Characteristics of internal control. There are different categories of internal controls that are developed and implemented by the organization to ensure that its assets are safeguarded, and operations are run smoothly. When we talk about the smoothly running of operations, it means that all processes and cross-departmental functions are running effectively as per defined policies and procedures.
Characteristics Of Internal Control
Organizations ensure that internal controls systems must be robust enough to prevent and detect fraud risks. Therefore, when designing internal controls, a risk-based approach is followed, where critical and high fraud risk areas are identified. Internal controls are developed keeping in view the requirements of such high-risk areas and processes.
Below are different categories of internal controls which have different characteristics:
Preventative And Detective Control
Preventative controls are built in the philosophy of separating the duties to ensure that the same person does not perform interrelated activities in a process. For example, an employee may be required to initiate the transaction, but the recording of such transaction shall be performed by another employee. This helps in minimizing the risk of conduct of fraud. Similarly, for authorization of the recorded transaction, a third employee or head of the department shall authorize it.
For example, payroll entries are passed by one employee, and payroll approval is provided by the head of the Human Resource department.
Detective controls are the controls that identify the problems that exist in the processes and departments. Detective controls do not prevent but highlight the already existing issues. Audits are an example of detective controls, through which control breaches are identified, which may indicate the occurrence of fraud. Another example of detective control is monthly bank reconciliation, where outstanding financial or unreconciled entries are identified and resolved accordingly.
Manual And Automated Controls
Manual controls are physically applied by the management or an individual employee. In the case of manual controls, a human must review and give approval or authorization to the individual transaction.
Automated controls are controls that are programmed and built into the systems used by the organization. Automated controls do not require human intervention and are automatically applied and run in the system based on defined parameters.
Hard Controls And Soft Controls
Hard controls lead to directly visibly changed behavior or actions. Employee behavior is directly influenced. Key elements of hard controls are planning and control, tasks, responsibilities, and authorizations. Hard controls can be observed and are therefore relatively easy to test. Hard controls are built to ensure that processes and systems are run effectively and efficiently, resulting in the avoidance of frauds and non-compliances. Examples of hard controls are authorization levels, segregation of duties, etc. Hard controls enable employees to work in a defined manner without deviating from the defined policies and control procedures. Hard controls prevent or detect the occurrence of fraud or fraud risks.
Soft controls are about the culture and behavior of senior management, middle management, and employees and their impact on achieving organizational goals and objectives.
Over the past decade, media coverage of fraud and corruption scandals has helped to highlight the importance of soft controls for organizations. Inadequate soft controls impact the achievement of business objectives. Regulatory authorities are increasingly emphasizing soft controls.
Soft controls can be regarded as measures influencing employees’ motivation, integrity, and satisfaction. Employees feel secure and recognized when soft controls are effectively applied. The behavior of senior management, such as regular feedback systems from the employees, giving appropriate resources to the employees, and providing a positive work environment, all contribute to the enhancement of employee behavior.
Improve your company’s internal control by understanding the most important characteristics. Good organization is required for effective internal control. Reducing the number of errors and irregularities helps to ensure that the control system’s objectives are met correctly.