An entrepreneur starts his business from scratch and builds it over a period of time. In the beginning, all business activities are managed and controlled by him. He takes all decisions. As the business grows, the level of activities and transactions start multiplying. He keeps struggling with himself to cope
up with the incremental activity and reaches a flash point when it becomes humanly impossible to manage the business alone. At this point, he has to decide whether his limitation should become the limitation of the organization or should he delegate the authority to others. If he does delegate, then the next question is to whom and how much can he trust the people he delegates to, so that business objectives are met and assets protected.Â
Defining internal control
We all exercise internal controls consciously or unconsciously in our daily life. For example,
a) We do not leave the keys of a car in the car itself.
b) We give a limited amount of pocket money to our children so that they do not get spoilt in early age
c) We do not share passwords of our computer with anyone.
There are numerous daily small actions and processes we follow to ensure the safety of our assets and the optimum utilization of the resources we have.
Internal control is the process and the system that ensures the optimum utilization of resources to meet goals and objectives, as well as safeguard assets. Internal control is not merely an accounting function, rather it links with the whole organization. Internal control:
a) Promotes operational efficiency and effective utilization
b) Provides reliable and relevant information
c) Safeguards assets and records
d) Ensures adherence to laid out policies and
e) Ensures compliance with statutory requirements.
An organization’s goals are not achieved only by having internal control processes and systems in place. Internal control helps in achieving the same by protecting an organization’s assets and records, adhering to compliance requirements—statutory or otherwise and effective utilization of resources. It helps in detecting mistakes and internal frauds. Further, it minimizes the risk of an error or a fraud. There are innumerous examples of organizations that failed because they did not have adequate internal controls.
Responsibility
Internal control is affected by people. It is not merely policy manuals and forms. Its effectiveness, to a large extent, depends on top management philosophy and operating style. Everyone in the organization has a part in the internal control system. The role of each individual depends upon the level of responsibility and nature of involvement.
Managers and supervisors are responsible for establishing, implementing and ensuring the success of an internal control system.
Reviewing the effectiveness of internal control is an important responsibility of the Board of Directors of a company, which it may delegate to the Audit Committee. Management of a company is accountable to the Board for establishment, operating and monitoring of internal control.
A statutory auditor, in a case of a company, is required to comment on efficacy of internal control system commensurate with the size and nature of its business—does it have a satisfactory system of safeguarding its assets (physical verification of stocks etc), adequacy of internal audit function etc. Further, a statutory auditor relies on internal auditors’ reports to the management to form a view on internal control environment in a company.
Corporate governance
Corporate governance is defined in a number of ways:
- The system by which companies are directed and controlled
- The process and structure to direct and manage the business and affairs of the corporation with the objective of increasing shareholder value
- A set of relationships between a company’s management, its board, its shareholders and stakeholders.
Internal control is also a set of systems and processes to ensure optimum utilization of an organization’s resources to achieve its objectives and safeguard its assets. Corporate governance, in addition to internal controls objectives, encompasses the relationship between the company management and its stakeholders including owners/shareholders.
Internal control is a subset of corporate governance.
Steps for designing
The implementation of internal control consists of studying and analyzing the activities of an organization to assess the risks it faces, devising systems and processes to mitigate the risks, periodical review of the business/environment to update/modify the systems/processes to protect against changed risks, if any.
The management analyzes the risks in the business of the organization. Risks are categorized as
- strategic risks,
- financial risks,
- regulatory risks,
- reputation risks and
- operational risks.
Risks keep changing over a period of time e.g. change in people, addition or stoppage of an activity, new technologies etc. Therefore, it is important to periodically review the efficacy of internal controls to ensure effectiveness.
Internal control consists of:
i. Segregation of duties
ii. Authorization
iii. Validation of processes
iv. Review
v. Physical control
vi. Approval
vii. Reporting
It is important to assess the risk of failure and potential impact on the business while designing an internal control system. This should be compared with the cost of system/control. While control is costly and counter-productive, too little control has undue risks. The cost and benefit of control must be carefully considered before implementation.
Internal control does not guarantee, but provides reasonable assurance to shareholders that affairs of business are being conducted in a defined manner to meet its objectives efficiently and effectively to protect its assets and ensure compliances.
CA Anil Panwar is Chief Strategy Officer with RHC Pvt Ltd. He has earlier been CFO & President Finance at Fortis Heatlthcare Ltd.
Subscribe to this comment's feed
written by Udit C, January 05, 2010
written by Kishore S, November 27, 2009
Dare can start blog for internal control, for ppl to share best practices in internal control.
written by Kishore S, November 27, 2009
Can be good blog on dare site to share best practices in internal control.
written by Sudershan G, November 27, 2009
When businesses grow they have to be run on systems and not owner or individually driven.Unfortunately most of the industries run in the later way.It is high time we wake up & apply best practices suitable to business.
You can write to me for Managing the change.Thanks
written by Arun Kumar, November 24, 2009
| < Prev | Next > |
|---|
- Transition of Comic Books into Digital Format
- Implementing IFRS
- UID: Modern India’s Newest Security Mantra: How it will work
- Next-Gen Entrepreneurs: No Back Benchers
- Airlines in trouble: Different players need different solutions
- Ten Things that Have Gone Out of Business in Our Life Time
