A Special Feature by Tatenda Muronda,

Internal Controls are important to any organization and promote transparency in business operations. These include ensuring compliance with the law and assessing corporate governance in an institution.

The importance of a business’ financial reports drives the need for adequate internal controls as they speak to various stakeholders including shareholders, banks and prospective investors. Hence the need for internal control mechanisms which present the current state of a business in an honest manner should be of paramount importance in any commercial organisation. No two systems of internal controls are identical, but many core philosophies regarding financial integrity and accounting practices have become standard management practices. Internal controls can be human driven or digital driven, that is implementation of controls such as reviews. Properly implemented internal controls can help streamline operations and increase operational efficiency, in addition to preventing fraud. Internal controls are developed and implemented to ensure the effectiveness and efficiency of the operations of business organisations, responsible financial reporting, and compliance with appropriate laws and regulations (Kaya, 2018; Committee of Sponsoring Organisations of the Treadway Commission (COSO), 2017). The findings of numerous studies confirm that internal controls have been used in business organisations to promote their sustainability Khalifa and Saad (2017); Kaya and Masetti (2018); COSO, 2017).

The Types of Internal Controls

Internal controls are placed into various categories to perform different functions, namely, preventive, corrective detective activities.

  1. Preventative Internal Controls

Preventive control activities aim to deter errors or fraud from happening in the first place and include thorough documentation and authorization practices. Examples of these controls are separation of duties, a key part of the preventive internal control process, ensures that no single individual is in a position to authorize, record, and be in the custody of a financial transaction and the resulting asset. Authorization of supporting, verification of expenses, limiting physical access to equipment, inventory, cash, and other assets are examples of preventative internal controls. Aduda et al. (2018) explain that preventative controls are mechanisms, which are used to prevent undesirable consequences such as theft from occurring. Navare and Handley-Schachler (2017) maintain that preventative internal controls play a crucial role in ensuring the fluidity of business processes that, if they were to be impeded in any way, would prevent SMEs from attaining their operational objectives.

  1. Detective Internal Controls

Detective controls are backup procedures that are designed to catch items or events that have been missed by the first line of defense. Detective internal controls attempt to find problems within a company’s processes once they have occurred. Examples of these internal controls are quality control, fraud prevention, and legal compliance. Here, the most important activity is reconciliation, used to compare data sets, and corrective action is taken if there are material differences. Other detective controls include external audits from accounting firms and internal audits of assets such as inventory. In certain instances, preventative controls in themselves may not be sufficient to safeguard the assets of SMEs and prevent losses and risks from undermining the success of their operations. The function of detective controls is to detect threats before the undesirable consequences of them occur (Germann & Manasseh, 2017). Park et al. (2017) characterize detective controls as constituting the second line of defence after preventative controls. Conversely, Werner and Gehrke (2018) maintain that sufficiently effective and efficient preventative controls should ensure that the first line of defence eliminates risks. Detective controls can be employed for many purposes, such as quality control, legal compliance, and preventing and detecting instances of fraud (Gachoka, et al. 2018).

  • Corrective Internal Controls

Corrective controls play an equally vital role as those of preventative and corrective controls and enable organizations to limit the effects of damage which has occurred as far as possible (Ge et al., 2017). Consequently, it is imperative for business organizations to have appropriate policies and procedures to guide the implementation of corrective controls, which could take the form of issuing warnings to members of staff or even instituting procedures for dismissal in cases of dishonest conduct or gross negligence.

Effective corrective controls should ensure that business organizations can back up their stored data and have the luxury of restoring the functionality of systems in the event of unforeseen setbacks.

As Haddow, Bullock, and Coppola (2017) argue that corrective controls can also take the form of a disaster management plan, which details the procedures, which should be followed before, during, and after the occurrence of a disaster or emergency. Haddow et al. (2017) maintain that for a disaster management plan to be effective, it should be comprehensively documented in clear terms and easily implemented if and when unforeseen circumstances arise. A disaster management plan is corrective, in that it can provide the means to back up crucial information, such as information about debtors or creditors. The ability to plan for contingencies enables enterprises to remain afloat in times of crises by paying its creditors and ensuring that debtors pay them. Manufacturing enterprises are also able to back up vital information concerning the procedures and processes through which their products are manufactured. Also, Ge et al. (2017) characterize insurance as a corrective control. These are essential for any business and at Dereflexion we can assist you in setting up your internal control environment.

 



Leave a Reply