Any Business exists to achieve its primary objective. Such objectives can be Profit or Service Oriented. Each organization comprises various departments, and each department can function effectively only if there is a proper establishment of controls. Here controls are specific rules or standards. Each department might consist of more than one control. So, we will try to learn what are the advantages of internal control system in auditing in this article.
Estimated reading time: 9 minutes
Table of contents
- Advantages of Internal Control System in Auditing
- Example for Errors in Internal Control:
- Recommended measures to avoid frauds
- FAQs for Advantages of Internal Control System in Auditing
- Summary of Advantages of Internal Control System in Auditing
Entities will place controls in the areas where the risk of happening fraud or error exists. For example, a Control is cheque(Checks) higher than $50k needs to be reviewed by the Manager and approved by Senior Manager of the treasury department. This control’s objective is to ensure that the disbursement of high-value transactions is not under the influence of just one person. In other words, this is a classic example of the maker and checker. These kind of controls reduce happening of frauds to some extent.
The existence of Controls does not mandate 100% fraud free environment. But, they will ensure to bring down the risk to a acceptably low level.
Controls can be Manual or Automated. The above example is a Manual control, and Automated control is the one that does not have or has minimal involvement of humans.
Advantages of Internal Control System in Auditing
Assists in Substantive Procedures
Effective and Efficient Internal Controls reduce the extent of performing substantive procedures. If the controls are good enough to restrain the basic errors or deviations in the work flow, then it results in lower selections for performing the test of details (or) higher thresholds for substantive analytical procedures. Lets break it down this advantage in detail.
Test of details
Test of details is a substantive procedure for auditing account balance by picking selections from the population. Here population means the current audit period activity. Auditors need to validate the business purpose of each selection with inquiries, supporting like invoices, agreements, and Email communications.
Analytics is a different substantive procedure where we will arrive at independent expectation and compare it with current year actual balance. We need to subject the difference between the expectation vs. actual to a threshold. If difference exceeds thresholds then audit team need to increase the further audit procedures.
Determining a threshold depends on risk factors, control reliance, and previous year error. For example, the threshold will be 30% of the actual balance if the risk is lower with controls operating effectively. If the controls are not existing or not operating effectively then the threshold might be 20%.
If the thresholds is higher then there will be higher chance of difference (between actual and expectation) being within the threshold.
Determining the percentages will depend on the auditor professional judgement as well.
Supports Risk Assessment
Performing Internal Control Walkthroughs and testing helps in a good understanding of the business process. It also helps in performing a risk assessment of the account balance. The audit team needs to find out the range of risk (Lower/Higher/Significant/No risk) in relating to an account balance as per the understanding obtained through walkthroughs, prior year knowledge and preliminary analytics.
Internal Control over Financial Reporting
Internal Control over Financial reporting helps ensure the statement of financial position represents an accurate and fair view. So, auditors need to test the controls over financial reporting to check if those are also operating effectively.
Ensures Compliance with all the applicable statutory acts. Thereby reduces the penalty or interest charges.
Assists in finding Frauds
Reduce the occurrence of frauds or errors by installing a proper procedures within each of the entity divisions.
Segregation of Duties
Any transaction shall not be under the control of one person to avoid intentionally framed frauds.
For example, entity policy ensures that the Manager authorizes all the expenses before Payments are made by Cashier, and the Manager validates the business reasons for expenditure. If there is no segregation of duties, the Cashier can create a voucher and prepares a fake bill of $100 each month. The frequency of this fraud bill is low, and the amount is not significant to find out. These kinds of frauds by employees are not easy to determine unless there is a segregation of duties.
The segregation of duties is another word for a maker and checker policy. Following the above advantages of Internal Control System in Auditing will reap benefits such as higher reliable audit evidence, lower extent of testing and more reasonable assurance that financials represents a true & fair view.
Example for Errors in Internal Control:
Dislike is a company in the business of Sale and installation of Solar Panels. The company has a very Large Sales and Marketing team (Approximately 100,000 employees) to improve the sales. Marketing Employees have reimbursed the telephone charges every month as per company policy. So, there are no formal approvals for telephone expenses reimbursement.
Mr. Scam is the only person who has authority in the Finance department to take care of Payroll and all reimbursements. As there is no segregation of duties, Mr. Scam had laid out a plan to misappropriate the company funds. He created 100 fake employee profiles and paid the monthly telephone charges. These reimbursements happens for nine months, and then Mr. Scam left the company before the audit team performs the testing. The number of fake employees are negligible in comparison to the total strength. So, it was not easy to find out about such fraudulent activity. Further, there will be lot of financial loss by the time such fraud comes into light.
The above example is a perfect example of embezzlement by employees. Employees within the same division of the company are aware of every aspect of the workflow. So, it’s an easy way for them to plan such frauds.
Recommended measures to avoid frauds
We can consider taking the following measures to avoid Employee frauds
- Always recommended to have internal mobility of employees from one division to other within a business unit
- Perform regular Internal audits. An element of surprise shall be there within the audits
- Concurrent audits will be even better. In other words, there shall not be any gap between the occurrence of transactions and their verification. For example, all the current day transactions are to be verified by the following day
- Mobility of Employees from one business unit to another
- General IT Controls relating to the entity applications are also be audited
FAQs for Advantages of Internal Control System in Auditing
What is Internal Control and its advantages?
Internal Control is a workflow within a business division to ensure the activities happen as designed and support in achieving the set of objectives. In other words, those controls are core steps within the entity standard operating procedures to prevent frauds.
What are the types of internal control system?
Internal Controls can be of two types Automated Control and Manual Control.
Manual control is the one that does not have any involvement of automation.
Manual Control Example
Every application for opening an account in a bank needs to be verified by Supervisor and authorized by the Manager before entering into the centralized banking system.
The above control helps to ensure that there is proper authorization of all requisite application forms and identity and address proofs before opening a bank account. This procedure helps to check that no persons debarred from performing banking transactions are allowed to open a bank account.
Persons debarred like individuals whose credit scores are not favourable.
Automated Control is Control where most of the steps are performed automatically by an Information technology application.
Automated control Example
Three-way match – “Invoices, Purchase Orders and Goods receipt note shall match for processing a transaction.” Different departments update these three documents within the IT application, and the quantity, vendor details, and description of items shall match before allowing for further processing.
Why is separation of duties important for internal control?
Separation of duties results in more than one person having control of the workflow activities, reducing fraud.
What are the 3 types of internal controls?
The three types of Internal Controls are Preventive, Detective, and Corrective.
Preventive controls help in preventing the happening of errors or deviations within the workflow. For example, the Accountant enters the Sales journal entries into the SAP and is posted only after authorization by the accounting manager. This procedure helps to prevent the recording of inappropriate entries.
Detective controls help in detecting the deviation after the happening of events. For instance, the internal audit team verifies all the reimbursements made to employees daily, which helps to detect incorrect outflow of funds from the business. If there are any deviations, then we need to remediate those immediately.
Corrective Controls are to bring back the deviations in workflow based on the outcome of detective controls. There might be some gaps within the workflows. So, corrective controls helps in fixing those gaps. For example, physical verification of stocks is performed and noted high discrepancies. So, physical tracking by bar codes is introduced as a corrective measure. That’s an example of Corrective controls.
Summary of Advantages of Internal Control System in Auditing
An audit helps verify whether the Internal Control System is designed and operating effectively. If the internal controls are performing well, then the audit team’s extent of testing will be lower.
Internal controls helps in reducing frauds or errors. So, in turn, it results in the presentation of true and fair balance sheet and statement of profit and loss account.
There are different internal control types based on how they operate, like Preventive, Detective, and Corrective. We can categorize the controls based on an nature of operation, such as Automated and Manual controls. From an accounting perspective, the primary objective of controls is to ensure the books of accounts are free from errors , irrespective of the different categories of controls. The auditor’s focus is to check if such primary objectives are appropriately achieved.