Internal Control Review provides an independent evaluation of the adequacy of internal controls with results reported to the management. Evaluation will be made upon whether basic standards have been maintained on basic internal control procedures. Some of the basic elements of internal control have been identified as follow:
Elements of Internal Control
Personnel: Competent and trustworthy people should be employed, with clearly established borders of authorities and responsibilities. There should be sufficient documentation upon job descriptions and operating procedures. Organizational charts are recommended for clear and visual presentation of borders of authorities; job descriptions shall be periodically updated so as to ensure that employees are aware of the duties they are expected to perform.
Authorization Procedures: This should involve a thorough review of supporting information to verify the appropriateness and validity of transactions. Approval authority should be commensurate with the nature and significance of the transactions and in compliance with companies’ policy. For example, no one person should be the claimant and approver of the same travelling allowance. That procurements of goods and services above HK$5,000 are to be approved by the Entity Tender Committee is also an example of authorization procedures.
Segregation of Duties: Usually, this reduces the likelihood of errors and irregularities. An individual should not have responsibility for more than one of the three transaction components: authorization, custody, and recording.
Physical Restrictions: These are the most important types of protective measures for safeguarding assets, processes, and data. Examples include:
- Locking doors and windows before leaving the office
- Classifying staff’s authority for entering rooms or areas that are susceptible to risks
- Adequately securing critical forms, such as cheque books, receipt books and Goods Received Vouchers (GRVs)
Documentation and Record Retention: Involving providing reasonable assurance that assets are controlled and transactions are correctly recorded. For example, maintaining assets and special advance registers.
Monitoring Operations: It is essential to verify that controls are operating properly. For example, preparing monthly bank reconciliation statements to verify transactions of the cash book and bank statement, and; reviewing quarterly investment schedules to track investments made with financial institutions.
Responsibility for Detecting Fraud
When it comes to frauds, it shall be a shared responsibility. The management of the company is responsible for establishing and maintaining controls that discourage perpetuation of fraud; while internal control is responsible for examining and evaluating the adequacy and effectiveness of those controls. Audit programs are developed in such a way that should there be severe frauds, the audit should be able to identify them.
ALE can help review the effectiveness of your business’s internal controls in the areas of finance, operations and compliance. Services include:
- identify and assess potential risks
- develop risk management strategies
- help your business implement new systems