This document discusses the importance and concepts of internal controls. It defines internal controls as processes put in place by an organization's management to help ensure reasonable assurance of achieving objectives related to operations, reporting, and compliance. The document outlines the COSO definition of internal controls and discusses the objectives of controls in taking CARE of a business through compliance, accomplishing objectives, reliable reporting, efficient operations, and safeguarding assets. It also describes types of controls, business risks, and the five key internal control activities of separation of duties, documentation, authorization and approvals, security of assets, and reconciliation and review.
2. Lets start the topic with a quick chitchat
Lets discuss the topic with some general concepts and terminology to
remind ourselves of the basics we already know and use everyday.
As listed company’s managers and employees, we are accountable for the
resources entrusted to us and for ensuring our programs and services are
administered effectively and efficiently.
A significant component in fulfilling this responsibility is ensuring that an
adequate system of internal control exists and work
Significance of Internal Control 2
3. What is Internal Control – A Simple words
Internal control is what we wish to see the things to happen should happen …
And the things which don not want to happen, should not happen
Significance of Internal Control 3
4. Internal Controls in Common Sense
What can go wrong?
What steps we should take to
assure it doesn’t?
How to make sure that things are
under control?
Significance of Internal Control 4
5. Internal Controls in our day to day life
We all follow internal Controls in our daily life, Like –
Locking the house, when we go out.
Copies of important documents in your safety box
Lockers for Jewellery
Keeping complex password of our Internet Banking
Make travel plans, to have cheaper flights tickets
Significance of Internal Control 5
6. The COSO* Definition of Internal Control
Internal control is a process, effected by an entity’s board of directors,
management, and other personnel, designed to provide reasonable assurance
regarding the achievement of objectives in the following categories:
Effectiveness and efficiency of operations
Reliability of financial reporting
Compliance with applicable laws and regulations
*Committee Of Sponsoring Organizations of the Treadway Commission
Significance of Internal Control 6
7. Objectives of Internal Controls
Strategic – high-level goals and objectives, aligned with and supporting the
mission. Example – Mergers and Acquisitions of competitors business
Operational – effective and efficient use of resources. Effective – Less errors
more production, efficient – use of waste/by products
Reporting – integrity and reliability of reporting.
Compliance – compliance with applicable laws and regulations.
Stewardship – protection and conservation of assets.
Significance of Internal Control 7
8. What Internal Controls Do –
Take C.A.R.E.S of Business…
Compliance with applicable laws and regulations.
Accomplishment of the entity’s mission (objectives and goals).
Relevant and reliable financial reporting.
Effective and efficient operations.
Safeguarding of assets.
Any examples in our company where internal controls are not implemented (we
will discuss on effectiveness of internal control separately)
Significance of Internal Control 8
9. Types of Business Risk
Five Major Risk in Business –
1. Strategic Risk - Company’s strategy becomes less effective, due to technological changes, a
powerful new competitor entering the market, shifts in customer demand, spikes in the costs, A
classic example is Kodak, invented a digital camera in 1975. Where as Xerox quickly swifted from
photocopier to laser printing.
2. Compliance Risk – Risk of penalties and loss due to non compliance. Example Nestle Maggi,
Pharma Companies, for real estate its RERA and GST
3. Operational Risk - Operational risk refers to an unexpected failure in your company’s day-to-
day operations. It could be a technical failure – System does not give pop up of advances and
people also fails to check advances before making new payment, or caused by people or processes
– No process of PO/WO approval and payments.
4. Financial Risk – Risk with money flowing in and out of your business, and the possibility of a
sudden financial loss. Like – Client Concentration, Bank/fund concentration. Short Term fund
used for long term asset.
5. Reputational Risk - major lawsuit, an embarrassing product recall, high-profile criticism of your
products or services. Examples – Chinese Mobiles, Investment with Anil Ambani co., #Metoo,
#deletesnapchat #deletefacebook.
Significance of Internal Control 9
10. Types of Control
Three types of Controls –
1. Preventive Control – Preventative internal controls are put into place to keep errors and
irregularities from happening.
Login and Transaction password is separate, OTP for any financial transaction. Other preventative controls include
Maker checker, data backup, segregation of duties (SOD), system authorizations
2. Detective Control – Detective internal controls are designed to find errors after they have
occurred. They serve as part of a checks-and-balances and determine the efficiency of
policies/people.
Like- Surprise cash verification, Inventory verification, peer reviews, Audits.
3. Corrective Control - Corrective internal controls are put into place to correct any errors
that were found by the detective internal controls.
Like – Enforcing new policies/procedures, introducing approval mechanism or systems (if required)
Limitations – Residual risk – Kuch na kuch toh reh hi jata hai…Example – Seat belt,
Installation and use of seat-belts reduces the overall severity and probability of injury, however,
probability of injury remains when in use
Significance of Internal Control 10
11. Five Key Internal Control Activities…
Significance of Internal Control 11
12. Five Key Internal Control Activities…
1. Separation of Duties (SOD) –
Divide responsibilities between different employees so one individual doesn’t
control all aspects of a transaction.
Reduce the opportunity for an employee to commit and conceal errors (intentional
or unintentional) or perpetrate fraud.
2. Documentation – Document & preserve evidence to substantiate:
Critical decisions and significant events...typically involving the use, commitment,
or transfer of resources.
Transactions…enables a transaction to be traced from its inception to completion.
Policies & Procedures…documents which set forth the fundamental principles and
methods that employees rely on to do their jobs.
Significance of Internal Control 12
13. Five Key Internal Control Activities…
3. Authorization & Approvals (DOA) –
Management documents and communicates which activities require approval, and
by whom, based on the level of risk to the organization.
Ensure that transactions are approved and executed only by employees acting
within the scope of their authority granted by management.
4. Security of Asset -
Secure and restrict access to equipment, cash, inventory, confidential information,
etc. to reduce the risk of loss or unauthorized use.
Perform periodic physical inventories to verify existence, quantities, location,
condition, and utilization.
Base the level of security on the vulnerability of items being secured, the likelihood
of loss, and the potential impact should a loss occur
Significance of Internal Control 13
14. Five Key Internal Control Activities…
5. Reconciliation & Review –
Examine transactions, information, and events to verify accuracy, completeness,
appropriateness, and compliance.
Base level of review on materiality, risk, and overall importance to organization’s
objectives.
Ensure frequency is adequate enough to detect and act upon questionable
activities in a timely manner.
Significance of Internal Control 14