5

INTERNAL!CONTROL!

CONTENT& Sr.&No.& PARTICULARS& Page&No.&&CHAPTER&I&&INTRODUCTION&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&6&1.1& What!is!Cost!Accounting! 6&1.2& Objectives!of!Cost!Accounting! 7&1.3& Essentials!of!a!good!Costing!system! 8&1.4& Types!of!Costing!Systems! 9&1.5& Classication!of!costs!for!Management!decision!making! 10&

&CHAPTER&II&&PROCESS&OF&INTERNAL&CONTROL&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&12&2.1& Control!Environment! 13&2.2& Risk!Assessment! 14&2.3& Control!Activities! 16&2.4& Information!&!Communication! 22&2.5& Monitoring! 23&

&CHAPTER&III&&PRACTICE&OF&INTERNAL&CONTROL&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&24&3.1& Cash!Reciepts! 24&3.2& Cash!Disbursements! 26&3.3& Bank!Accounts!&!Bank!Reconciliation! 27&3.4& Payroll! 28&3.5& Distinguishing!Employees!from!Independent!Contractors! 31&3.6& Equipment!&!Consumables! 31&3.7& Information!Technology! 32&

&CHAPTER&IV&&CONCLUSION&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&34&4.1& Need!for!an!effective!Internal!Control!System& 34&4.2& Different!Approaches!for!Internal!Control& 34&

&APPENDIX&

& !!!!Bibliography& 36&

6

I.#INTRODUCTION! Accounting is a very old science which aims at keeping records of various transactions. The

accounting is considered to be essential for keeping records of all receipts and payments as well

as that of the income and expenditures. Accounting can be broadly divided into three categories.

1. Financial Accounting, aims at nding out prot or losses of an accounting year as well

as the assets and liabilities position, by recording various transactions in a systematic manner.

2. Cost Accounting helps the business to ascertain the cost of production/services offered

by the organization and also provides valuable information for taking various decisions and also

for cost control and cost reduction.

3. Management Accounting helps the management to conduct the business in a more

efcient manner.

1.1 WHAT&IS&COST&ACCOUNTING& As compared to the nancial accounting, the focus of cost accounting is different. In the modern

days of cut throat competition, any business organization has to pay attention towards their cost

of production. Computation of cost on scientic basis and thereafter cost control and cost

reduction has become of paramount importance. Hence it has become essential to study the basic

principles and concepts of cost accounting. These are discussed in the subsequent paragraphs.

Cost :- Cost can be dened as the expenditure (actual or notional) incurred on or attributable to a

given thing. It can also be described as the resources that have been sacriced or must be

sacriced to attain a particular objective. In other words, cost is the amount of resources used for

something which must be measured in terms of money. For example Cost of preparing one cup

of tea is the amount incurred on the elements like material, labor and other expenses, similarly

7

cost of offering any services like banking is the amount of expenditure for offering that service.

Thus cost of production or cost of service can be calculated by ascertaining the resources used

for

the production or services.

Costing:-Costing may be dened as the technique and process of ascertaining costs. According

to Wheldon, Costing is classifying, recording, allocation and appropriation of expenses for the

determination of cost of products or services and for the presentation of suitably arranged data

for the purpose of control and guidance of management. It includes the ascertainment of every

order, job, contract, process, service units as may be appropriate. It deals with the cost of

production, selling and distribution.

Cost%Accounting% :-!Cost!Accounting!primarily!deals!with!collection,!analysis!of!relevant!of!cost!data!for! interpretation!and!presentation!for!various!problems!of!management.!Cost!accounting!accounts!for!the!cost!of!products,!service!or!an!operation.!It!is!dened!as,! the!establishment!of!budgets,!standard!costs!and!actual!costs!of!operations,!processes,!activities!or!products!and!the!analysis! of! variances,! protability! or! the! social! use! of! funds.! Cost accounting helps in the determination of selling price. Cost accounting enables to determine the cost of production on

a scientic basis and it helps to x the selling price the production processes/services offered.

1.2 &OBJECTIVES&OF&COST&ACCOUNTING&:I&&

Objectives of Cost Accounting can be summarized as under

To! ascertain! the! cost! of! production! on! per! unit! basis,! for! example,! cost! per! kg,! cost! per!meter,cost!per!liter,!cost!per!ton!etc.! Cost accounting helps in cost control and cost reduction.!

8

Ascertainment of division wise, activity wise and unit wise protability becomes possible

through cost accounting.! Cost accounting also helps in locating wastages, inefciencies and other loopholes! Cost accounting helps in presentation of relevant data to the management which helps in

decision making. Decision making is one of the important functions of Management and

it requires presentation of relevant data. Cost accounting enables presentation of relevant

data in a systematic manner so that decision making becomes possible.! Cost accounting also helps in estimation of costs for the future.!

1.3 &ESSENTIALS&OF&A&GOOD&COSTING&SYSTEM&:I&& For availing of maximum benets, a good costing system should possess the following

characteristics.

Costing system adopted in any organization should be suitable to its nature and size of

the business and its information needs.

A costing system should be such that it is economical and the benets derived from the

same should be more than the cost of operating of the same.

Costing system should be simple to operate and understand. Unnecessary complications

should be avoided.

Costing system should ensure proper system of accounting for material, labor and

overheads and there should be proper classication made at the time of recording of the

transaction itself.

Before designing a costing system, need and objectives of the system should be

identied.

The costing system should ensure that the nal aim of ascertaining of cost as accurately

9

possible should be achieved.

1.4 TYPES&OF&COSTING&SYSTEMS&:I&& There are different costing systems used in practice. These are described below.

1.Historical Costing :- In this system, costs are ascertained only after they are incurred and that

is why it is called as historical costing system. For example, costs incurred in the month of April,

2007 may be ascertained and collected in the month of May. Such type of costing system is

extremely useful for conducting post-mortem examination of costs, i.e. analysis of the costs

incurred in the past. Historical costing system may not be useful from cost control point of view

but it certainly indicates a trend in the behavior of costs and is useful for estimation of costs in

future.

2. Absorption Costing :- In this type of costing system, costs are absorbed in the product units

irrespective of their nature. In other words, all xed and variable costs are absorbed in the

products. It is based on the principle that costs should be charged or absorbed to whatever is

being costed, whether it is a cost unit, cost center.

3. Marginal Costing :- In Marginal Costing, only variable costs are charged to the products and

xed costs are written off to the Costing Prot and Loss A/c. The principle followed in this case

is that since xed costs are largely period costs, they should not enter into the production units.

Naturally, the xed costs will not enter into the inventories and they will be valued at marginal

costs only.

4. Uniform Costing :- This is not a distinct method of costing but is the adoption of identical

costing principles and procedures by several units of the same industry or by several

undertakings by mutual agreement. Uniform costing facilitates valid comparisons between

organizations and helps in eliminating inefciencies.

10

1.5 CLASSIFICATION&OF&COSTS&FOR&MANAGEMENT&DECISION&MAKING&:I&& One of the important function of cost accounting is to present information to the Management for

the purpose of decision making. For decision making certain types of costs are relevant.

Classication of costs based on the criteria of decision making can be done in the following

manner

Marginal Cost :- Marginal cost is the change in the aggregate costs due to change in

the volume of output by one unit. For example, suppose a manufacturing company

produces 10,000 units and the aggregate costs are Rs. 25,000, if 10,001 units are produced the

aggregate costs may be Rs. 25,020 which means that the marginal cost is Rs. 20. Marginal cost is

also termed as variable cost and hence per unit marginal cost is always same, i.e. per unit

marginal cost is always xed. Marginal cost can be effectively used for decision making in

various areas.

Differential Costs :- Differential costs are also known as incremental cost. This cost is

the difference in total cost that will arise from the selection of one alternative to the

other. In other words, it is an added cost of a change in the level of activity. This type of

analysis is useful for taking various decisions like change in the level of activity, adding

or dropping a product, change in product mix, make or buy decisions, accepting an

export offer and so on.

Opportunity Costs :- It is the value of benet sacriced in favor of an alternative course

of action. It is the maximum amount that could be obtained at any given point of time if

a resource was sold or put to the most valuable alternative use that would be

11

practicable.Opportunity cost of goods or services is measured in terms of revenue which could

have been earned by employing that goods or services in some other alternative uses.

Replacement Cost :- This cost is the cost at which existing items of material or xed

assets can be replaced. Thus this is the cost of replacing existing assets at present or at a future

date.

Abnormal Costs :- It is an unusual or a typical cost whose occurrence is usually not regular and

is unexpected. This cost arises due to some abnormal situation of production. Abnormal cost

arises due to idle time, may be due to some unexpected heavy breakdown of machinery. They are

not taken into consideration while computing cost of production or for decision making.

Controllable Costs :- In cost accounting, cost control and cost reduction are extremely

important. In fact, in the competitive environment, cost control and reduction are key words.

Hence it is essential to identify the controllable and uncontrollable costs. Controllable costs are

those which can be controlled or inuenced by a conscious

management action. For example, costs like telephone, printing stationery etc can be

controlled while costs like salaries etc cannot be controlled at least in the short run.

Generally, direct costs are controllable while uncontrollable costs are beyond the control

of an individual in a given period of time.

Capacity Cost :- These costs are normally xed costs. The cost incurred by a company for

providing production, administration and selling and distribution capabilities in order

to perform various functions. Capacity costs include the costs of plant, machinery and

building for production, warehouses and vehicles for distribution and key personnel

for administration. These costs are in the nature of long-term costs and are incurred as a result

of planning decisions.

12

II.##INTERNAL#CONTROL#PROCESS!Internal control consists of five interrelated components as follows:

Control (or Operating) environment

Risk assessment

Control activities

Information and communication

Monitoring

All five internal control components must be present to conclude that internal control is

effective.

Monitoring%

Control%Activities%

Risk%Assessment%

Control%Environment%

13

2.1&CONTROL&ENVIRONMENT& The control environment is the control consciousness of an organization; it is the

atmosphere in which people conduct their activities and carry out their control

responsibilities. An effective control environment is an environment where competent people

understand their responsibilities, the limits to their authority, and are knowledgeable, mindful,

and committed to doing what is right and doing it the right way. They are committed to

following an organization's policies and procedures and its ethical and behavioral standards. The

control environment encompasses technical competence and ethical commitment; it is an

intangible factor that is essential to effective internal control.

Who is Responsible?

Management is responsible for "setting the tone" for their organization. Management should

foster a control environment that encourages:

the highest levels of integrity and personal and professional standards

a leadership philosophy and operating style which promote internal control throughout

the organization assignment of authority and responsibility.

Control Environment Tips

Effective human resource policies and procedures enhance an organization's control

environment. These policies and procedures should address hiring, orientation, training,

evaluations, counseling, promotions, compensation, and disciplinary actions. In the event that an

employee does not comply with an organization's policies and procedures or behavioral

standards, an organization must take appropriate disciplinary action to maintain an effective

control environment.

Listed below are some tips to enhance a department's control environment-

14

Make sure that the following policies and procedures are available in your department :

- Administrative Procedures

- Business and Finance Bulletins

- Employee Handbook

- Purchasing Manual

- Personnel Memorandum

Make sure that the department has well-written departmental policies and procedures

manual which addresses its significant activities and unique issues. Employee responsibilities,

limits to authority, performance standards, control procedures, and reporting relationships

should be clear.

Make sure that employees are well acquainted with the Universitys policies and

procedures that pertain to their job responsibilities.

Make sure that job descriptions exist, clearly state responsibility for internal control, and

correctly translate desired competence levels into requisite knowledge, skills, and experience;

make sure that hiring practices result in hiring qualified individuals.

2.2&RISK&ASSESSMENT& 1. Determine Goals and Objectives

The central theme of internal control is

(1) To identify risks to the achievement of an organization's objectives and

(2) To do what is necessary to manage those risks. Thus, setting goals and objectives is a

precondition to internal controls. At the highest levels, goals and objectives should be presented

in a strategic plan that includes a mission statement and broadly defined strategic initiatives. At

15

the department level, goals and objectives should support the organization's strategic plan. Goals

and objectives are classified in the following categories:

Operations objectives: These objectives pertain to the achievement of the basic

mission(s) of a department and the effectiveness and efficiency of its operations, including

performance standards and safeguarding resources against loss.

Financial reporting objectives: These objectives pertain to the preparation of reliable

financial reports, including the prevention of fraudulent public financial reporting.

Compliance objectives: These objectives pertain to adherence to applicable laws and

regulations.

2. Identify Risks and Determining Goals

Risk assessment is the identification and analysis of risks associated with the achievement of

operations, financial reporting, and compliance goals and objectives. This, in turn, forms a basis

for determining how those risks should be managed.

Who is responsible?

To properly manage their operations, managers need to determine the level

of operations, financial and compliance risk they are willing to assume. Risk assessment is one

of management's responsibilities and enables management to act proactively in reducing

unwanted surprises. Failure to consciously manage these risks can result in a lack of confidence

that operation, financial and compliance goals will be achieved.

Higher Risk Transaction Types

Below are some types of transactions that may pose higher risks to departments:

Assets with Alternative Uses

Cash Receipts

16

Consultant Payments and Other Payments for Services

Travel Expenditures

These are transaction types that deserve a conscious risk review.

Qualitative and Quantitative Costs

When evaluating the potential impact of risk, both quantitative and qualitative costs need to be

addressed. Quantitative costs included the cost of property, equipment, or inventory, cash rupee

loss, damage and repair costs, costs of defending a lawsuit, etc.

Qualitative costs can have wide-ranging implications. These costs may include:

Loss of public trust

Loss of future grants, gifts and donations

Injury to the school's reputation

Increased legislation

3. Risks Analysis

After risks have been identified, a risk analysis should be performed to prioritize those risks:

Assess the likelihood (or frequency) of the risk occurring.

Estimate the potential impact if the risk were to occur; consider both quantitative and

qualitative costs.

Determine how the risk should be managed; decide what actions are necessary.

Prioritizing helps departments focus their attention on managing significant risks .

2.3&CONTROL&ACTIVITIES& Control activities are actions, supported by policies and procedures that, when carried out

properly and in a timely manner, manage or reduce risks.

Who is Responsible?

17

In the same way that managers are primarily responsible for identifying the financial and

compliance risks for their operations, they also have line responsibility for designing,

implementing and monitoring their internal control system.

Preventive and Detective Controls

Controls can be either preventive or detective. The intent of these controls is different.

Preventive controls attempt to deter or prevent undesirable events from occurring. They are

proactive controls that help to prevent a loss. Examples of preventive controls are separation of

duties, proper authorization, adequate documentation, and physical control over assets. Control

activities include approvals, authorizations, verifications, reconciliations, reviews of

performance, security of assets, segregation of duties, and controls over information

systems.

Approvals, Authorizations, and Verifications (Preventive)

Management authorizes employees to perform certain activities and to execute certain

transactions within limited parameters. In addition, management specifies those activities or

transactions that need supervisory approval before they are performed or executed by employees.

A supervisors approval (manual or electronic) implies that he or she has verified and validated

that the activity or transaction conforms to established policies and procedures.

Reconciliations (Detective)

An employee relates different sets of data to one another, identifies and investigates differences,

and takes corrective action, when necessary.

Reviews of Performance (Detective)

18

Management compares information about current performance to budgets, forecasts, prior

periods, or other benchmarks to measure the extent to which goals and objectives are being

achieved and to identify unexpected results or unusual conditions that require follow-up.

Security of Assets (Preventive and Detective)

Access to equipment, inventories, securities, cash and other assets is restricted; assets are

periodically counted and compared to amounts shown on control records.

Controls over Information Systems (Preventive and Detective)

Controls over information systems are grouped into two broad categories - general controls and

application controls. General controls commonly include controls over data center operations,

system software acquisition and maintenance, access security, and application system

development and maintenance. Application controls such as computer matching and edit checks

are programmed steps within application software; they are designed to help ensure the

completeness and accuracy of transaction processing, authorization, and validity. General

controls are needed to support the functioning of application controls; both are needed to ensure

complete and accurate information processing.

Control Activities Approvals (Preventive)

Written policies and procedures

Limits to authority

Supporting documentation

An important control activity is authorization/approval. Authorization is the delegation of

authority; it may be general or specific. Giving a department permission to expend funds from an

approved budget is an example of general authorization. Approvers should review supporting

documentation, question unusual items, and make sure that necessary information is present to

19

justify the transaction-before they sign it. Signing blank forms should never be allowed.

Approval authority may be linked to specific rupee levels. Transactions that exceed the specified

rupee level would require approval at a higher level. Under no circumstance should an

approver tell someone that they could sign the approver's name on behalf of the approver.

Similarly, under no circumstance should an approver with electronic approval authority share his

password with another person.

Control Activities Reconciliations (Detective)

Reconciliation is a comparison of different sets of data to one another, identifying and

investigating differences, AND taking corrective action, when necessary.

For example, verifying charges in the general ledger to file copies of approved invoices.

Broadly defined, reconciliation is a comparison of different sets of data to one another,

identifying and investigating differences, and taking corrective action, when necessary, to

resolve differences. Reconciling monthly financial reports from the Accounting Department to

file copies of supporting documentation or departmental accounting records is an example of

reconciling one set of data to another. To ensure proper segregation of duties, the person who

approves transactions or handles cash receipts should not be the person who performs the

reconciliation.

A critical element of the reconciliation process is to resolve differences.

It does no good to note differences and do nothing about it. Differences should be identified,

investigated, and explained--corrective action must be taken. If expenditure is incorrectly

charged to a department's accounts, then the approver should request a correcting journal entry;

the reconciler should ascertain that the correcting journal entry was posted. Reconciliations

should be documented and approved by management.

20

Control Activities Reviews (Detective)

Budget to actual comparison

Current to prior period comparison

Performance indicators

Follow-up on unexpected results or unusual items

Reviewing reports, statements, reconciliations, and other information by management is an

important control activity; management should review such information for consistency and

reasonableness. Reviews of performance provide a basis for detecting problems.

Control Activities Asset Security (Preventive and Detective)

Security of physical and intellectual assets

Physical safeguards

Perpetual records are maintained

Liquid assets, assets with alternative uses, dangerous assets, vital documents, critical systems,

and confidential information must be safeguarded against unauthorized acquisition, use, or

disposition. Typically, access controls are the best way to safeguard these assets. Departments

with capital assets or significant inventories should establish perpetual inventory control over

these items by recording purchases and issuances. Periodically, the items should be physically

counted by a person who is independent of the purchase, authorization and asset custody

functions, and the counts should be compared to balances per the perpetual records.

Control Activities Segregation of Duties (Preventive and Detective)

No one person should

Initiate the transaction

Approve the transaction

21

Record the transaction

Reconcile balances

Handle assets

Review reports

Segregation of duties is critical to effective internal control; it reduces the risk of both erroneous

and inappropriate actions.

In general, the approval function, the accounting/reconciling function, and the asset

custody function should be separated among employees.

When these functions cannot be separated, due to small department size, a detailed supervisory

review of related activities is required as a compensating control activity. Segregation of duties is

a deterrent to fraud because it requires collusion with another person to perpetrate a fraudulent

act.

Specific examples of segregation of duties are as follows:

The person who requisitions the purchase of goods or services should not be the person

who approves the purchase.

The person who approves the purchase of goods or services should not be the person

who reconciles the monthly financial reports.

The person who opens the mail and prepares a listing of checks received should not be

the person who makes the deposit.

Control Activities Information Systems

Employees use a variety of information systems: mainframe computers, local area and wide area

networks of minicomputers and personal computers, single-user workstations and personal

computers, telephone systems, video conference systems, etc. The need for internal control over

22

these systems depends on the criticality and confidentiality of the information and the

complexity of the applications that reside on the systems.

2.4&INFORMATION&AND&COMMUNICATION&

Information and communication are essential to effecting control; information about an

organization's plans, control environment, risks, control activities, and performance must be

communicated up, down, and across an organization. Reliable and relevant information from

both internal and external sources must be identified, captured, processed, and communicated to

the people who need it--in a form and timeframe that is useful. Information systems produce

reports, containing operational, financial, and compliance-related information that makes it

possible to run and control an organization. Information and communication systems can be

formal or informal. Formal information and communication systems--which range from

sophisticated computer technology to simple staff meetings-should provide input and feedback

data relative to operations, financial reporting, and compliance objectives; such systems are vital

to an organization's success.

When assessing internal control over a significant activity , the key questions to ask about

information and communication are as follows:

Does our department get the information it needs from internal and external sources in a

form and timeframe that is useful?

Does our department get information that measures its performance-information that tells

the department whether it is achieving its operations, financial reporting, and compliance

objectives?

23

Does our department provide information to others that alerts them to internal or external

risks?

Does our department communicate effectively--internally and externally?

Information and communication are simple concepts. Nevertheless, communicating with people

and getting information to people in a form and timeframe that is useful to them is a constant

challenge

2.5&&MONITORING&&:& Monitoring is the assessment of internal control performance over time; it is accomplished by

ongoing monitoring activities and by separate evaluations of internal control such as self-

assessments, peer reviews, and internal audits. The purpose of monitoring is to determine

whether internal control is adequately designed, properly executed, and effective. Internal control

is adequately designed and properly executed if all five internal control components (Control

Environment, Risk Assessment, Control Activities, Information and Communication, and

Monitoring) are present and functioning as designed.

Internal control is effective if management and interested stakeholders have reasonable

assurance that:

They understand the extent to which operations objectives are being achieved.

Published financial statements are being prepared reliably.

Applicable laws and regulations are being compiled.

While internal control is a process, its effectiveness is an assessment of the condition of the

process at one or more points in time.

24

III.#THE#PRACTICE#OF"INTERNAL"CONTROL!The purpose of this section is to provide practical information about internal controls for

organizations financial operations. The control procedures discussed are presented in an easy

reference format which lists individual controls and the reasons why the control is important.

Choosing the right internal controls and ensuring that they are consistently applied will help

ensure that organisations are using their assets efficiently and protecting against loss, waste and

abuse.

This section contains examples of internal controls in the following financial areas:

Cash Receipts

Cash Disbursements

Bank Accounts and Bank Reconciliation Procedures

Payroll

Distinguishing Employees from independent contractors

Equipment and Consumables

Information Technology

3.1&CASH&RECEIPTS& Before employers can select and implement controls suitable for the size and complexity of their

operations, they must first understand how, when, and where cash is collected and the duties

performed by each employee. Although no system is foolproof, a well-designed set of control

procedures can provide reasonable assurance that significant thefts of cash receipts and

significant record-keeping errors will be prevented or detected. Cash, above all other assets, has

25

the greatest potential for theft if a system of internal controls is not in place and functioning

effectively.

Collection Procedures

Assign a separate cash drawer to each employee responsible for collecting cash.

Instruct collectors that personal or payroll checks cannot be cashed from moneys in their

cash drawers.

The office copy of issued receipt forms should be periodically reviewed by supervisory

personnel, and any gaps or missing receipt forms should be investigated. Both copies of

voided receipts should also be retained.

Deposit Procedures

Secure un deposited cash and prepared deposits in a vault or safe (or other locked

storage) until they are deposited in the bank. Restrict access to the vault or safe, or keep

other storage methods locked when not in use.

Prepare and maintain detailed deposit slips. Deposit slips must be detailed enough to

identify the composition of the deposit between cash collected and individual checks

deposited.

The person who performs the bank reconciliation should be the final custodian of all

deposit slips.

Record-Keeping Procedures

Record receipts in the accounting system timely.

For each cash drawer, daily cash collection records or cash register tapes should be

reconciled to the amount of cash on hand at the end of the day

26

Employees responsible for collecting cash and preparing bank deposits should not record

cash transactions in the accounting records.

3.2&CASH&DISBURSEMENTS& Firms make a wide variety of cash disbursements, mostly by check, but to a lesser degree by

wire transfer for bond and note payments; by direct deposit for net payroll amounts when

properly authorized; and, in cash, for petty cash disbursements. Contrary to common

assumptions, fraud actually occurs more frequently in the cash disbursement cycle than in the

cash receipt cycle

Check Preparation Procedures

Assign an employee not responsible for check preparation to order checks, inventory

them, and to identify reasons for gaps in the numbering sequence. Issue pre-numbered

checks in sequence.

The official responsible for check preparation and signing should not have the authority

to solely (or individually) audit and approve claims for payment.

The official responsible for signing checks (or a deputy) should compare prepared

checks to an audited and approved warrant or a payroll register prior to releasing such

checks.

Petty Cash Procedures

A petty cash fund must be established (increased or decreased) only in accordance with

legal requirements, generally, by resolution of the board. The resolution should establish

the custodian and amount for the fund. Petty cash funds should be authorized at the

lowest amount practical.

27

Custody of the petty cash fund should be assigned to only one employee. As petty cash

custodian, this employee should handle all petty cash transactions and should secure the

fund in a locked location separate from other cash drawers.

3.3&BANK&ACCOUNTS&AND&BANK&RECONCILIATION&PROCEDURES.& Safeguarding bank account information has become increasingly important in todays electronic

environment. Access to bank account information creates an opportunity for fraudsters to create

phony checks and fictitious wire transfers from computers anywhere in the world. All bank

account information and bank passwords should be safeguarded both within and outside the

organization. Requests for bank account information originating from outside the firm should be

verified before any information is provided. Only known and authorized personnel should be

given access to bank account information. Ensuring that bank reconciliations are prepared timely

is also an effective internal control for detecting accounting and banking errors and for

identifying fraudulent transactions originating from outside the organization.

Bank Account Procedures

Inform all depositories in writing that only the chief fiscal officer (or other officers

having custody of monies and authorized to have a bank account) or their deputies, are

permitted to open or close bank accounts for general governmental purposes.

Keep your tax ID number in a secure location not available to other officers, employees,

or to the public.

The chief fiscal, other authorized officer or internal auditor should periodically ask each

depository for a listing of all bank accounts in the name of the organization and for all

bank accounts carrying the organizations tax ID.

28

When an official authorized to sign checks or to perform wire transfers leaves the organization,

immediately contact the bank and revoke his or her check signing authority, online banking

capabilities and wire transfer authority, and destroy his or her signature disk.

Bank Reconciliation Procedures

Bank reconciliations should be prepared monthly and any differences between net bank

balances and general ledger cash accounts should be researched and explained. A

supervisor should review the monthly bank reconciliation and authorize any correcting

entries needed.

Bank reconciliations should be performed by an employee or official who does not have

custody or access to cash and who does not record cash receipt, cash disbursement, or

journal entry transactions.

During the bank reconciliation process, check images (or cancelled checks) and bank

statements should be reviewed for anything out of the ordinary, such as suspicious

payees, large dollar amounts, and secondary endorsements. All check images should be

retained in electronic format for audit purposes.

3.4&PAYROLL& Payroll and related employee benefit costs are by far the largest component of nearly every

organisations budget. The establishment of strong internal controls over payroll ensures that

employees are paid the correct salary and wages, and opportunities for payroll errors and fraud

are controlled. Some examples of payroll frauds include ghost employees overstating regular or

overtime hours worked; increasing rates of pay without board approval; and continuing

employees on the payroll after termination. Internal controls also provide assurance that the large

volume of information required for every payroll is processed quickly and accurately.

29

Authorization Procedures

The board, or such other body or officer as authorized by law, should establish and

approve all salary and hourly wages by position or as part of a collective bargaining

agreement. Subject to statutory requirements and collective bargaining agreement

provisions, the board or officer should also establish the frequency of all payroll

distributions .

If not otherwise segregated under the law, segregate payroll authorizations from the

preparation and processing of payroll records and checks. In a computerized payroll

system, payroll changes should be entered into the system by the personnel department

or an employee who does not process the payroll register and checks, if possible.

Limit access to computerized payroll applications and data files containing potentially

confidential information such as social security numbers and deductions.

Payroll Change Procedures

All changes in employment status (e.g., additions and terminations), salary, and wage

rates should be properly authorized, approved, and documented to support employment

status changes. When appropriate, payroll change forms should be used to document and

authorize wage and salary changes authorized by the governing board.

If payroll change forms are used, control access to these forms by keeping them in a

locked cabinet or drawer.

Time and Attendance Records

Require employees to document days and hours worked and leave credits used on either

time sheets or time cards. Time sheets and time cards should be reviewed and approved

by supervisory personnel who have direct contact with the employee.

30

Using time clocks to record arrival and departure times will provide additional control

over days and hours worked by employees. Electronic time clocks can also reduce

manual processing of payroll data if the time clock and payroll application are

compatible.

Verification Procedures

Even if not otherwise required by law, before checks are distributed, payroll registers or

similar records should be certified by the officer or employee having direct supervision

over specific departments or individual employees. The certification should indicate that

to the best of the supervisors knowledge, services were actually performed by the

persons listed on the payroll and that days and hours worked are accurate and justified.

Management or the internal auditor should periodically review payroll change reports.

When unusual changes are identified, those items should be traced to authorization

documents.

Payroll Check Procedures

Payroll checks should not be distributed to employees prior to the actual pay dates.

In organisations with more than 100 employees, as part of the direct deposit program,

periodically require employees to pick up their payroll statement in person.

Reconciliation Procedures

Establish a separate bank account for payroll transactions.

The payroll bank reconciliation should be performed by an employee who is not

connected with the authorization of payroll changes or with payroll preparation.

Statutory Controls

31

A complete payroll should be submitted timely to the appropriate agency or officer for

certification.

3.5&DISTINGUISHING&EMPLOYEES&FROM&INDEPENDENT&CONTRACTORS& Situations sometimes occur where it is not clear whether an individual who performs services for

a organization is an employee or an independent contractor. When these situations occur, it will

be important for the organization to have a process in place to assist in making an objective and

defensible determination. Misclassifying an individual as an independent contractor rather than

an employee can create a liability for interest and penalties on unpaid employment taxes.

Documentation of the factors considered in these situations and the conclusions reached should

be retained for audit purposes.

All new employee positions (including job descriptions) should be formally created and

the approval of the appropriate civil service agency or officer obtained when required.

Individuals should not be added to the payroll roster unless a vacant civil service position

exists or the creation of a new position has been requested by the board or other

appropriate body or official.

3.6&EQUIPMENT&AND&CONSUMABLES& Organisations purchase a wide variety of equipment and consumables to assist in delivering

services to their clients. Equipment includes highly visible items such as plant and machinery,

furniture, and office equipment. It also includes highly portable items such as cameras, laptops,

chain saws, and even lawn equipment. The term consumables generally refers to items such as

gasoline, cafeteria food items, and copier paper. The design of controls put into place to protect

these assets will vary depending on the value and the portability of the asset.

Safeguarding Procedures

32

Mark or label all equipment as property of the organisation. For more sensitive items,

such as those susceptible to theft, tags with individual serial numbers should be affixed

to the equipment and detailed records should be maintained. Label and/ or tag equipment

before it is placed into service.

Assign responsibility for small, high-rupee value equipment such as laptops, projectors,

and specialized hand tools to a specific employee. Safeguard highly portable equipment

in limited access cabinets or storerooms when not in use.

Inventory Records

Equipment inventory records should contain descriptions, quantities, locations, dates of

purchase and original cost; when appropriate; assign responsibility for the asset to a

specific official or manager.

Subject to statutory requirements, the preparation and maintenance of inventory records

for equipment should be assigned to an individual who does not have custody of the

equipment.

Retirement/Disposal of Equipment

Retirement and/or disposal of equipment should be authorized and documented prior to

the actual disposal of the items and their removal from the equipment inventory listing.

Physical Inventory Procedures

The physical inventory should be compared to the prior physical inventory of equipment

and to the detailed property records. All material differences should be identified and

reviewed by management.

33

3.7 INFORMATION&TECHNOLOGY& IT is involved in many aspects of organisations operations, such as record keeping, banking,

payroll, inventory monitoring and control, tax collection, and public safety.

Safeguarding information needed for these types of services and support functions is challenging

when records pertaining to these functions are created and stored on computers. A secure IT

environment manages, processes, and protects computerized information.

Network Security

Install an appropriate firewall.

Utilize virus protection and ensure all computers have an up-to-date version.

IT administration should ensure there are no open ports on the servers.

Software Security

Test software before general dissemination to computers. In addition, back up original

files before installing new software in case data does not transfer properly.

IT administration should backup software by securing the master copies of the software

and its user instructions.

Maintain an inventory of software applications installed on all computers

Data Security

Classify all local government data according to sensitivity, and when possible, segregate

high and low sensitivity data on the network. If a public web server is used for business

purposes also, confidential information should be stored on a separate server.

Encourage computer users to store all sensitive data on the network, not on their hard

drives.

34

!IV.$CONCLUSION!4.1&NEED&FOR&AN&EFFECTIVE&INTERNAL&CONTROL&SYSTEM:& An Internal Control System (ICS) is a mandatory requirement to meet the obligations of

Corporate Governance and the legislation, throughout the world, requiring Directors and Senior

Managers to maintain effective control of the organization and to demonstrate positively their

involvement in the control of the organization. The ICS can have a material impact on the ability

of an organisation to meet its objectives. The paper shows that you can have an ICS that inhibits

an organisation to meet it objectives as well as an ICS that assists. Almost certainly all

organisations will need to be able to react promptly to unexpected events. Organisations that do

not have the proper internal controls tend to deteriorate over time.

Therefore, companies should incorporate effective internal control systems to

accompany other risk management approaches like insurance and risk portfolio. Internal Control

Systems can provide an additional reference tool for organizations to identify and assess

operating controls, financial reporting, and regulatory compliance processes and to formulate

preventive actions where needed.

4.2&DIFFERENT&APPROACHES&FOR&INTERNAL&CONTROL:& The two types of approaches that are commonly used by companies are insurance and risk

portfolio. Companies purchase insurance to transfer certain risk that may affect the property,

employees, and other assets of the business. Insurance provides companies with a sense of relief

from unexpected events such as fraud, natural disasters, injuries, and product replacement.

Although insurance is a great way to mitigate risk, it lacks the proactive ability to protect

organisations from losses.

35

Portfolio Risk Management is an approach that companies use to manage the risk of investments

to determine the rate of return. Good portfolio system will help management to evaluate their

risk-tolerance and optimize business operations. Corporations using portfolio risk management

are able to take a more in depth look at risk to determine how they may fit into risk appetite. The

portfolio approach also provides organizations with a different view on how to reduce risk,

develop new techniques to identify and analyze risk, and find correlations between risks of

similar nature. Currently both approaches provide internal controls that are essential to managing

risk but have limitations in balancing and controlling risk factors. Finding an effective internal

control system provides reasonable assurance for safeguarding assets. The most common and

effective internal controls are internal audits and establishing and following policies and

procedures. However, selecting the appropriate personnel to conduct the audits and enforce the

policies and procedures and then segregating those duties to specialists increases the

effectiveness of those internal controls. Other effective controls include training in ethics and

corporate codes of conduct.

36

BIBLIOGRAPHY!www.investopedia.com/terms/i/internalcontrols.asp f2.washington.edu/fm/fa/internal-controls www.coso.org/documents/Internal%20Control-Integrated%20Framework.pdf www.icai.org/post.html?post_id=460 www.cliffsnotes.com/more-subjects/accounting/accounting-principles-i/principles-of-accounting/internal-control