CAPE Accounting Unit 1: Financial Accounting (FA)

Internal Controls
Refer to Weygandt Text Chapter 7, CXC Study Guide Chapter 4

**This topic will be the basis of your IA based on the limitations of the project’s guidelines based on
CXC requirements.

“Internal controls are the mechanisms, rules, and procedures implemented by a company to ensure
the integrity of financial and accounting information, promote accountability, and prevent fraud.

Besides complying with laws and regulations and preventing employees from stealing assets or
committing fraud, internal controls can help improve operational efficiency by improving the
accuracy and timeliness of financial reporting.” – Investopedia

Internal controls are processes for assuring an organization's objectives in operational effectiveness
and efficiency, reliable financial reporting, and compliance with laws, regulations, and policies.

Internal control systems are systems put in place by a company to combat RISK. These systems are
put in place and the responsibility of a business’s management team.

Objectives of Internal Controls

 To ensure accurate and reliable recording and reporting of financial information

 To promote compliance with management’s internal policies and procedures, statutory
regulations and accounting standards.
 To safeguard assets of the organization from accidental or intentional loss
 To encourage the efficient use of the organization’s resources/operational efficiency
 To promote and monitor the accomplishment of the organization’s goals and objectives

Controls and be categorized in many different ways. Figure 1 described five categories that are often
used.

1
 CAPE Accounting Unit 1: Financial Accounting (FA)

Internal controls should provide reasonable assurance concerning the following:-

 Authorization – transactions are executed in accordance with management’s

Aimed at intentions.
prevention
 Recording – all authorized transactions are recorded in the correct amount, periods
of errors
and fraud and accounts. No fictitious transactions are recorded.
 Safeguarding – ensuring that the precautions and procedures appropriately restrict
access to assets.
Aimed at  Reconciliation – records are compared with other independently kept records and
error and physical counts.
fraud  Valuations – recorded amounts are periodically reviewed for impairment of values
detection
and necessary write-downs.

There are 2 categories of internal controls:

1. Accounting Controls – procedures designed to safeguard the assets and ensure that accounting
records contain reliable information. Where accounting controls exist the figures which make up
the financial statements can be relied upon to be accurate. The controls reduce the incidence of
unintentional errors and intentional irregularities .

2. Administrative Controls – these concern the evaluation of performance and the assessment of
the degree of compliance with company policies and public laws. These types of controls
promote efficiency of the operations of the business. This is done through training programmes
for employees and rewards for quality control.

In many smaller, unincorporated businesses such as sole traders and unlimited partnerships, the
responsibility for internal controls often lies with the owners themselves. In most cases, the owners
are fully engaged in the business itself, and if employees are engaged, it is usually within the
capability of the owners to remain fully aware of transactions and the overall state of the business.
As organizations grow, the need for internal controls increases. In a limited company, the Board of
Directors (BOD) is responsible for ensuring that appropriate internal controls are in place. Their
accountability is to the shareholders, as the directors act as their agents.

Internal vs. External Audit

BoD may establish a dedicated internal control function, an Internal Audit Dept. The point at which
this decision is taken will depend on the extent to which the benefits of function will outweigh the
costs.

2
CAPE Accounting Unit 1: Financial Accounting (FA)

The Components of Internal Control Systems

1. Control Environment – essentially management’s attitude and the culture of the

organization regarding compliance. This is the starting point or base for the effectiveness of
internal controls. This addresses the morale values, ethics, work philosophy, objectives and
management style of the organization.

2. Risk Assessment - process of identifying, analyzing and managing threats. It encompasses

both internal and external risks, seeing where the most critical risks lie, and then designing
controls to address those risks. Identify the risk, identify its possible impacts, assign priority,
design mitigating controls.

3. Control Activities – This is the use of accounting systems, information technology, and
other resources to ensure that appropriate controls are put in place and operating
properly. These may be manual or automated systems put in place and can controls
designed to prevent or detect breaches of policy and bylaws.

4. Information & Communication – A communication flow should be established to allow for

timely exchange of the right information to management.

5. Monitoring & Feedback – Using the information received in the previous step, management
must monitor the effectiveness of its controls, adjustments made where there are failures
and improvements made to the control environment.

Internal control is a process. It is not one event, but a series of ongoing actions and activities that
occur throughout each business’s operations and should be an integral part of every business.

3
CAPE Accounting Unit 1: Financial Accounting (FA)

Internal control systems can therefore vary from company to company but there are a general set of
principals, policies and procedures that have proved effective.

Principles of Internal Control Systems

1. Establishment of Responsibility – There should be clear lines of authority and responsibility.

This establishes a clear chain of command and assigns accountability. Includes the
authorization and approval of transactions e.g. cashiers being responsible for their drawer
only, supervisors required to approve voided transactions or items at the point of sale,
managers’ signing limits for purchase approvals. At the point of any discrepancy, the
responsible party is obvious.

2. Separation/Segregation of Duties – This involves splitting processes into multiple tasks so

no one person has control over an entire aspect of operations. It reduces the likelihood of
fraud or theft. Whenever possible, the functions of authorization, recording and custody
(hold/keep the assets) should be exercised by separate persons. e.g. In the case of a
business purchasing stock: The person or manager authorizing the purchase, should be
different from the accounts clerk recording the transaction and issuing the payment, and
should differ from the warehouse attendant who receives and verifies the delivery of the
goods. Each person in the process, acts as a check and balance for the other parts of the
process.

3. Physical, Mechanical & Electronic Control –

 Physical controls used to safeguard assets – security guards, not allowing
large bags in the store, lock boxes, vaults, safes, locks with limited access by
staff, separating stock and limiting access, security gates, burglar proofing,
floodlights, fireproof filing cabinets.
 Mechanical Controls – improve accuracy and reliability of accounting
information. Use of point of sale systems, cash registers, time clocks for staff
to record attendance and punctuality
 Electronic Controls – security systems, cctv, security tags on inventory,
password protected computers, back-up servers and firewalls to preserve
accounting information, key cards to monitor access to restricted areas.

4. Documentation Procedures – There should be evidence of transactions (source documents)

available before entries of transactions are entered into accounting records. e.g. A delivery
note (with a signature of the receiving party) would indicate that goods were delivered and
received, a purchase invoice stamped PAID is evidence that we were billed and we’ve paid
the bill. Documents should be pre-numbered and source documents submitted to the
accounting department in a timely manner so records can be kept up to date.

5. Independent Internal Verification – These are spot checks. Without notice, an internal but
independent person (usually internal audit or supervisor) verifies the work done by an
employee or group of employees. E.g. periodic physical stock count, review of bank recs,
supervisor’s review of cashier’s daily sales vs. cash balance. Discrepancies could indicate
theft, fraud, process inefficiencies like damages or clerical errors.

4
CAPE Accounting Unit 1: Financial Accounting (FA)

6. Other Controls – this is a Human Resources role.

 Job Rotation - when employees are rotated, other members of staff will take on
their role, verifying the work they’ve been doing and processes they’ve been
following.
 Vacation – when employees are on vacation, their role must be filled, and
discrepancies can be spotted by their relief.
 Background checks
 Proper Training
 Bonding Employees – obtaining fidelity insurance for employees who handle
cash – the insurance company will investigate and prosecute any employee
found misappropriating funds.

Limitations of Internal Controls

No matter how well designed and operated, internal control can provide only reasonable assurance
that all control objectives will be met.
Internal control systems are limited by:
 Intentional human error – collusion, fraud, theft, sabotage
 Unintentional human error e.g. poor training, stressed and tired workers are
mistake prone, the purpose of the control activity is not adequately
communicated to staff, carelessness, lack of clarity or poor interpretation of
control activities.
 Management overrides – a human aspect. Managers (depending on the
corporate culture) may influence compliance based on personal beliefs e.g. red
tape vs efficiency
 Cost-benefit - High costs to implement and maintain systems - the costs of
establishing control procedures should not exceed their benefits. Cost-benefit
principle: the cost of implementing a certain internal control procedure must
not outweigh the benefit that the company receives from the procedure.
Internal control systems difficult to implement and maintain adherence by small
businesses.
 Limited size of staff – segregation of duties and independent internal verification
may be difficult for smaller organizations with few workers.
 Poor or improper judgement from management when designing the internal
control systems. This is why consistent monitoring and feedback is key to re-
evaluation and adjustments.
 Unforeseen circumstances not accounted for.

5
CAPE Accounting Unit 1: Financial Accounting (FA)

Specifically, we can look at internal controls as they relate to the following elements of accounting: -

Internal Controls over Inventory

Inventories represent a large portion of a company’s investment, loss by theft, damage,
deterioration, or obsolescence may lead to lower sales and lower profits. So, adequate internal
controls must be implemented to ensure that stock is safeguarded. Inventory is one of the most
accessible assets, making it prone to theft (theft of a fixed asset may be more difficult vs theft of
inventory). Companies must manage inventory with regards to customer demand in relation to
purchasing/production times (allowing minimizing purchasing, order and holding costs – cash
outflows) and ensure inventory costs are accurately captured and reported.

Areas to be well managed in safeguarding inventory –

 Control over purchasing – the procurement process should involve clear policies and
procedures, segregation of duties, establishment of duties, physical/ mechanical/ electronic
controls, documentation procedure, authorization. Authorized Purchase requisition, issue
purchase order, delivery of goods, forwarding of approved invoice & docs to accounting dept
for payment

 Receiving – inventory clerk under the receiving dept differs from procurement dept,
restricted access to receiving area, touch count of goods upon receipt, signed delivery note/
goods receipt documentation, verify goods received against delivery note and purchase
order, storage in secured, safe environment. Tracking movement of goods & chain of
custody – well documented. Use of inventory management system to aid in tracking and
organization of stock.

 Sales – secure storage premises/area with fences, locks, security systems and/or personnel,
restricted access (staff and customers), insurance to secure physical assets. Verification in
the order fulfilment process – fulfilment matches customer order (billing and dispatch of
goods are separate), security camera in the store, no large bags, checking bills upon exit of
store, electronic sensors and security tags, special placement of small goods or high value
goods near to cameras or in view of cashier.

 Stock taking – track movement of goods to identify slow moving inventories. Minimum of
having a year-end stock check by independent internal persons. Allows company to adjust it
books to match its physical stock. Use of cycle counts (warehouse staff conducts small,

6
CAPE Accounting Unit 1: Financial Accounting (FA)

frequent counts of a small portion of the inventory, and investigate and correct any errors
they find)

Internal Controls over Cash

Cash control is the internal regulation of cash and cash-related policies in a business. There are
multiple components to cash. Cash includes currency notes, coins, and bills. Cash can be defined as
any money that takes the form of currency. Cash equivalents can be defined as investment securities
that mature within 90 days. Simply stated, cash equivalents are liquid assets that can be turned into
cash within a short period of time and are not affected by changing interest rates. Cash equivalents
include bank certificates of deposit, money orders, banker's acceptances, treasury bills, and
commercial paper. Cash must be kept under close scrutiny as it can be easily hidden and carries no
sign of ownership. Cash inflows and outflows must then be properly managed to prevent a shortage
or surplus (idle cash).

Internal controls in cash management refer to the guidelines for managing a cash account. Two
necessary important components of an effective internal control system for cash management are
first, the separation of duties and second, a written protocol for cash handling and disbursements.

Internal Control
Explanation
Measure

This ensures that no individual can exploit or operate the whole

Separation of duties system on their own. When duties are divided, it becomes harder
for fraud to occur.

Written protocol for A written protocol provides a foundation for integrity, allows for
cash handling and later access to transactions, and serves as a deterrent for
disbursements deliberate illegal transactions.

Employee background These are important in verifying that an individual can be trusted
checks to partake in cash transactions.

For a cash management control system to be effective,

personnel must be trained on the time value of money, how to
Training of staff
detect transactions' inconsistencies, how to ensure integrity
during transactions, and the overall importance of cash.

Lockboxes are a common internal control for cash because they

provide a safe and reliable mechanism for the short-term
Use of lockboxes
storage of customer cash. They also provide the security feature
of authentication.

An effective cash management control system must be bolstered

Reconciliation of by double entries and periodic reconciliation to ensure that
statements records are consistent. In this manner, it is relatively difficult for
fraud to occur.

Placing assets in well-defended locations prevents physical theft

Securing assets in safe
of cash and serves as a proper foundation for financial activities
locations
such as disbursement.

7
CAPE Accounting Unit 1: Financial Accounting (FA)

Cash is most susceptible to embezzlement at the points of receipt and disbursement.

Cash Receipts

 Cash receipts recorded immediately, at the point of the transaction.

 Incoming cheques immediately endorsed (prevents another party from cashing it)
 Customers should be given a copy of their receipt, acts as evidence to both parties, allows
customer to bring any discrepancies to company’s attention
 Cash should be deposited in the bank regularly, minimizing loss from theft, ensuring safety
of staff and premises from robbery. Use of night deposit box if needed, armoured security.
 No cash on board or prepayment arrangements to control cash inflows
 Check cash discounts given to customers

Cash Disbursements (Payments)

 Utilize cheque payments or credit transfers over cash disbursements to help control
outflows
 Use of petty cash for small outflows – managed by responsible personnel.
 Match and attach receipts to paid invoices
 Bank reconciliation – compares bank statement to a company’s general ledger to ensure all
transactions are accounted for and that the balances match. Deposit slips, returned

8
CAPE Accounting Unit 1: Financial Accounting (FA)

cheques, bank statement are used. Balances that do not agree are due to issues of timing
and errors.
 Voided and cancelled cheques (even if soiled, damaged and written in error) should be kept
and noted, the physical check should be clearly defaced to prevent its salvage and misuse
and as evidence that that cheque # was not disbursed.

Accounts Receivable (Debtors)

The purpose of accounts receivable internal controls is to ensure that sales invoices are properly
recorded and that customers pay promptly in accordance with the agreed terms of business.

Separation of Duties is key in the internal control system as related to managing accounts receivable.
Segregate the duties of staff having different people deal with invoicing, accounts receivable, cash
collection, and the review and reconciliation of accounting records.

 The person keeping the accounts receivable ledger should not access cash.
 The person who handles cash should not issue credit notes.
 The person who handles cash receipts should not have the authority to write off bad debts.

Imagine the following scenario – Without segregation of duties, an employee who receives a cash
payment from a credit customer, does not enter it into the books, leaving an owing balance in the
customer’s account. The employee can then either write off the debt as a bad debt or issue a credit
note to ‘balance off’ the outstanding balance.

Internal Control measures for Accounts Receivable:

 Implement credit customer approval process – customers must meet criteria to qualify for
credit, approval or authorization required

9
CAPE Accounting Unit 1: Financial Accounting (FA)

 Separate the invoicing function from the cash collection function and separate the accounts
receivable function and cash collection function, Restrict access to the billing software
 Review credit balances on accounts receivable accounts
 Produce an aged accounts receivable report and review the balances, particularly on large
and overdue accounts.
 Check cash settlements discounts given to customers

Accounts Payable (Creditors)

Accounts payable controls are used to mitigate the risk of losses within the payables function.
Payables controls can be broken into three general categories: verifying the obligation of the
business to pay suppliers (only pay for the goods/services received), entering the payables/credit
data into the accounting system or records, and payment of suppliers/vendors.

 The person who keeps the accounts payable ledger (accounting records) should not sign
cheques or authorize payments
 The person who signs cheques should not receive goods or services/sign goods receipt
notes.
 The person who signs cheques should not initiate purchase requisitions.

Imagine the following scenario –

Internal Control measures for Accounts Payable:

Verify obligation to pay suppliers

 The person in a position to authorize payment approved supplier invoice

 Three way match - Purchase Order, delivery/receiving note and invoices should
match
 Ensure invoice numbers by a supplier are not duplicated before payment is
made

Entry of payables data into records

 Only record transactions after approval

 Standardize how data is entered e.g. invoice number and its format, date format
 Verification of general ledger account affected/charged, matched to
corresponding budget

Payment of suppliers

 One person should prepare checks, and a different person should sign them. By
doing so, there is a cross-check on the issuance of cash.
 Store all Checks in a Locked Location
 Track sequence of cheques used
 Cash disbursements made promptly upon becoming due
 Payable balances should be reconciled with received supplier statements

10
CAPE Accounting Unit 1: Financial Accounting (FA)

Electronic Data-Processing Accounting System

Electronic data processing, also known as EDP, is a frequently used term for automatic information
processing. It uses the computers to manipulate, record, classify, summarize, store, retrieve and
analyze data. A computer is the best example of an electronic data processing machine. Electronic
data processing is an accurate and rapid method of data processing. Terms similar to EDP,
Management Information Systems (MIS) and Information Systems (IS).

The Data Processing Cycle

EDP is useful in accounting, inventory management, payroll, and human resources

EDP needs to be supported by policy and procedure (standard operating procedure). This ensures
staff training is consistent and that there are efficient flows of information along the processes
within a company according to management’s intentions.

 Computer programs are password protected to prevent unauthorized access.

 Staff transactions and activities can be tracked and traced based on user profiles,
authorization is built into these user profiles, restricting access as needed.
 Produces and manages sequentially numbered documents
 Improved accuracy due to automatic computations
 Detects improper processing of data – eg. Gives error messages or prompts for duplicated
cheque numbers, invoice numbers, missing information, missing authorization
 Manages document approvals/authorization

Data security & recovery:

Hardware to be protected from physical threats and requires maintenance.

Software to be protected from viruses, hackers – encryption, firewalls. Data should be backed up
daily to prevent or minimize loss of data – external hard drives, cloud storage, off-site servers.
Password protection with periodic password updates and encryption restricts access. May need to
limit staff use of storage devices to limit leakage of company records.

Pros of EDP: Time saving, accuracy improved, reduced paperwork & filing function, easy to access
historical info, easy to share information, information available from offsite (remote working), easy
confidentiality management of company data.

11
CAPE Accounting Unit 1: Financial Accounting (FA)

Cons of EDP: Cost of implementation and maintenance, ease of sharing information, technology
failures and downtime, only as effective as its users (training & hire competent/quality staff)

The Role of Audit

An audit is the on-site verification (inspection or examination) of a process or quality system, to
ensure compliance to requirements. An audit can apply to an entire organization or might be specific
to a function, process, or production step. Most commonly, persons use “audit” to refer to a
financial audit or the verification of the financial records of an organization as represented in its
financial statements.

The external auditor is an external and independent person or company that reviews the financial
records of a company to make sure the information represented in an organization’s financial
statements are accurate and fair. External auditors are hired by the Board of Directors on behalf of
the shareholders, they set their objective and have free reign over what they audit. They report to
the shareholders via their Audit Report which is presented with the organization’s published
financial statements. Only interested in financial information and the processes that accompany
financial records. E.g. KPMG, Deloitte, PWC, Gran Thorton.

The internal auditor belongs to the independent appraisal function (department) established within
an organizations to examine and evaluate its activities as a service to the organization. The internal
auditor is hired by management of the company, are assigned objectives by management and report
to the Board of Directors to remain independent and unbiased. Internal auditor looks at both
financial and operational information, reviews efficiency and effectiveness and accounting and
internal control systems.

Types of Audits

1. Operational Audit – tests efficiency of business’s activities

2. Compliance Audit – tests controls and policies set by management

Differences between Internal and External Auditors – Study Guide pg 147.

12