What are Internal Controls? (With Pros, Cons and Examples)
By Indeed Editorial Team
Updated December 5, 2021 | Published October 9, 2020
Updated December 5, 2021
Published October 9, 2020
Business units have different ways to monitor and protect their company's assets. The facilities team, for example, may hold daily check-ins to see what kind and how many tools are available for use. Administrative units may update their running inventory of office supplies each week.
A company's financial department is responsible for ensuring its fiscal information is accurate and reliable. These safeguards protecting physical assets and ensuring the integrity of accounting practices are called internal controls. In this article, we define internal controls, discuss how they work, explore the advantages and disadvantages of using internal controls and list examples of them.
What are internal controls?
Internal controls are the physical elements, policies and practices a company puts in place to protect the integrity of its assets and financial and accounting information, promote accountability and prevent fraud. Internal controls also include the measures a company takes to ensure its employees comply with all laws and regulations and do not steal company assets. Physical controls like door locks, area restrictions, safes and surveillance equipment are internal controls, too.
A company typically oversees its own internal controls. Entities not managed by the company manage external controls like audits and regulatory investigations.
How internal controls work
Internal controls work in two ways: They hold company managers individually responsible for physical inventories and for the accuracy and regularity of financial reporting, and they require that companies create audit trails for its fiscal transactions. Audit trails are records providing step-by-step details to trace accounting data to its source. Audit trails are necessary so that all business undertakings are free from fraudulent bookkeeping practices.
Types of internal controls
There are two types of internal controls:
Preventive controls: These are practices and policies designed to stop problems before they occur.
Detective controls: These procedures are designed to identify already existing problems.
Both types of internal controls are based on securing material assets, separating duties, authorizing money transfers from account to account, approving external business deals and verifying each step of financial transactions.
Advantages and disadvantages of internal controls
As with any business system, there are advantages and disadvantages to internal controls:
Some advantages of internal controls could include:
Internal controls are accessible to a limited number of trusted upper-level employees. The fewer people involved, the easier it is to oversee their actions and guard against irregularities.
Properly designed and executed internal controls increase efficiency by making transactions transparent to any business unit needing them.
When internal controls are well-balanced between providing transparency and encouraging efficiency, they protect employees from accusations of irregularities or misappropriations of funds.
Possible disadvantages of internal controls include:
There is no foolproof way to ensure that employees do not override those controls because human behavior is an unpredictable element in the internal control process.
If a company poorly plans or incorrectly implements its internal controls, employees using them may become frustrated and apathetic about enforcing them.
If a company's internal controls are too rigid, they may inhibit the flexibility a company needs to make operational shifts as needed to stay effective.
Examples of internal controls
Here are some examples of internal controls:
Companies create a delegated authority document to outline who has responsibility for sensitive tasks, including signing legal documents, handling incoming checks and cash, signing company checks, authorizing staff expenses, accessing the safe, accessing petty cash and having access to accounting records.
Similarly, businesses establish authorization protocols, outlining who can authorize what kinds of transactions. Best practices include making sure no one authorizes any transactions which could financially benefit the authorizer and ensuring that subordinates don't authorize payments to managers, for example.
Companies use an assets register to list each asset with an ID number. The register is a record of where and when each item was purchased, how much it cost, how much it is insured for, its repair history and other details like serial numbers, guarantees or warranties.
Properly maintaining company assets like equipment and buildings is also an internal control. This includes regularly scheduled inspections and routine maintenance as well as repairs.
The majority of businesses keep cash transactions to a minimum, which is in itself a form of internal control. Cash on hand leads to opportunities for mismanagement and theft. When it's necessary to have cash around, these internal controls are important:
Restrict access to cash and the safe.
Regularly reconcile petty cash.
Keep incoming and outgoing cash separate.
Regularly deposit cash assets Issue receipts for incoming cash.
Obtain receipts for outgoing cash.
Keep receipt books securely locked up.
Companies authorize different people to initiate, approve and pay for goods or services. Separation of these duties makes it difficult to manipulate the purchasing process in ways that would hurt the company.
Different parties order and received incoming items, separating those inventory-purchasing responsibilities. Companies regularly count and record onsite items, conducting physical inventory as a form of internal control.
Another example of separation as an internal control is making different employees responsible for authorizing returns and issuing refunds for those returned items.
9. Accounts payable
Businesses also require separate people to receive incoming bills and approve bill payments in their accounts payable (AP) departments.
To eliminate opportunities for bank-related fraud, companies close any dormant account immediately and regularly reconcile all active accounts.
Three characteristics companies require of check signers are trustworthiness, patience and availability. Many businesses require a minimum of two signatures on checks. Companies may create a pool of authorized signers, so one person's absence will not delay issuing checks.
The responsibilities for reporting hours worked, authorizing payroll amounts and disbursing payroll funds belong to different employees. The principle of separation again helps prevent improper handling of company funds.
13. Computer use
Monitoring and analyzing employee use of computers is an internal control businesses use regularly. Not only does this provide insight into employee activities that may be financially fraudulent, but it also helps monitor the proper use of a company's irreplaceable resource—employee time.
Businesses purchase insurance to protect assets without which the organization would struggle to operate and to safeguard high-value items that might be easily stolen. Motor vehicles, large amounts of cash for transport, specialty equipment and buildings and their contents are examples of property that a company should insure.
Explore more articles
- FAQ: What Is a 1-Year MBA? (Plus Benefits and Pros and Cons)
- What Is an Audited Financial Statement? (And What To Include)
- What Does Sourcing Mean? (With Types and Tips)
- 11 Ways To Improve Your Accountability When You’re Working From Home
- What Is an Independent Variable? Definition and Examples
- What Is an MSSP? Definition, Benefits and Tips To Consider
- What Is Net Income?
- What Is BOPIS in Retail Sales? A Definitive Guide
- What Is Security Testing? (With Types and Related Jobs)
- What Is A PA?
- What Does Interest Mean for My Financial Health?
- What Is an Audited Financial Statement? (And What To Include)