In this presentation we will introduce the topic of internal controls. Internal Controls been policies within an organization in order to achieve certain objectives those objectives including the safeguarding of assets, having reliable accounting records, efficient operations, and company policy alignment. We’ll get further into what each of these categories mean in detail. However, first we want to discuss the fact that internal controls will change from organization to organization and industry to industry will have similar objectives between organization to organization industry to industry, however, the customization of the internal controls will differ in order to have an optimal amount depending on size of company and type of industry. For example, a small company often one run by one individual will have very much fewer internal controls for multiple reasons. One that that individual can really monitor A lot more of the transactions for a small company and have direct contact with the transactions that are taking place.
Whereas in a large company, there’s going to be a lot more decentralization, we’re gonna have to delegate authority in order to record many different types of transactions. A small company also will not have the same level of organizational structure, they won’t have the number of employees to be able to implement some of the different types of internal controls often having to do with a separation of duties. So the owner often then will be a major component in running most of the processes in an internal control process. There are some internal controls that will be needed for both small companies and large companies. Some of the most common internal controls that we would want to make sure we have in place, even if we’re a small company are going to be things like signing the checks, we don’t want the bookkeeper to be signing the checks and the authorizing transactions and recording them into the system. Also reconciling the bank account are covered Things that we would for sure want a small business to take place in, and therefore reduce the likelihood of fraud. A larger organization, of course, is going to have a lot of more decentralization, there’s going to be a lot more things that are going to need to be delegated to other types of management.
And in order to do that, effectively, we’re going to have to introduce internal controls. It’s also it’s also we need to note that as a company gets larger, it starts to become more of an entity people see it as more of an entity than an individual person. And they can therefore justify possibly fraud to themselves. They can rationalize different types of activities, whereas they might not be as easily rationalized double, when we talk about a small organization. Therefore, a larger organization needs to set it up in some policies to safeguard against having fraud or other type of objectives not being met with internal controls. So the goals of internal controls will include safeguarding of assets. So clearly, we want to make sure that we have policies in place, most obvious being that we are going to lock up our assets, probably our cash and restrict access to it to key individuals. So that’s going to be our goal that we’ll be putting in place specifically when we think about implementing internal controls.
And when we do implement internal controls, we want to have a really definite knowledge of what the goal is, we are going for with that specific internal control so that we can design it most effectively. So we want a reliable accounting records, we’re going to have to rely on these accounting records in order to see how we’re doing judge performance and therefore the internal controls should be set up in such a way that our accounting records are done properly, then we want to have efficient operations. So the internal controls also can be set up of course, in order to manage things better in order to get the operations flowing better in order to go through the processes more efficiently and thereby By having a business run more efficiently note that internal controls in general, we might think of as actually slowing up a lot of different processes because they’re going to be processes in order to safeguard assets and have reliable records, we might be jumping through a different some more hoops that we may not need. If we were to take those out, and we could still get the job done, however, we would lose some of our safeguarding of assets and reliability.
So the efficiency factor, we could have some internal controls in place in order to get more efficient. And other times of course, in order to achieve other goals, we may actually be extending the processes that could go faster in order to achieve some of these other goals like safeguarding the assets and reliable records. Then we have company policy alignment, we want to set up the internal controls in such a way that people are incentivized and supervised in enforcing company policies. So we want to make sure The controls are in alignment and incentivizing those policies. Now we’re going to discuss some internal control principles that will be put in place in order to achieve the internal control goals. first principle, establish responsibility. This seems to be something that would be obvious, but it really is something that we want to make sure that we have some responsibility for the particular outcomes. If we do not assign good responsibility, then if the outcomes do not match what the expectations are, we won’t know who to hold accountable, and therefore we won’t be able to take any action.
So being able to assign responsibility to particular outcomes is going to be key for us to implement controls and monitor those controls. We want to maintain records and clearly the accounting is going to be important in terms of record keeping. record keeping is going to allow us to assess how we’ve been doing and how we can do better going forward. So we need something to analyze. That means we have to store the data With records, separation of duties is probably the main internal control we want to think of when we think of internal controls. For a larger organization, we are typically thinking of separation of duties. One big separation being the separation of custody of assets and recording of assets into the system, we don’t want those two things. We want to separate them as much as possible so that someone couldn’t, for example, steal cash and record the theft in the system at the same time. So the separation of duties in many different areas is going to be a key component of internal control, when we want to understand when applying an internal control system and when working within a system, because this is one area where we might say, Hmm, it would be faster if I could do this and this, and we need to realize that there’s a reason we can’t do those two things.
That’s part of the internal control system. And that’s part of kind of the bureaucracy of as companies grow. They help us to safeguard assets, but they could also lead to more steps within a process. Then we’re gonna have technology controls, we’ll talk a little bit more about technology type controls, as we get more technology, of course, the systems of controls will change, meaning we could separate duties a little bit more easily with different type of technology, because the system will allow us to do that we have less than a paper trail oftentimes, which is the records here. But we can also set up systems within our database system to have more of an audit trail, more of a trail of what is going on, as well. So technical controls, then technological controls, and we won’t have reviews, we want to go through the process. Once we have our records. Once we have our information that we have done, we want to be able to go back to it and say, Okay, how did we do? Let’s review this process and see if everything is functioning as it should.
Now we’ll go through these principles in a little bit more detail. We’ve got the establishing responsibility That’s going to be the idea that we want to make sure that one individual is assigned for particular information. So if it’s the entering of the bill, the bills, we want to have an individual that is responsible for that information. If that is not being done, then we can assign responsibility and know who is responsible. This does get more confusing than we might think after time, we might say what type of outcomes are people responsible for. And if we really dig down on it, we might start saying there’s more than one individual that is responsible for these outcomes. And therefore when we look at the measurement when we look at performance, and we say, performance is lower than it should be in a particular area. If we don’t have defined responsibility, then we won’t be able to know who who to go to in order to improve information. And we’ll also have problems in terms of different people probably pointing fingers because to others because it because of this responsibility problem.
If we assign responsibility, people feel more empowered over what it What it is that they’re doing and they feel empowered when things are going well, as well as our responsibility when things aren’t going well to improve the information, maintain records. Clearly, the record keeping is going to be important for many different reasons. One, we want to make sure that we’re collecting the data so that we can go back and we can review the data that we are putting in place and see if everything is as it should be. And of course, if we don’t have accurate records of what we have, it’s a lot easier for theft to happen, because we won’t know of it as easily if we don’t have the records to keep in place in order to detect problems. Good record keeping system using the double entry accounting system will also reduce greatly problems related to data input error, and that’ll make our whole system work better and that’ll make it less likely that we will have problems and be easier than to be able to have data that we can read and make decisions on in terms of financial statements, separation of duties. This is going to be the idea of having different people in charge of certain operations.
And the goal being that it will reduce the amount of one person’s ability to commit fraud by being in control of two separate items. For example, we want to make sure that we have different people involved with cash handling, and the recording of cash. And if that’s the case, then the person handling the cash knows that they can’t really steal the cash without it being detected by the person recording the cash and the person recording the cash doesn’t really have an incentive to falsify the records in any way, because they don’t have physical access to the cash to do that for now, that of course means that these two could collude. And that becomes kind of a bad word in terms of internal controls, meaning they could get together and circumvent the system by colluding together In order to commit fraud, that’s going to be a danger of internal controls, which is inherent just within internal controls. And then we want to have reviews reviews of the system.
Now, when we look at reviews of the system we’re really looking at, oftentimes one of the goals is to see if there’s compliance with the internal control system, are we following all the steps and there might be a lot of steps within a certain internal control process. And it could be the case where some individual might say, Hey, you know, I found a system that’s faster to go from one to done pretty quickly. And now, the reason and you might have to explain in that point system, you want to have some outside person, maybe another internal auditor, someone not involved in actually processing the system, preferably to go in and review the system. Because if we’re in the system, we may not realize that Yeah, there might be a shorter way to do it. But by doing it in a shorter way, we’re not achieving some of the goals that we were looking for in other capacities, meaning we’re not safeguarding our assets. As much as we could, if we shortcut the process or something like that, and therefore, because there’s an incentive to circumvent the steps and have different steps, and have shorter steps, if we don’t enforce the internal controls, we got to review them and make sure that all the steps are being going through so that we are having effective internal controls not just in terms of what they are the planning of them.
But in the execution of the internal controls, technology and internal controls. Technology is going to have some pros and cons. When it goes to internal controls. Obviously, we have more information, being in a technical nature, we’re doing less paperwork, the more the most common type of technology being the fact that we have all of our accounting information, typically in some type of database program. One of the benefits to that is it’s going to reduce fewer errors, we’re gonna have fewer errors as we put the information into a database program, because we’re not gonna have those errors which is adding and subtracting information. We could still punch the number in incorrectly. But hopefully the double entry accounting system will help pick up some of those errors. And we can do some other cross checks to pick that up. But just adding subtracting types of errors or pulling one number from one column to another, is something that a computer system will do and reduce the amount of errors in regards to those types of activities, more accessible information, I clearly when we have the database program, we can pull up different types of information much easier.
And the fact that we can do so means that we can go in and make reviews a lot more easy if we if we go into audit something, it’s a lot easier if we don’t have to go into paper files and pull out all the records and dig through a manual GL and a paper or general ledger in order to find transactions if we can go through there and pull in this information in a relevant format from a database program. That really helps us to be able to review information more often and more accurately, changes in the audit trail. Now there could be pros and You’re obviously an automated system, the goal is to have it automate as much as possible. So if we’re talking about a database program, we’re gonna have a lot of transactions that database program will do for us. And therefore we won’t have a person involved that could in some ways reduce like the type of paper trail that we will have. Whereas if we did it in a manual system, we would know who’d be responsible for the entering of that data. And we would know the forms that would be involved and we can have a more standard paper trail. So that can be a problem.
However, there’s also types of ways that a computer based system can account for that problem and, and create different types of trails of activities to help the the audit trail. So there’s differences there, there’s pros and cons, but a good system is getting better at making that trail so we can see the activities happening, separation of duties within within software, the software can help us to separate duties because we can basically have have access to different components within the software in order to separate duties. So that can be very helpful for an organization or in order to assign responsibility and separate what one individual can do as opposed to another individual, which is one of our objectives in terms of internal controls. Also, e commerce, of course, is something that’s going to be a lot more relevant to a lot of different types of companies. And the technology involved is a big component in terms of why just e commerce in and of itself is a type of industry that is picking up internal control fraud problems.
Now, there’s always there’s always going to be problems with internal control, there’s always going to be some type of problem in the system. There is no perfect internal control system. In other words, no system that will totally reduce the ability for fraud to happen. What we can do is lessen the likelihood of fraud to happen. happen. And we can do this a lot, we would think that most of the time we think of that fraud will be reduced if we just have better hiring tactics if we hire better people. But there’s actually a lot we can do within the system within our company in order to reduce the likelihood of fraud. And in order to do that, we first want to get an idea of what are the components of fraud, what makes fraud happen, or more likely to happen. And the components typically, would be opportunity, pressure, and rationalization. These are the three things that increase the likelihood of fraud. Opportunity, of course means that there’s an opportunity to or at least a perceived opportunity to, to commit fraud and not be caught from the fraud that would be committed.
So if we don’t have good internal controls, if we don’t have separation of duties, then it may be possible for someone to do that to actually commit fraud and have a low likelihood of being caught. And therefore that would increase the likelihood of fraud to happen. We need to safeguard that by one having internal controls to make it more likely that a fraud would be caught and to be able to express that people should know that within the system and and know that and therefore their behavior fraud will be less likely. Pressure, obviously, financial pressure being a huge component. If people are are under financial pressure, they’re much more likely to commit fraud. And we just need to, of course, in our internal controls, it’s hard to know that of all of our employees what type of pressure there is, but we can within our system, be able to, you know, have a better understanding of our employees and know what type of pressure and problems are involved.
And the reduction of presser will reduce the likelihood of fraud, and then rationalization, something that we all do. And note that rationalization is something that we typically do after decision making meaning we typically make a decision and then rationalize the decision we made. And that’s why fraud can escalate over time, because after an activity has happened, we’ll rationalize it and It probably more likely it could happen, or that same behavior will be done in the future. So if there becomes a culture of fraud or something like that, or a culture of not catching fraud or something, then it’s likely that that that kind of culture can escalate to larger problems.
Whereas if we are able to catch the fraud early, then we are going to have less of this rationalization within the company as a whole. And we’re going to have less problems with it. So rationalization is going to be just inherent to people when, when we have actions we tend to rationalize it, how can we reduce that? Well, we can reduce, we can try to catch the fraud earlier through the internal controls, and show the show the the consequences of fraud and thereby reduce the likelihood or catching it early or reduce the likelihood of it going on for a while and thereby allowing for rationalization to take place.