It designed to provide reasonable assurance regarding the achievement of objectives
Internal control is relevant to everyone in the workplace. It represents our moral responsibility to understand and comply with University policies and procedures, as well as to hold ourselves and one other accountable. The primary purpose of internal controls is to help safeguard an organization and further its objectives. Internal controls function to minimize risks and
protect assets, ensure accuracy of records, promote operational efficiency, and encourage adherence to policies, rules, regulations, and laws. Internal control—a process affected by a college or university's governing board, administration, faculty, and staff—is designed to provide reasonable assurance regarding the achievement of objectives in the following categories: This definition reflects certain fundamental concepts: Internal controls can take many forms. On a daily basis, we encounter many controls both inside and outside of the office. Everyday Personal Internal Controls
University administration is responsible for developing a strong internal control system that will ensure compliance with applicable laws, policies and procedures, adequately safeguard University assets, and ensure proper and accurate reporting of University activities. It is important to note that an audit does not relieve University administrators and employees of assigned responsibilities. Therefore, University management should not place reliance on an audit as an oversight control in lieu of management’s supervisory oversight responsibilities. Internal Control DefinitionInternal control is a process designed by a college or university’s governing board, administration, faculty and staff to provide reasonable assurance regarding the achievement of objectives in the following categories:
This definition reflects certain fundamental concepts:
Internal Control Benefits
Key Internal Control ActivitiesSegregation of DutiesDuties are divided, or segregated, among different people to reduce the risk of error or inappropriate actions. For example, responsibilities for receiving cash or checks, preparing the deposit to the Cashier’s Office, and reconciling the deposit to the cashier’s receipt and Balances should be separated. StructureOrganizational structure – lines of authority and responsibility – should be clearly defined so that employees know where to go to report performance of duties, problems and questions related to position and the organization as a whole. An organization chart is a good means of defining this structure as long as it is kept up to date. Part of the structure is also the rules that employees must abide by. Written policies and procedures provide guidance to employees in carrying out their duties, provide for clear rules on allowable and expected activity, as well as provide means for enforcement. The department’s lines of authority and policies and procedures should be reviewed periodically to ensure they are in agreement with the organization’s strategic mission. Authorization and ApprovalTransactions should be authorized and approved to help ensure the activity is consistent with departmental or institutional goals and objectives. For example, a department may have a policy that all purchase requisitions and invoice vouchers must be approved by the director. The important thing is that the person who approves transactions must have the authority to do so and the necessary knowledge to make informed decisions. Reconciliation and ReviewPerformance reviews of specific functions or activities may focus on compliance, financial or operational issues. Reconciliation involves comparing transactions or activity recorded to other sources to help ensure that the information reported is accurate. For example, revenue and expense activity recorded on accounting reports should be reconciled or compared to supporting documents to ensure that the transactions are recorded timely, in the correct account, and for the right amount. SecuritySecurity may be physical, electronic (information system controls) or both. Equipment, inventories, cash, checks and other assets should be secured physically and periodically counted and compared with amounts shown on control records. For example, the periodic physical confirmation of equipment by individual departments is a physical security control. Virus detection software should be current and updated regularly to help protect integrity of systems. Hardware and access controls (passwords) should be changed periodically and rigorously safeguarded to protect from unauthorized access to database, computer systems, etc. Special physical and software controls (such as encryption software) should be developed for systems containing sensitive and/or confidential information. Control LimitationsInternal controls, no matter how well designed and operated, can provide only reasonable assurance regarding the achievement of objectives. The concept of reasonable assurance recognizes the cost of internal controls should not exceed the benefits derived and also recognizes evaluation of these factors requires estimates and judgment by management. For objectives related to the effectiveness and efficiency of operations, internal controls can only help to ensure management is aware of the entity’s progress or lack of it. Limitations which may hinder the effectiveness of an otherwise adequate system of internal controls include:
Additionally, controls can be circumvented by collusion of two or more people. Even more important to recognize, management has the ability to override the internal control system. These factors, combined with changing needs and personnel, make it risky to project any evaluation of internal control to future periods. On an ongoing basis, management must evaluate business risks and the controls needed to manage those risks and keep existing controls effective. Management evaluation generally leads to periodic adjustments and corrective action, which also helps assure the continuing effectiveness of the internal control system (see Risk Assessment). Is a process designed to provide reasonable assurance regarding the achievement of objectives?Internal control is a process, effected by those charged with governance, management, and other employees, designed to provide reasonable assurance regarding the achievement of the entity's objectives relating to operations, reporting, and compliance.
What is the reasonable assurance that internal control provides?Internal control is a process, effected by an entity's board of directors, management and other personnel, designed to provide reasonable assurance: That information is reliable, accurate and timely. Of compliance with applicable laws, regulations, contracts, policies and procedures.
What does the concept of reasonable assurance suggest?Reasonable assurance includes the understanding that there is a remote likelihood that material misstatements will not be prevented or detected on a timely basis. Although not absolute assurance, reasonable assurance is, nevertheless, a high level of assurance.
What is reasonable and absolute assurance?Reasonable assurance is a high level of assurance, similar to absolute assurance but with reasonable assurance, there is still a remote likelihood that material misstatements exist. Whereas with absolute assurance, there is no likelihood of material misstatement. The difference between the two is stated in the name.
|