Internal Controls

Internal controls are a wide range of tools, norms, and methods that are used by a firm to maintain the integrity of financial and accounting data, and avoid fraudulent actions. In addition, internal controls help a company to enhance the operational effectiveness through improving the precision and promptness of financial reporting.

Importance of Internal Controls

In 2002, after the accounting scandals, the Sarbanes-Oxley Act was passed. The purpose of this regulation was to protect investors from fraudulent accounting transactions and to attempt to improve disclosure by making it more accurate and reliable.

Internal audit began to play a fundamental role in the system of internal controls and the company’s management, and this was a consequence of the imposition of legal responsibility for the accuracy of financial data appearing in the statements by this regulatory act on the company's managers and creating an audit trail. Since then, company executives found guilty of improperly establishing and managing internal controls could face a real threat of criminal liability.

In addition to ensuring compliance with legal acts, internal audit is responsible for the collection of actual data and their reliability in financial statements. It also provides operational efficiency by identifying and resolving issues in a timely manner, before they are discovered by the external audit. After checking the company's accounting and internal controls processes, the external auditor can give an opinion on the company's performance.

No two systems of internal controls are analogous, however, the basic principles of financial transparency and accounting are commonly accepted management practices. Despite the fact that internal controls can be quite costly, if properly implemented, internal controls can greatly simplify operations and prevent fraud.

But in some cases, internal controls are ignored by company’s management or bypassed through collusion. In this regard, the Sarbanes-Oxley Act passed in 2002 by the US Congress acted as a defense mechanism to protect investors from possible fraudulent actions by companies through reforming the disclosure field.

Two types of Internal Controls

Internal controls are commonly composed of control activities such as authorization, documentation, reconciliation, security, and the separation of duties, and are typically classified into preventative and detective activities. 

Preventive Internal Controls. Definitely, under conditions of less stress, it is much easier to determine an effective way to solve a particular problem and apply appropriate measures to prevent the occurrence of a negative event than to work under the conditions of an unfortunate event that has happened. Thus, preventive internal controls activities are primarily aimed at preventing fraud and errors. Along with segregation of duties, clear techniques of preventive internal controls are authorization of invoices and verification of expenses. 

Detective Internal Controls. But when preventative measures were not enough, the next best line of defense is well-managed detective internal controls. Detective internal control tries to identify problems in the company's processes after they occur. In this case, an important tool is reconciliation needed to compare datasets, and if there are significant differences, corrective actions are taken. Other means of detective controls are external audits from accounting companies and internal audits of inventories. Detective controls are methods that are back up and are used to identify elements and events missed by the first line of defense.