Types of internal control systems

Internal controls - like instrument panels - identify problems that require attention.

Jupiterimages/Creatas/Getty Images

Internal controls are procedural measures an organization adopts to protect its assets and property. Broadly defined, these measures include physical security barriers, access restriction, locks and surveillance equipment. They are more often regarded as procedures and policies that protect accounting data. company records, cash and other assets.

Internal Control Concepts

Internal controls document transactions by creating an audit trail. They limit the actions of employees by requiring authorization, approval and verification of selected transactions. They segregate duties because certain job responsibilities are mutually incompatible and, if left unchecked, allow one person too much unsupervised access to company assets. No individual should be able to initiate a transaction and then approve it, record the information in accounting records and control the proceeds that result. Internal controls are either preventive or detective. Preventive controls are designed to prevent errors, inaccuracy or fraud before it occurs. Detective controls are intended to uncover the existence of errors, inaccuracies or fraud that has already occurred.

Controls in General

Good insurance is the best "last-resort" internal control a business owner can have. Coverage of loss due to employee theft may mean the difference between recovering from fraud or closing a business. Insurers often require certain specified internal controls as a prerequisite for coverage. An example is requiring pre-employment screening of applicants for key positions. A system of business forms to track all company transactions is an example of internal controls. Business forms create an audit trail to track sales, credits, refunds or returns of merchandise; the movement of inventory; purchasing and ordering from vendors; and receipt of cash and payments.

Preventive Controls

Many preventive controls are based on the concept of separating duties. Examples include prohibiting the same person from conducting related transactions such as initiating and recording transactions; making purchases and approving payments; ordering and accepting inventory; approving vendors and making payments; receiving bills and approving payments; and authorizing returns and issuing refunds. Payroll preparation and distribution duties and approving, writing and signing checks should also be done by different people. Examples of internal controls built around the concept of authorization, approval and verification include requiring supervisory review and approval of payroll information before disbursement, requiring interdepartmental dual authorization of payroll data by accounting and human resources departments and requiring prior approval of credit customers, vendors and purchases.

Detective Controls

Detective controls are internal controls designed to identify problems that already exist. Audits are an example of a detective control. Monthly reconciliation of bank accounts, review and verification of refunds, reconciliation of petty cash accounts, audits of payroll disbursements or conducting physical inventory are all examples of detective controls. Preventive and detective controls are often required in combination to provide sufficient protection. Computer systems require preventive controls through acceptable use and access control. Computer usage logs must be kept. Logs are a form of detective control to be reviewed and audited at regular intervals.