Internal Control Systems Internal Control

This paper examines the premise that, within any organization, there are inherent limitations of internal control systems. Internal controls are established to meet certain business requirements, and are intended to:

Protect an organization from waste, fraud and inefficiency

Ensure the accuracy and reliability of accounting and operating data

Secure compliance with the organization's policies

Evaluate the performance of units within the organization (Kansas State University, 2003).

Given these goals, it can be seen that internal controls relate to good business practices.

The challenge of establishing and maintaining internal control lies in the fact that there is just no such thing as the perfect control system. Given that the cost of implementing a control should not exceed its expected benefit, then that constraint in itself implies an upper limit on what is possible for an organization to implement. As Trenerry (1999, p.20) observes, "Most internal control systems are cost-effective and are designed with a certain cost/benefit ratio as a limitation. This means that some errors will never be identified."

In practice, there are various other limitations on internal control as well. In addition to budget constraints, the list of possible limitations on internal control includes staff size. Another constraint is imposed by the element of human error, misunderstandings, fatigue and stress. Still another is the desire to commit fraud, theft, or embezzlement. Many internal control systems cannot detect a cover-up by two or more people acting together...

Trenerry (1999, pp. 19-20) offers the example of EFC (Equity Funding Corporation) where more than 40 middle and senior managers conspired to commit fraud, which collusion went undetected for a span of 10 years.
Business growth can become another internal control limitation. When a company grows or diversifies, those activities can render controls ineffective or inoperative. Internal controls should manage a business's risk, and when operations change, the internal control system may be inadequate for the new conditions. Procedures that were once effective can become less effective, due to the arrival of new personnel, or due to varying effectiveness of training and supervision, or to additional pressures. Or, the circumstances for which the internal control system was originally designed can also change (Kansas State University, 2003).

One of the basic principles of internal control requires segregation of duties. That is, if the same person handles multiple functions, the potential for fraud or error exists and must be managed. Implementing this principle means that the responsibility for related activities must be assigned to different individuals, and the responsibility for record keeping for an asset must be separate from the physical custody of the asset.

An example of implementing an internal control procedure is the way that purchasing activities are managed. Such related activities as ordering merchandise, receiving goods, and paying or authorizing payment for merchandise should be assigned to different individuals. If the same individual handles these functions, the opportunity exists for unauthorized purchase or use, fraud, theft…