the month of May. Such type of costing system is
extremely useful for conducting post-mortem examination of costs, i.e. analysis of the costs
incurred in the past. Historical costing system may not be useful from cost control point of view
but it certainly indicates a trend in the behavior of costs and is useful for estimation of costs in
future.
2. Absorption Costing :- In this type of costing system, costs are absorbed in the product units
irrespective of their nature. In other words, all xed and variable costs are absorbed in the
products. It is based on the principle that costs should be charged or absorbed to whatever is
being costed, whether it is a cost unit, cost center.
3. Marginal Costing :- In Marginal Costing, only variable costs are charged to the products and
xed costs are written off to the Costing Prot and Loss A/c. The principle followed in this case
is that since xed costs are largely period costs, they should not enter into the production units.
Naturally, the xed costs will not enter into the inventories and they will be valued at marginal
costs only.
4. Uniform Costing :- This is not a distinct method of costing but is the adoption of identical
costing principles and procedures by several units of the same industry or by several
undertakings by mutual agreement. Uniform costing facilitates valid comparisons between
organizations and helps in eliminating inefciencies.
10
1.5 CLASSIFICATION&OF&COSTS&FOR&MANAGEMENT&DECISION&MAKING&:I&& One of the important function of cost accounting is to present information to the Management for
the purpose of decision making. For decision making certain types of costs are relevant.
Classication of costs based on the criteria of decision making can be done in the following
manner
Marginal Cost :- Marginal cost is the change in the aggregate costs due to change in
the volume of output by one unit. For example, suppose a manufacturing company
produces 10,000 units and the aggregate costs are Rs. 25,000, if 10,001 units are produced the
aggregate costs may be Rs. 25,020 which means that the marginal cost is Rs. 20. Marginal cost is
also termed as variable cost and hence per unit marginal cost is always same, i.e. per unit
marginal cost is always xed. Marginal cost can be effectively used for decision making in
various areas.
Differential Costs :- Differential costs are also known as incremental cost. This cost is
the difference in total cost that will arise from the selection of one alternative to the
other. In other words, it is an added cost of a change in the level of activity. This type of
analysis is useful for taking various decisions like change in the level of activity, adding
or dropping a product, change in product mix, make or buy decisions, accepting an
export offer and so on.
Opportunity Costs :- It is the value of benet sacriced in favor of an alternative course
of action. It is the maximum amount that could be obtained at any given point of time if
a resource was sold or put to the most valuable alternative use that would be
11
practicable.Opportunity cost of goods or services is measured in terms of revenue which could
have been earned by employing that goods or services in some other alternative uses.
Replacement Cost :- This cost is the cost at which existing items of material or xed
assets can be replaced. Thus this is the cost of replacing existing assets at present or at a future
date.
Abnormal Costs :- It is an unusual or a typical cost whose occurrence is usually not regular and
is unexpected. This cost arises due to some abnormal situation of production. Abnormal cost
arises due to idle time, may be due to some unexpected heavy breakdown of machinery. They are
not taken into consideration while computing cost of production or for decision making.
Controllable Costs :- In cost accounting, cost control and cost reduction are extremely
important. In fact, in the competitive environment, cost control and reduction are key words.
Hence it is essential to identify the controllable and uncontrollable costs. Controllable costs are
those which can be controlled or inuenced by a conscious
management action. For example, costs like telephone, printing stationery etc can be
controlled while costs like salaries etc cannot be controlled at least in the short run.
Generally, direct costs are controllable while uncontrollable costs are beyond the control
of an individual in a given period of time.
Capacity Cost :- These costs are normally xed costs. The cost incurred by a company for
providing production, administration and selling and distribution capabilities in order
to perform various functions. Capacity costs include the costs of plant, machinery and
building for production, warehouses and vehicles for distribution and key personnel
for administration. These costs are in the nature of long-term costs and are incurred as a result
of planning decisions.
12
II.##INTERNAL#CONTROL#PROCESS!Internal control consists of five interrelated components as follows:
Control (or Operating) environment
Risk assessment
Control activities
Information and communication
Monitoring
All five internal control components must be present to conclude that internal control is
effective.
Monitoring%
Control%Activities%
Risk%Assessment%
Control%Environment%
13
2.1&CONTROL&ENVIRONMENT& The control environment is the control consciousness of an organization; it is the
atmosphere in which people conduct their activities and carry out their control
responsibilities. An effective control environment is an environment where competent people
understand their responsibilities, the limits to their authority, and are knowledgeable, mindful,
and committed to doing what is right and doing it the right way. They are committed to
following an organization's policies and procedures and its ethical and behavioral standards. The
control environment encompasses technical competence and ethical commitment; it is an
intangible factor that is essential to effective internal control.
Who is Responsible?
Management is responsible for "setting the tone" for their organization. Management should
foster a control environment that encourages:
the highest levels of integrity and personal and professional standards
a leadership philosophy and operating style which promote internal control throughout
the organization assignment of authority and responsibility.
Control Environment Tips
Effective human resource policies and procedures enhance an organization's control
environment. These policies and procedures should address hiring, orientation, training,
evaluations, counseling, promotions, compensation, and disciplinary actions. In the event that an
employee does not comply with an organization's policies and procedures or behavioral
standards, an organization must take appropriate disciplinary action to maintain an effective
control environment.
Listed below are some tips to enhance a department's control environment-
14
Make sure that the following policies and procedures are available in your department :
- Administrative Procedures
- Business and Finance Bulletins
- Employee Handbook
- Purchasing Manual
- Personnel Memorandum
Make sure that the department has well-written departmental policies and procedures
manual which addresses its significant activities and unique issues. Employee responsibilities,
limits to authority, performance standards, control procedures, and reporting relationships
should be clear.
Make sure that employees are well acquainted with the Universitys policies and
procedures that pertain to their job responsibilities.
Make sure that job descriptions exist, clearly state responsibility for internal control, and
correctly translate desired competence levels into requisite knowledge, skills, and experience;
make sure that hiring practices result in hiring qualified individuals.
2.2&RISK&ASSESSMENT& 1. Determine Goals and Objectives
The central theme of internal control is
(1) To identify risks to the achievement of an organization's objectives and
(2) To do what is necessary to manage those risks. Thus, setting goals and objectives is a
precondition to internal controls. At the highest levels, goals and objectives should be presented
in a strategic plan that includes a mission statement and broadly defined strategic initiatives. At
15
the department level, goals and objectives should support the organization's strategic plan. Goals
and objectives are classified in the following categories:
Operations objectives: These objectives pertain to the achievement of the basic
mission(s) of a department and the effectiveness and efficiency of its operations, including
performance standards and safeguarding resources against loss.
Financial reporting objectives: These objectives pertain to the preparation of reliable
financial reports, including the prevention of fraudulent public financial reporting.
Compliance objectives: These objectives pertain to adherence to applicable laws and
regulations.
2. Identify Risks and Determining Goals
Risk assessment is the identification and analysis of risks associated with the achievement of
operations, financial reporting, and compliance goals and objectives. This, in turn, forms a basis
for determining how those risks should be managed.
Who is responsible?
To properly manage their operations, managers need to determine the level
of operations, financial and compliance risk they are willing to assume. Risk assessment is one
of management's responsibilities and enables management to act proactively in reducing
unwanted surprises. Failure to consciously manage these risks can result in a lack of confidence
that operation, financial and compliance goals will be achieved.
Higher Risk Transaction Types
Below are some types of transactions that may pose higher risks to departments:
Assets with Alternative Uses
Cash Receipts
16
Consultant Payments and Other Payments for Services
Travel Expenditures
These are transaction types that deserve a conscious risk review.
Qualitative and Quantitative Costs
When evaluating the potential impact of risk, both quantitative and qualitative costs need to be
addressed. Quantitative costs included the cost of property, equipment, or inventory, cash rupee
loss, damage and repair costs, costs of defending a lawsuit, etc.
Qualitative costs can have wide-ranging implications. These costs may include:
Loss of public trust
Loss of future grants, gifts and donations
Injury to the school's reputation
Increased legislation
3. Risks Analysis
After risks have been identified, a risk analysis should be performed to prioritize those risks:
Assess the likelihood (or frequency) of the risk occurring.
Estimate the potential impact if the risk were to occur; consider both quantitative and
qualitative costs.
Determine how the risk should be managed; decide what actions are necessary.
Prioritizing helps departments focus their attention on managing significant risks .
2.3&CONTROL&ACTIVITIES& Control activities are actions, supported by policies and procedures that, when carried out
properly and in a timely manner, manage or reduce risks.
Who is Responsible?
17
In the same way that managers are primarily responsible for identifying the financial and
compliance risks for their operations, they also have line responsibility for designing,
implementing and monitoring their internal control system.
Preventive and Detective Controls
Controls can be either preventive or detective. The intent of these controls is different.
Preventive controls attempt to deter or prevent undesirable events from occurring. They are
proactive controls that help to prevent a loss. Examples of preventive controls are separation of
duties, proper authorization, adequate documentation, and physical control over assets. Control
activities include approvals, authorizations, verifications, reconciliations, reviews of
performance, security of assets, segregation of duties, and controls over information
systems.
Approvals, Authorizations, and Verifications (Preventive)
Management authorizes employees to perform certain activities and to execute certain
transactions within limited parameters. In addition, management specifies those activities or
transactions that need supervisory approval before they are performed or executed by employees.
A supervisors approval (manual or electronic) implies that he or she has verified and validated
that the activity or transaction conforms to established policies and procedures.
Reconciliations (Detective)
An employee relates different sets of data to one another, identifies and investigates differences,
and takes corrective action, when necessary.
Reviews of Performance (Detective)
18
Management compares information about current performance to budgets, forecasts, prior
periods, or other benchmarks to measure the extent to which goals and objectives are being
achieved and to identify unexpected results or unusual conditions that require follow-up.
Security of Assets (Preventive and Detective)
Access to equipment, inventories, securities, cash and other assets is restricted; assets are
periodically counted and compared to amounts shown on control records.
Controls over Information Systems (Preventive and Detective)
Controls over information systems are grouped into two broad categories - general controls and
application controls. General controls commonly include controls over data center operations,
system software acquisition and maintenance, access security, and application system
development and maintenance. Application controls such as computer matching and edit checks
are programmed steps within application software; they are designed to help ensure the
completeness and accuracy of transaction processing, authorization, and validity. General
controls are needed to support the functioning of application controls; both are needed to ensure
complete and accurate information processing.
Control Activities Approvals (Preventive)
Written policies and procedures
Limits to authority
Supporting documentation
An important control activity is authorization/approval. Authorization is the delegation of
authority; it may be general or specific. Giving a department permission to expend funds from an
approved budget is an example of general authorization. Approvers should review supporting
documentation, question unusual items, and make sure that necessary information is present to
19
justify the transaction-before they sign it. Signing blank forms should never be allowed.
Approval authority may be linked to specific rupee levels. Transactions that exceed the specified
rupee level would require approval at a higher level. Under no circumstance should an
approver tell someone that they could sign the approver's name on behalf of the approver.
Similarly, under no circumstance should an approver with electronic approval authority share his
password with another person.
Control Activities Reconciliations (Detective)
Reconciliation is a comparison of different sets of data to one another, identifying and
investigating differences, AND taking corrective action, when necessary.
For example, verifying charges in the general ledger to file copies of approved invoices.
Broadly defined, reconciliation is a comparison of different sets of data to one another,
identifying and investigating differences, and taking corrective action, when necessary, to
resolve differences. Reconciling monthly financial reports from the Accounting Department to
file copies of supporting documentation or departmental accounting records is an example of
reconciling one set of data to another. To ensure proper segregation of duties, the person who
approves transactions or handles cash receipts should not be the person who performs the
reconciliation.
A critical element of the reconciliation process is to resolve differences.
It does no good to note differences and do nothing about it. Differences should be identified,
investigated, and explained--corrective action must be taken. If expenditure is incorrectly
charged to a department's accounts, then the approver should request a correcting journal entry;
the reconciler should ascertain that the correcting journal entry was posted. Reconciliations
should be documented and approved by management.
20
Control Activities Reviews (Detective)
Budget to actual comparison
Current to prior period comparison
Performance indicators
Follow-up on unexpected results or unusual items
Reviewing reports, statements, reconciliations, and other information by management is an
important control activity; management should review such information for consistency and
reasonableness. Reviews of performance provide a basis for detecting problems.
Control Activities Asset Security (Preventive and Detective)
Security of physical and intellectual assets
Physical safeguards
Perpetual records are maintained
Liquid assets, assets with alternative uses, dangerous assets, vital documents, critical systems,
and confidential information must be safeguarded against unauthorized acquisition, use, or
disposition. Typically, access controls are the best way to safeguard these assets. Departments
with capital assets or significant inventories should establish perpetual inventory control over
these items by recording purchases and issuances. Periodically, the items should be physically
counted by a person who is independent of the purchase, authorization and asset custody
functions, and the counts should be compared to balances per the perpetual records.
Control Activities Segregation of Duties (Preventive and Detective)
No one person should
Initiate the transaction
Approve the transaction
21
Record the transaction
Reconcile balances
Handle assets
Review reports
Segregation of duties is critical to effective internal control; it reduces the risk of both erroneous
and inappropriate actions.
In general, the approval function, the accounting/reconciling function, and the asset
custody function should be separated among employees.
When these functions cannot be separated, due to small department size, a detailed supervisory
review of related activities is required as a compensating control activity. Segregation of duties is
a deterrent to fraud because it requires collusion with another person to perpetrate a fraudulent
act.
Specific examples of segregation of duties are as follows:
The person who requisitions the purchase of goods or services should not be the person
who approves the purchase.
The person who approves the purchase of goods or services should not be the person
who reconciles the monthly financial reports.
The person who opens the mail and prepares a listing of checks received should not be
the person who makes the deposit.
Control Activities Information Systems
Employees use a variety of information systems: mainframe computers, local area and wide area
networks of minicomputers and personal computers, single-user workstations and personal
computers, telephone systems, video conference systems, etc. The need for internal control over
22
these systems depends on the criticality and confidentiality of the information and the
complexity of the applications that reside on the systems.
2.4&INFORMATION&AND&COMMUNICATION&
Information and communication are essential to effecting control; information about an
organization's plans, control environment, risks, control activities, and performance must be
communicated up, down, and across an organization. Reliable and relevant information from
both internal and external sources must be identified, captured, processed, and communicated to
the people who need it--in a form and timeframe that is useful. Information systems produce
reports, containing operational, financial, and compliance-related information that makes it
possible to run and control an organization. Information and communication systems can be
formal or informal. Formal information and communication systems--which range from
sophisticated computer technology to simple staff meetings-should provide input and feedback
data relative to operations, financial reporting, and compliance objectives; such systems are vital
to an organization's success.
When assessing internal control over a significant activity , the key questions to ask about
information and communication are as follows:
Does our department get the information it needs from internal and external sources in a
form and timeframe that is useful?
Does our department get information that measures its performance-information that tells
the department whether it is achieving its operations, financial reporting, and compliance
objectives?
23
Does our department provide information to others that alerts them to internal or external
risks?
Does our department communicate effectively--internally and externally?
Information and communication are simple concepts. Nevertheless, communicating with people
and getting information to people in a form and timeframe that is useful to them is a constant
challenge
2.5&&MONITORING&&:& Monitoring is the assessment of internal control performance over time; it is accomplished by
ongoing monitoring activities and by separate evaluations of internal control such as self-
assessments, peer reviews, and internal audits. The purpose of monitoring is to determine
whether internal control is adequately designed, properly executed, and effective. Internal control
is adequately designed and properly executed if all five internal control components (Control
Environment, Risk Assessment, Control Activities, Information and Communication, and
Monitoring) are present and functioning as designed.
Internal control is effective if management and interested stakeholders have reasonable
assurance that:
They understand the extent to which operations objectives are being achieved.
Published financial statements are being prepared reliably.
Applicable laws and regulations are being compiled.
While internal control is a process, its effectiveness is an assessment of the condition of the
process at one or more points in time.
24
III.#THE#PRACTICE#OF"INTERNAL"CONTROL!The purpose of this section is to provide practical information about internal controls for
organizations financial operations. The control procedures discussed are presented in an easy
reference format which lists individual controls and the reasons why the control is important.
Choosing the right internal controls and ensuring that they are consistently applied will help
ensure that organisations are using their assets efficiently and protecting against loss, waste and
abuse.
This section contains examples of internal controls in the following financial areas:
Cash Receipts
Cash Disbursements
Bank Accounts and Bank Reconciliation Procedures
Payroll
Distinguishing Employees from independent contractors
Equipment and Consumables
Information Technology
3.1&CASH&RECEIPTS& Before employers can select and implement controls suitable for the size and complexity of their
operations, they must first understand how, when, and where cash is collected and the duties
performed by each employee. Although no system is foolproof, a well-designed set of control
procedures can provide reasonable assurance that significant thefts of cash receipts and
significant record-keeping errors will be prevented or detected. Cash, above all other assets, has
25
the greatest potential for theft if a system of internal controls is not in place and functioning
effectively.
Collection Procedures
Assign a separate cash drawer to each employee responsible for collecting cash.
Instruct collectors that personal or payroll checks cannot be cashed from moneys in their
cash drawers.
The office copy of issued receipt forms should be periodically reviewed by supervisory
personnel, and any gaps or missing receipt forms should be investigated. Both copies of
voided receipts should also be retained.
Deposit Procedures
Secure un deposited cash and prepared deposits in a vault or safe (or other locked
storage) until they are deposited in the bank. Restrict access to the vault or safe, or keep
other storage methods locked when not in use.
Prepare and maintain detailed deposit slips. Deposit slips must be detailed enough to
identify the composition of the deposit between cash collected and individual checks
deposited.
The person who performs the bank reconciliation should be the final custodian of all
deposit slips.
Record-Keeping Procedures
Record receipts in the accounting system timely.
For each cash drawer, daily cash collection records or cash register tapes should be
reconciled to the amount of cash on hand at the end of the day
26
Employees responsible for collecting cash and preparing bank deposits should not record
cash transactions in the accounting records.
3.2&CASH&DISBURSEMENTS& Firms make a wide variety of cash disbursements, mostly by check, but to a lesser degree by
wire transfer for bond and note payments; by direct deposit for net payroll amounts when
properly authorized; and, in cash, for petty cash disbursements. Contrary to common
assumptions, fraud actually occurs more frequently in the cash disbursement cycle than in the
cash receipt cycle
Check Preparation Procedures
Assign an employee not responsible for check preparation to order checks, inventory
them, and to identify reasons for gaps in the numbering sequence. Issue pre-numbered
checks in sequence.
The official responsible for check preparation and signing should not have the authority
to solely (or individually) audit and approve claims for payment.
The official responsible for signing checks (or a deputy) should compare prepared
checks to an audited and approved warrant or a payroll register prior to releasing such
checks.
Petty Cash Procedures
A petty cash fund must be established (increased or decreased) only in accordance with
legal requirements, generally, by resolution of the board. The resolution should establish
the custodian and amount for the fund. Petty cash funds should be authorized at the
lowest amount practical.
27
Custody of the petty cash fund should be assigned to only one employee. As petty cash
custodian, this employee should handle all petty cash transactions and should secure the
fund in a locked location separate from other cash drawers.
3.3&BANK&ACCOUNTS&AND&BANK&RECONCILIATION&PROCEDURES.& Safeguarding bank account information has become increasingly important in todays electronic
environment. Access to bank account information creates an opportunity for fraudsters to create
phony checks and fictitious wire transfers from computers anywhere in the world. All bank
account information and bank passwords should be safeguarded both within and outside the
organization. Requests for bank account information originating from outside the firm should be
verified before any information is provided. Only known and authorized personnel should be
given access to bank account information. Ensuring that bank reconciliations are prepared timely
is also an effective internal control for detecting accounting and banking errors and for
identifying fraudulent transactions originating from outside the organization.
Bank Account Procedures
Inform all depositories in writing that only the chief fiscal officer (or other officers
having custody of monies and authorized to have a bank account) or their deputies, are
permitted to open or close bank accounts for general governmental purposes.
Keep your tax ID number in a secure location not available to other officers, employees,
or to the public.
The chief fiscal, other authorized officer or internal auditor should periodically ask each
depository for a listing of all bank accounts in the name of the organization and for all
bank accounts carrying the organizations tax ID.
28
When an official authorized to sign checks or to perform wire transfers leaves the organization,
immediately contact the bank and revoke his or her check signing authority, online banking
capabilities and wire transfer authority, and destroy his or her signature disk.
Bank Reconciliation Procedures
Bank reconciliations should be prepared monthly and any differences between net bank
balances and general ledger cash accounts should be researched and explained. A
supervisor should review the monthly bank reconciliation and authorize any correcting
entries needed.
Bank reconciliations should be performed by an employee or official who does not have
custody or access to cash and who does not record cash receipt, cash disbursement, or
journal entry transactions.
During the bank reconciliation process, check images (or cancelled checks) and bank
statements should be reviewed for anything out of the ordinary, such as suspicious
payees, large dollar amounts, and secondary endorsements. All check images should be
retained in electronic format for audit purposes.
3.4&PAYROLL& Payroll and related employee benefit costs are by far the largest component of nearly every
organisations budget. The establishment of strong internal controls over payroll ensures that
employees are paid the correct salary and wages, and opportunities for payroll errors and fraud
are controlled. Some examples of payroll frauds include ghost employees overstating regular or
overtime hours worked; increasing rates of pay without board approval; and continuing
employees on the payroll after termination. Internal controls also provide assurance that the large
volume of information required for every payroll is processed quickly and accurately.
29
Authorization Procedures
The board, or such other body or officer as authorized by law, should establish and
approve all salary and hourly wages by position or as part of a collective bargaining
agreement. Subject to statutory requirements and collective bargaining agreement
provisions, the board or officer should also establish the frequency of all payroll
distributions .
If not otherwise segregated under the law, segregate payroll authorizations from the
preparation and processing of payroll records and checks. In a computerized payroll
system, payroll changes should be entered into the system by the personnel department
or an employee who does not process the payroll register and checks, if possible.
Limit access to computerized payroll applications and data files containing potentially
confidential information such as social security numbers and deductions.
Payroll Change Procedures
All changes in employment status (e.g., additions and terminations), salary, and wage
rates should be properly authorized, approved, and documented to support employment
status changes. When appropriate, payroll change forms should be used to document and
authorize wage and salary changes authorized by the governing board.
If payroll change forms are used, control access to these forms by keeping them in a
locked cabinet or drawer.
Time and Attendance Records
Require employees to document days and hours worked and leave credits used on either
time sheets or time cards. Time sheets and time cards should be reviewed and approved
by supervisory personnel who have direct contact with the employee.
30
Using time clocks to record arrival and departure times will provide additional control
over days and hours worked by employees. Electronic time clocks can also reduce
manual processing of payroll data if the time clock and payroll application are
compatible.
Verification Procedures
Even if not otherwise required by law, before checks are distributed, payroll registers or
similar records should be certified by the officer or employee having direct supervision
over specific departments or individual employees. The certification should indicate that
to the best of the supervisors knowledge, services were actually performed by the
persons listed on the payroll and that days and hours worked are accurate and justified.
Management or the internal auditor should periodically review payroll change reports.
When unusual changes are identified, those items should be traced to authorization
documents.
Payroll Check Procedures
Payroll checks should not be distributed to employees prior to the actual pay dates.
In organisations with more than 100 employees, as part of the direct deposit program,
periodically require employees to pick up their payroll statement in person.
Reconciliation Procedures
Establish a separate bank account for payroll transactions.
The payroll bank reconciliation should be performed by an employee who is not
connected with the authorization of payroll changes or with payroll preparation.
Statutory Controls
31
A complete payroll should be submitted timely to the appropriate agency or officer for
certification.
3.5&DISTINGUISHING&EMPLOYEES&FROM&INDEPENDENT&CONTRACTORS& Situations sometimes occur where it is not clear whether an individual who performs services for
a organization is an employee or an independent contractor. When these situations occur, it will
be important for the organization to have a process in place to assist in making an objective and
defensible determination. Misclassifying an individual as an independent contractor rather than
an employee can create a liability for interest and penalties on unpaid employment taxes.
Documentation of the factors considered in these situations and the conclusions reached should
be retained for audit purposes.
All new employee positions (including job descriptions) should be formally created and
the approval of the appropriate civil service agency or officer obtained when required.
Individuals should not be added to the payroll roster unless a vacant civil service position
exists or the creation of a new position has been requested by the board or other
appropriate body or official.
3.6&EQUIPMENT&AND&CONSUMABLES& Organisations purchase a wide variety of equipment and consumables to assist in delivering
services to their clients. Equipment includes highly visible items such as plant and machinery,
furniture, and office equipment. It also includes highly portable items such as cameras, laptops,
chain saws, and even lawn equipment. The term consumables generally refers to items such as
gasoline, cafeteria food items, and copier paper. The design of controls put into place to protect
these assets will vary depending on the value and the portability of the asset.
Safeguarding Procedures
32
Mark or label all equipment as property of the organisation. For more sensitive items,
such as those susceptible to theft, tags with individual serial numbers should be affixed
to the equipment and detailed records should be maintained. Label and/ or tag equipment
before it is placed into service.
Assign responsibility for small, high-rupee value equipment such as laptops, projectors,
and specialized hand tools to a specific employee. Safeguard highly portable equipment
in limited access cabinets or storerooms when not in use.
Inventory Records
Equipment inventory records should contain descriptions, quantities, locations, dates of
purchase and original cost; when appropriate; assign responsibility for the asset to a
specific official or manager.
Subject to statutory requirements, the preparation and maintenance of inventory records
for equipment should be assigned to an individual who does not have custody of the
equipment.
Retirement/Disposal of Equipment
Retirement and/or disposal of equipment should be authorized and documented prior to
the actual disposal of the items and their removal from the equipment inventory listing.
Physical Inventory Procedures
The physical inventory should be compared to the prior physical inventory of equipment
and to the detailed property records. All material differences should be identified and
reviewed by management.
33
3.7 INFORMATION&TECHNOLOGY& IT is involved in many aspects of organisations operations, such as record keeping, banking,
payroll, inventory monitoring and control, tax collection, and public safety.
Safeguarding information needed for these types of services and support functions is challenging
when records pertaining to these functions are created and stored on computers. A secure IT
environment manages, processes, and protects computerized information.
Network Security
Install an appropriate firewall.
Utilize virus protection and ensure all computers have an up-to-date version.
IT administration should ensure there are no open ports on the servers.
Software Security
Test software before general dissemination to computers. In addition, back up original
files before installing new software in case data does not transfer properly.
IT administration should backup software by securing the master copies of the software
and its user instructions.
Maintain an inventory of software applications installed on all computers
Data Security
Classify all local government data according to sensitivity, and when possible, segregate
high and low sensitivity data on the network. If a public web server is used for business
purposes also, confidential information should be stored on a separate server.
Encourage computer users to store all sensitive data on the network, not on their hard
drives.
34
!IV.$CONCLUSION!4.1&NEED&FOR&AN&EFFECTIVE&INTERNAL&CONTROL&SYSTEM:& An Internal Control System (ICS) is a mandatory requirement to meet the obligations of
Corporate Governance and the legislation, throughout the world, requiring Directors and Senior
Managers to maintain effective control of the organization and to demonstrate positively their
involvement in the control of the organization. The ICS can have a material impact on the ability
of an organisation to meet its objectives. The paper shows that you can have an ICS that inhibits
an organisation to meet it objectives as well as an ICS that assists. Almost certainly all
organisations will need to be able to react promptly to unexpected events. Organisations that do
not have the proper internal controls tend to deteriorate over time.
Therefore, companies should incorporate effective internal control systems to
accompany other risk management approaches like insurance and risk portfolio. Internal Control
Systems can provide an additional reference tool for organizations to identify and assess
operating controls, financial reporting, and regulatory compliance processes and to formulate
preventive actions where needed.
4.2&DIFFERENT&APPROACHES&FOR&INTERNAL&CONTROL:& The two types of approaches that are commonly used by companies are insurance and risk
portfolio. Companies purchase insurance to transfer certain risk that may affect the property,
employees, and other assets of the business. Insurance provides companies with a sense of relief
from unexpected events such as fraud, natural disasters, injuries, and product replacement.
Although insurance is a great way to mitigate risk, it lacks the proactive ability to protect
organisations from losses.
35
Portfolio Risk Management is an approach that companies use to manage the risk of investments
to determine the rate of return. Good portfolio system will help management to evaluate their
risk-tolerance and optimize business operations. Corporations using portfolio risk management
are able to take a more in depth look at risk to determine how they may fit into risk appetite. The
portfolio approach also provides organizations with a different view on how to reduce risk,
develop new techniques to identify and analyze risk, and find correlations between risks of
similar nature. Currently both approaches provide internal controls that are essential to managing
risk but have limitations in balancing and controlling risk factors. Finding an effective internal
control system provides reasonable assurance for safeguarding assets. The most common and
effective internal controls are internal audits and establishing and following policies and
procedures. However, selecting the appropriate personnel to conduct the audits and enforce the
policies and procedures and then segregating those duties to specialists increases the
effectiveness of those internal controls. Other effective controls include training in ethics and
corporate codes of conduct.
36
BIBLIOGRAPHY!www.investopedia.com/terms/i/internalcontrols.asp f2.washington.edu/fm/fa/internal-controls www.coso.org/documents/Internal%20Control-Integrated%20Framework.pdf www.icai.org/post.html?post_id=460 www.cliffsnotes.com/more-subjects/accounting/accounting-principles-i/principles-of-accounting/internal-control