An Appraisal of Internal Control System on Large Firms


This chapter portrays the theoretical framework of the meaning, purpose and important of internal control in an organization as already viewed by others. Data are gathered and reported to provide management with information it required in its decision making to advice the desired objectives of the organization. Such information is at great importance to the shareholders and other financial institutions, creditors and management agencies in the public sector.

The American institute of certified public Accountants emphasized that internal control is a means to an end not an end in and itself. This process is effected by individual, a merely policy manuals documents and forms. By inducing the concept of “reasonable assurance”. It recognizes that internal control cannot realistically, provide absolute assurance that an organization’s objectives will be achieve. Reasonable assurance recognizes the cost of an organization’s internal control should not exceed benefit expected to be obtained notably the prevention of error and fraud. The type of internal control system to be established by an organization will depend largely on the size, nature and purpose of the organization. In large firm, excellent internal control may be achieved by extensive segregation of duties so that no one person handles a transaction completely from the beginning to the end. Internal control varies significantly from one organization to the next, depending on such factors as nature of operation and objective. Yet certain features are essential to satisfactory. They are:

  1. Integrity and ethical value
  2. Commitment to competence
  3. Board of directors or audit committee
  4. Management philosophy and operating style
  5. Organizational structure
  6. Assignment of authority and responsibility
  7. Human resource policies and procedures


The effectiveness of internal control depends directly upon the integrity and ethical value of the personnel who are responsible for creating administrating and monitoring controls. Management should establish behavioral and ethical standards that discourage employee from engaging in acts that would be considered dishonest, unethical or illegal. To be effective, these standards must include by official policies, codes of conducts and example.


Employees should posses the skills and knowledge essential to the performance of the job. If employees are lacking in skills or knowledge, they may be ineffective and performing their assigned duties. This is especially critical when the employees are involved in performing internal controls ideally. Management should be committed to hiring employees with appropriate levels of education and experience and providing them with adequate supervision and training.


The control environment of an organization is significantly influenced by the performance effectiveness of its board of directors or audit committee. Factors that bear on the effectiveness of the board or the audit committee include the extent to which it raises and pursues difficult question with management and its interaction with the internal and external auditors.

Audit committee of the board of directors should be composed of outside directors who are neither affairs nor employees of the organization. This enables the audit committee to be effective at overseeing the quality of the organization’s financial reports, and at acting as a deterrent to management override of control and to management fraud.



Management differs in both their philosophies forward financial reporting and their attitudes toward taking business risks. Some management is extremely aggressive in financial reporting and place great emphasis on meeting or exceeding earnings projection. They may be willing to undertake activities of high risk with the prospect of high return. Other management terms are extremely conservative and risk averse. These differing philosophies and operating style may have an impact on the overall reliability of the financial statements


Management’s philosophy and operating style also is reflected in the way the organization is managed controls in an informal organization are often implemented face – to- face contact between employees and management. A more formal organization wills establish written policies. Performance reports and exception reports to control its varies activities.



Another factors is the entitles organizational structure. A well-designed organization structure provides a basis for planning directing and controlling operations. It divides authority responsibilities and duties among members of an organization by dealing with issue as centralized verses decentralized decision-making and appropriate segregation of duties among the various departments.


When management decision-making is centralized and dominated by one individuals abilities and moral character are extremely important to the auditors. When a decentralized style is used, procedure to monitor the decision making of the managements involved become equally important.


The organizational structure of an entity should separate responsibilities for:

i.             Authorization of responsibilities

ii.           Record keeping for transaction

iii.          Custody of assets


In addition to the extent possible execution of transaction should be separated from these responsibilities. The effectiveness of such structure is usually obtained by having designated department. The top executive of the major department should be of equal rank and should report directly to the president or to an executive rice president.



Personnel within an organization need to have clean understanding of their responsibilities and the rules and regulation that grown their action. Therefore to enhance the control environment, management develops employee’s job description and clearly duties authority and responsibility within an organization. Policies also may be established describing appropriate business practices, knowledge and experience of key personnel and the use of resources.



Ultimately the effectiveness of internal control is affected by the characteristics of the organization’s personnel. Thus, managements policies and practices for hinging, orientation, training, evaluating, counseling promoting and compensating employees have a significant effect on the effectiveness of the control environment.


As an example, standards for hiring the most qualified individuals with an emphasis on educating experience and enhance of integrity and ethical behavior illustrate the organization’s commitment to hiring competent and trustworthy people. Effective human resources policies often can mitigate other weakness in the control environment.



The concept of internal control system originated from the 1990. It was known then as internal check and referred to the separation of functions among three or more in such a way the work of one served as check verification on the work of another.


Internal control system had evolved gradually over the years with the greater development occurring in 1940s. The development came from the auditors and management alike who where finding the principle unceasingly useful. The management has recognized internal control as an indefensible tool for carrying out its responsibilities and auditors have pressed for improvement in the system in order to be of assistance to their dients as well as to permit reduction in audit work made by increase in the credibility of the accounting records.


The principle was consequently incorporated into the auditing standard to facilitate a proper study and evaluation of existing control system so as to assist the auditor in the fair view of the financial transaction of the organization. Moreover, internal control system enables business managers to perform their stewardship function of safeguarding business assets against physical loss or misrepresentation in the company’s financial statement due to error of fraud. Internal control built into an accounting system are designed to:

i.             Keep errors free from being made in the first place.

ii.           Detect errors it may record information before they are incorporated in accounting reports.

iii.          Prevent employees from committing fraud embezzlement or other theft.

iv.          Increase the operation affecting the business by encouraging employees to comply with company’s policies.


These days, internal control had become one of the most effective tools of organizational management that is practiced by even social institutions like school, hospitals and even social clubs.



Internal control has been given several definition  by different writers, professional institutions and major accounting organizations.


According to kooper (1994), internal control in its earliest day was defined as “certain checks and procedure to prevent direct financial fraud or misappropriation of property. However this definition is not complete hence the system has grown in scope from mere financial control to embrace other forms of control within an enterprise.


The American Institution of Certified Public Accountants (AICPA) defined internal control as the plan of organization and all the co-ordinate methods and measures adopted within a business to safeguard its assets check the accruing and reliability of it accounting data. Promote operational efficiency and encourage adherence to prescribed management policies.


Another generally accepted definition is the one given by Committee Of Sponsoring Organizations (COSO) as “A process effected by the entities board of directors, management and other personnel designed to provide reasonable assurance regarding the achievement of objectives in the following categories:

a.   Reliability of financial reporting

b.   Effectiveness and efficiency of operations

c.   Compliance with applicable laws and regulations.


The institute of chartered. Accountants of England and was Wales in its auditing defines internal control as not only internal check and internal audit but “the whole system of control, Financial and otherwise established by management in order to carry on the business of the enterprise in an orderly and efficient manner. Ensure adherence to management policies, safeguard the assets and secure records. “the individual components of an internal control system are unknown as ‘control’ or internal control”. Let us consider the definition in detail

a.   The whole system: internal control can be seen as single procedures (e.g. clerk A checks the calculations performed by clerk B) or as a whole system. The whole system should be more than the sum or the parts.

b.   Financial and otherwise: The destruction is not important, perhaps financial would include the physical Accers restrictions to computer terminals.

c.   Established by the management: internal control systems are established by the established by the management either directly or by means of external consultants. Internal audit or accounting personnel. External auditors may be asked to advise on the setting up of systems.

d.   Ensure adherence to management policies: Not all management have expressed policies. But as an example, a budget is an expression of management policy and adherence to the budget can be achieved by procedures such as variance analysis. Another one may be the selling prices of the enterprise product being laid down by management and control existing to ensure that these prices are adhered to.

e.   Safeguard the assets: Obviously allowing assets to be broken lost or stolen is unacceptable and procedures are always devised to safeguard them. Examples are locks and keys, the keeping of plant register, regular reviews of debtor’s balances etc. Embezzlement of goods is an example of failure to safeguard assets.

f.     Secure completeness: It is especially important that all transactions are recorded and processed. Procedure which do include checks that no goods to see that no goods sold (always evidenced by a delivery note) have failed to result in an invoice

g.   And accuracy of the record: This can be achieved by the use of control accounts, independent comparison of two sets of records and stock, or piecework payments and good work into store

Finally, the definition of internal control is comprehensive in that it address achievement of objectives in the areas of financial reporting, operations and compliance with laws and regulations. It encompasses the method by which top management delegate’s authority and signs responsibility for such as selling, purchasing, accounting and production. Internal control include the program for preparing verifying and distributing to various levels of management those current reports analysis the enable executives to maintain control over the variety of activities and functions that are performed in large organizations.



It is an essential part of internal control in a large business organization. It is defined as in the statement of Auditing as the allocation of authority and work in such a manner as to afford checks on the routine transactions of day to day work by means of the work of one person being proved independently by another or the work of a person being complementing tom that of another requires:

a.   The arrangement of duties among staff or department in such a way that no one person is in a position to carryout the work of a particular operation alone in which fraud is possible.

b.   Other automatic checks, which form part of the routine system, e.g. use of control totals. Internal check is characterized by early detection of fraud.

Internal check as a matter of necessity states from allocation of authorities and responsibilities in such a manner that alone person done does not see a transaction through from the commencing stage to the completing or final stage.


The type and extent of control could vary from one enterprise to another. According to the institute of chartered accountants of England and Wales operational guidance “the control adopted in an organization depends on the nature, size volume of transaction. The degree of control which members of management are able to exercise personally, the geographical distribution of the enterprise and very importantly the benefit expected from the control.

After considering the above factors the management should design a system of internal control that is in line with the operational guideline in internal control as categorized below:

1.   Organization: Every enterprise should have a plan their organization defining and allocating responsibilities and identifying line of reporting for all aspects, the enterprises operations including Act control. Authorities delegated should be clearly specified and employees should be aware of what is expected of them with a detailed organizational chart for division of the enterprise.

2.   Segregation of duties: This control ensures that those responsibilities and duties and combined would induce fraud and embezzlement of fund. It ensures the involvement of several people to reduce the risk of intentional manipulation or accidental error and increases the element of checking of work. There are certain functions, which a given transaction should be, separated e.g. Authorization, execution, custody and recording. This can be practiced in the area of sale where initiation is by a representative, authorization by credit control and the sales manager, execution is by the finished goods ware house staff who physically sends the good custody is transport department and the transaction is recorded by the goods outward section, the invoicing section and the accounts department.

3.   Physical: This concerns mainly the custody of tangible assets. It ensures that assets are limited to the authorized personnel only. The assess can be direct e.g. being able to enter the warehouse or indirect that is by documentation e.g. personnel knowing the correct procedure may be able to extract goods by doing the right paper work. These controls are especially important in the case valuable, portable, exchangeable or desirable assets.

4.   Authorization and approval: This requires that all transactions should required authorization or approval e.g. an appropriate person must approve approval of credit sales must be made by the credit control department overtime by the worker manager.

5.   Arithmetic and accounting: these are controls in the recording functions which check that the transactions have been authorized that they are all included and that they are correctly include checking the arithmetic accuracy of the records, the maintenance and checking of totals, reconciliation’s, control accounts, trial balances.

6.   Personnel: The procedure should be designed to ensure that the personnel operating a system are competent and motivated out the task assigned to them as the proper functioning of a system depends upon the competent and integrity of the operating personnel. Management should be committed to employing employees with appropriate level of education and experience and providing them with adequate supervision and training a appropriate remuneration and promotion should also be taken care of to motivate the employees.

7.   Supervision: All actions by all levels of staff should be supervised the responsibility for supervision should be clearly laid down and communicated to the person being supervised.

8.   Management: These are controls exercise by management, which are outside and over and above the day to day routine of the system. They include the overall supervisory controls, review of management accounts. Companies with budgets, internal audit and any other special review procedure. Example, Budgeting and variance analysis should prevent or at least detect deviation from management intended plans.



Internal control system companies of a number of inter-related elements such as internal auditing. Internal administrative control. Budgetary control and others that are discussed below.


1.   Accounting control: Accounting control is described in section 320.25 of the statement of auditing standard as the plan of an organization and the procedure and records that are concerned with safeguarding of assets and the reliability of financial records and therefore are designed to provide reasonable assurance that transactions are executed in accordance with managements general specific authorization. Transactions are recorded as necessary to permit preparation of financial statement in conformity with general accepted accounting principle. The recorded accountability of assets is compared with existing assets at internals and appropriate action is taken with respect to any differences. Accounting controls system should be designed to eliminate opportunities for a person to have responsibility for which he or she may commit errors and irregularities and at the same time have responsibility for function that may allow concealment of mistake. This entails the separation of such duties and preparation of accounting reports from being performed by the same person concerned with physical control over assets, custody and internal auditing.

2.   Administrative control: This control otherwise known as general control is described in section 320.23 of the statement of auditing standard as comparing the plans of organization and procedure and records that are concerned with the decision processes leading to management authorization of transactions. The aspect of control is directly associated with the responsibility for achieving the objectives of the organization. Administrative control according to chartey includes such control as statistical analysis, time and motion studies. Standard losting, flexible budgeting, performance reports and quality control

3.   Budgeting control: Budgeting control is an important management method that helps not only to give precision to plan and set standard of performance but also helps to co-ordinate the diverse activities of the enterprises as a united whole. The control takes the details of short term budgets and compare them with the actual (current operating) results. In fragment intervals (monthly, quarterly or weekly) throughout the budget period in order to determine the rate of variances. Similarly the master budget is frequently compared with the actual profit and less actual balance sheet and cash flow. Where the deviation is much it may be worthwhile to determine the case, discuss the possible remedies and consequently review the budget. If the profit margin is inadequate or labor cost high within the period of control. It should be made known as soon as possible, otherwise remedial action may even include reconciliation of conflict. On the contrary, if the system of budgetary control is not properly implemented, its objective not be set out without serious consideration on any be employer. Budgetary control is nothing but only serve as an effective tool of control in the heads of responsible officials.

4.   Salaries and wages control: Salaries usually refer to environments paid to works on permanent employment whose pay is not dependent on the base worked or unit produced. Waged on the its own refers to employment paid on or basis of hours worked or unit produced and are often paid on daily or weekly basis. The payment or employees has proved to be part of the system in which weaknesses have been exploited by various types of defalcation in most organization. The preparation of payment of employee’s salaries and wages is usually daone by the staff of the salaries and wages section common payroll frauds often substaintial in amount have been overpaid employee compensation countiunation of former employee on the payroll after termination. Payment made to fiatment. Internal control system over payroll should therefore Begin right from when an is hired, should continue until the employment is terminated. The duties of hiring employees, time keeping, preparing cheque and maintaining payroll records and distribution of cheque to employee should be separated to ensure that one persons work acts as an independent check on that of the other. Evidence of performance of senses should be produced in the form of the reports which should be controlled by supervisory review and appround. The pay voucher must be appraised under supervision and firm may even be paralyzed in case theft involving large sum of money. A good internal control over cash transaction is therefore important not only in abiding monetary losses but also in maintaining good system of internal control. A firm has to adopt the simple rule of depositing day’s cash receipt intact in the bank making all disbursement by cheque. When an firm receive payment for goods supplied or service rendered through the post, the opening of the mail should carefully supervised by an authorized officer while another staff different from the one opening it should be made to keep records of all monies received for organization that use the imprest system balance of amount of money in the bill should regularly be counted in the morning before commencement of duty and also shortly before closing hours. Internal control over cash can only be complete if there is an adequate arrangement as to who has authority to receive or pay money on behalf of the organization by a management staff before payment is made and after the payment, the same office should cross check the actual payment made with the records in his possession. Where payment is based on production rather tan time, quantity basis should be appropriate, appraised and reconciled with available production and sales data that are under accounting control. In the case where employees received their pay by a kind amount of money withdrawn should be equal to their total payment for the period. After payment, undaimed wages should be install at once and investigated with employee and return to cash in case of undaimed within the short time.

5.   Internal control over cash: Cash in the accounting term is used in board sense to include coins, paper money, cheque and many on deposit with bank of all the assets, cash is the most liquid assets and most susceptible to theft. Cash is very important to the existence of firm hence a large proportion of the total transaction of a business involved the receipts and disbursement of cash. Consequently, internal control over cash is of great important to both is weak on non existence, every employee is.



While internal control system aims at ensuring the completeness of rewards, data as well as security of assets, absolute prevention and detection or errors cannot be ensured features or any organization that is run efficiently. However, it is important to realize that internal control have inhereat limitations which include:

I.    A requirement that the cost of an internal controls is not disproportionate to the potential loss which may result from its absence.

II.    Internal control tends to be directed at routine transactions. The one-off or unusual transaction tend not to be the subject of internal control.

  • Potential human errors caused by stress or work load, alcohol, carelessness, distraction, mistakes of judgment, cussedness and the misunderstanding of instructions.
  1. The possibility of circumvention of controls either alone or through collusion with parties outside or inside the entity.
  2. There is always abuse of responsibility
  3. Management override of controls
  • Fraud
  • Changes in environment, making control inadequate
  1. Human cleverness: However secure the computer code designed to prevent access, there is always some hacker who gets it because of inherent limitation of internal controls, SAS 300 requires the auditor to perform some substantial tests of internal items as well as relying on internal controls.



Internal auditing can be defined as an independent appraisal function established by the management of an organization for the review of the internal control system as a service to the organization. It objectively examines, evaluates and reports on the adepucy of internal controls as a contribution to the proper economic, efficient and effective use of resources


Internal control system, no matter how well designed cannot be expected to function properly without its constant review and examination. The process of internal auditing is therefore usually set up ensure that formulated policies are properly administered and executed and to determine that the internal auditing control system is functioning effectively.


In an organization, the internal audit department may exist by lower set up by management and internal auditors are part of the system they review. The scope and objective of the department vary widely and are on many occasion department upon the responsibilities assigned to it by management.



The scope of internal auditing encompasses the examination and evaluation of the adequacy and effectiveness of the organizations system of internal control and the quality of performance in carrying out assigned responsibilities, specifically the scope include:

  • Reviewing the reliability and integrity of financial and operating information and the means used to identity, measure, classify and report such information.
  • Reviewing the system established to ensure compliance with those policies, plans, procedures, laws and regulations that could have a significant impact on operation and reports and determining whether the organization is in compliance.
  • Reviewing the means of safeguarding assets and as appropriate verifying the existence of such assets.
  • Appraising the economy and efficiency with which resource are employed.
  • Reviewing operations or program to ascertain whether the operations or programs are being carried out as planned.


These set the standard by which the operations of an internal auditing department should be evaluated and measured. They cover the various aspects of auditing within an organization

  1. Independence
  2. Professional proficiency
  3. Scope of audit work
  4. Performance of audit work
  5. Management of internal audit department


  1. Independency: Since the internal auditors are employees or the organization, they cannot have the perceived independence of internal auditors. However, independence is still very important to internal auditors of internal auditors. Independence is enhanced when the level of management of sufficient stature to ensure broad audit coverage and adequate consideration and implementation of the auditors recommendations.
  2. Professional proficiency: An internal auditing department should establish policies and procedures that provide assurance that staff members are competent to fulfill their assignments with professional proficiency. Ideally, the internal auditing department collectively should possess the skills and knowledge necessary to fulfill all the audit requirements of the organizations. The skills and knowledge may be acquired through effective employment practices and continuing education program.
  3. Scope of work: The scope of the internal auditors’ work should extend beyond accounting and financial controls to include compliance with all types internal control policies and procedures and operational auditing the scope of the internal auditing should encompass the examination and evaluation of the adequacy and effectiveness of the organization’s system or internal and the quality of performance in carrying out assigned responsibilities.
  4. Performance of audit work: Audit work should include planning the audit examination and evaluating information, communicating results and following up
  5. Management of the internal audit department: the director of internal auditing should properly manage the internal auditing department. The directors of internal auditing should provide writer policies and procedures top guide the audit staff. The director should have a statement of purpose, authority and responsibility for the internal auditing department.

Online Resource:

[simple-links category=”3197″]

Leave a Reply

Your email address will not be published. Required fields are marked *