Study on the effectiveness of internal control systems in Ghana public sector: a look into the district assemblies. Part 1


Assessing the effectiveness of the internal control system in the public sector is one of the surest way to identify if public institutions are working effectively to achieve corporate objectives. The objective of the study is to assess the effectiveness of the internal control systems in the MMDA’S. The study made use of convenience and purposive sampling method to sample data. It was observed that there is an existence of internal control system in the Adenta Municipal Assembly and it is very effective in the achievement of the Assembly’s objectives. The Writer recommended that the government should employ more personnel who are members of the professional bodies such as the ICA Ghana, ACCA, and CIMA into the unit, this is because with their knowledge and in-depth study of their profession it will help to reduce the problems of internal control as highlighted in this work.

Full Text

Introduction The internal control system is the major part in any organization. “Internal control is the process designed and affected by those charged with governance, management and other personnel to provide reasonable assurance about achievement of entity’s objectives with regard to reliability of financial reporting, effectiveness and efficiency of operations and compliance with applicable laws and regulations. It follows that internal control is designed and implemented to address identified business risks that threaten the achievement of any of these objectives.”. According to Millichamp, [1], The Institute of Chartered Accountants of England and Wales (ICAEW), “internal Control system is the whole system of controls, financial or otherwise, established by the management in order to carry on the business of the enterprise in orderly and efficient manner, ensure adherence to management policies, safe guard assets and secure as far as possible the completeness and accuracy of records”. It comprises of following components [2]: § The control environment § The entity’s risk assessment process § The information and communication system, § Control activities § Monitoring The public sector in Ghana is unique sector in the economy. It provides different kind of services to the Ghanaian citizens and handles massive volume of funds daily. For instance, the District Assemblies as part of the public sector mission is to improve livelihoods and provide adequate socioeconomic infrastructure in an equitable and sustainable manner for its people through effective stakeholder collaboration within a secure, decentralised system of governance and sound environmental management. In furtherance of these objectives, the District Assemblies Common Fund (DACF) was established and has been in operation for over a decade. Due to these facts the necessity of internal control system in the public sector of Ghana cannot be undermined. A system of tough internal controls can support to ensure that the goals and objectives of Assemblies will be met, that the Assemblies will help to attain long-term targets, and maintain reliable financial and managerial reporting. Such a system can also help to ensure that the Assemblies will comply with laws and regulations as well as policies, plans, internal rules and procedures and decrease the risk of unexpected losses or damage to the local government reputation. This helps management to safeguard the organization’s resources, produce reliable financial reports and comply with laws and regulations. Meantime it reduces possibilities of substantial errors and irregularities and assists in their timely detection when they do occur. Also this control system may discover mistakes caused by personal distraction, carelessness, error in judgment or unclear instructions in addition to frauds or deliberate noncompliance with policies.Therefore the Assemblies’ staff must have proper knowledge on its internal controls and be consistently applied too.These controls include division of work, job rotation, authority levels, separation custody and recording and accounting controls. As discussed above, internal control serves as the strength of every organization; the reason being that the control system in any organization is a pillar for efficient accounting system. The establishment of an effective system that is capable of preventing fraud and also ensuring government transactions are carried out under lawful procedure is essential. The essence being that, effective and efficient use of government resources has necessitated the need to establish sophisticated internal control systems that would prevent fraudulent practices, financially or otherwise. Therefore, increasing attention is being paid to methods of internal control in recent years. Not only the complexity of modern business techniques but also the size of business unit encourage the adoption of methods which, whilst increasing the deficiency of public sector business, also as safeguard against errors and fraud. A survey by Klynveld Peat Marwick Goerdeler (KPMG) found that sixty per cent (60%) of fraud are committed in a business and it’s due to weak internal controls. Common frauds include double payment of invoices and payment being made for work that had never been performed. These mistakes are a signal to the outside world that the internal controls are weak and the firm is a target for further abuse. Most professionals and public sector managers believe that internal control is the tool to prevent the risk of major failure in this sector. This has necessitated a research to examine the effectiveness of internal controls system in the Adentan Municipal Assembly-ADMA. Statement of the Problem Most often, there is lack of mutual understanding with regards to the effective functioning of Internal Control mechanisms and the management functions of organizations with regards to planning process, each other’s role and working together to facilitate effective organization arrangements. A situation that often results in antagonisms and confusion in the governance processes of many government organizations. Internal Control Mechanisms in public sector organizations are often misconstrued and often aligned with political and management affiliations rather than they being looked at objectively and holistically. This state of affairs often results in mistrust of the public in the Internal Controls in the public sector, particularly in the local government systems. Further, the reporting lines of the Internal Audit Units in the organizational structure of the Assemblies tend to conflict with other functions of numerous monitoring and review teams in the local government system thereby affecting negatively the independence of the Internal Audit Unit and the scope of their work. Without over emphasizing the immense benefits of internal controls in public sector organizations and to the citizenry, coupled with recent revelations of financial malfeasances in many local government institutions, particularly the assemblies as unearthed by the Public Accounts Committee (PAC) of Parliament. Misapplications and misappropriations of district assembly funds cited in the Report of the Auditor General on the Accounts of District Assemblies for the year ended 31 December 2010 pages 16, 26, 28 and 50 in contravention of Part VII Section 2, Part VIII Sections 1 and 2 of the Financial Memoranda for District Assemblies, 2004 and Section 179 (1) of the Financial Administration Regulations, 2004 are a few of the financial malpractices in the public sector which boils largely to weak and ill functioning internal controls. This study therefore seeks to assess the role of internal controls in Public Sector Organizations and for that matter the district, municipal and metropolitan assemblies of Ghana. Accordingly, the practice boundaries between what are internal controls versus managerial reviews/oversight, and what are controls in general versus other assessments or evaluation functions constitute what this study seeks to unearth. In recent years, programmes have been developed by sub-region African countries to include new ideas which are directed towards bringing in improved techniques in services provided by government in general. In Ghana for instance public sector financial management have over the past decade under gone various reform which included Programme of Action to Mitigate Against Social Cost of Adjustment and Development (PAMSCAD), Public Financial Management Programme (PUFMAP), Budget Performance and Expenditure Management System (BPEMS) and the Ghana Integrated Financial Management Information System (GIFMIS) all of which seek to strengthen the internal control systems in the public sector to have an efficient and wasteless financial management system. However, recent accounting frauds by many of our public sector institution have created mistrust among users towards organizations. These incidences create consequences which have an economic impact. For the public to have the most beneficial impact of the Assemblies operations, it is essential that the Assemblies report the results of their work promptly, be it financial or operational and not just to elected and appointed representatives but also to management of the assemblies. Some executives of many organizations have sought ways to control the enterprises that they run. Internal controls help an organization to achieve its objectives. Not only the District Assemblies, the Daily Graphic, Friday, October 19,2007 on pages 1&3 reported the embezzlement of GH¢5.5bn of withholding taxes belonging to the Internal Revenue Service (IRS) by two officials of the service due to ineffective internal controls and supervision over the work of the culprits. The report therefore urged managers to be more serious about effective internal controls in order to detect and prevent such acts to avoid losses to organizations. An increasing change in the organizations environment has become a common feature in modern organizations and business which call for effective internal control systems to promote efficiency, effectiveness and compliance with rules and regulations. There have been calls for better internal controls in organizations. Internal controls are therefore looked upon more and more as a solution to a variety of potential problems in pubic organizations in Ghana. These risk exposure and cases of fraud have prompted the study to analyze effectiveness of the internal control system in the Adentan Municipal Assembly in Accra. Objectives of the Study The broad objective of this research work is to examine the effectiveness of internal controls system in the Adentan Municipal Assembly-ADMA. In order to accomplish the above general objective, the study sought to address the following specific objectives: 1. To identify the various forms, measures and mechanisms put in place to enhance the effectiveness of internal controls in the Adentan Municipal Assembly - ADMA. 2. To identify and assess the key element of an effective and efficient internal control function. 3. Identify the major problems that inhibit the effective and efficient functioning of internal controls in the accomplishment of the ADMA goals. Research Questions Related to the problem, the research sought to address the following questions 1. What are the various forms and mechanisms put in place to enhance the effectiveness of internal control at ADMA? 2. What are the key elements of an effective and efficient internal control function at ADMA? 3. What are the major problems that inhibit the effective and efficient functioning of internal controls at ADMA? Significance of the Study The importance of this study cannot be overemphasized, as it will set out to unearth how an effective and efficient internal control function impacts positively on good governance and accountability in public sector organizations; it will also unearth as well the negative impacts of ineffective and inefficient internal control mechanisms impacts on governance of public sector entities. Thereby helping policy formulators and decision makers in public entities to know the kind of policy instruments regarding good governance that will help them to shape their respective organizations and institutions so as to make them more efficient and viable and vision oriented. As evident in the introduction, internal controls form the cornerstone of good governance in all organizations. In the public sector, internal controls have a major role to play in protecting public interest relating public funds as well other important aspects of the purpose of public institutions. It is therefore not out of place to assess and take stock of internal control activities’ impact on good governance in the Ghanaian public sector entities in order to help plan the way forward. The study will also seek to provide an opportunity to policy makers (government) to harness the most benefits out of the internal control function and tools by identifying loopholes in the existing processes/mechanisms and knowing how it impacts on good governance in government activities. Lastly, it seeks to add to the knowledge and existing literature and also to serve as a pivot for future research work in the area or subject matter. Scope of the Study The research will be limited to activities in the public sector specifically the district assemblies. There are currently several metropolitan, municipal, and assemblies (MMDAs) in the country. However for the purpose of the study, Adentan Municipal Assembly (ADMA) will be selected for investigation and analysis. The study will focus on internal control systems in the organization, their roles, and objectives and how they impact decision making. Literature Review Elements of internal control Internal controls systems (as appropriately and initially defined by the Auditing Practices Committee of United Kingdom) includes the whole system of controls, financial and otherwise, established by management in order to carry on the business of the enterprise in an orderly and effective manner, ensure adherence manner to management policies, safeguard the assets and secure as far as possible the complete accuracy of the record. The auditing committee of United Kingdom describes the elements of internal control systems in the auditor’s operational standard as: Organisation control An organisation should have a plan of its activities which should define and allocate responsibilities, that is, every function should be monitored by a specific person who may be called “responsibility officer”. Adequate lines reporting for all aspects of the organization’s operations, including controls, should be clearly stated and the delegation of authority and responsibility should be clearly specified.. Arithmetic and Accounting These controls ensures that the transaction to be recorded and processed have been correctly recorded, accurately processed and have been authorized. Such controls include checking the arithmetical accuracy of the records, the maintenance and checking of totals, reconciliations, controls accounts and trial balance Personnel: Personnel are very important features to be considered in setting up any control system. It should have the capabilities to employ qualified staff and be responsible for the selection and training as well as looking for the characteristics suitable for the various jobs Supervision: Any system of internal control should include the supervision by responsible officials of day - to - day transactions and the recording thereof by responsible officials Management These are the controls exercised by management outside the day - to - day routine of the system. They include the overall supervisory controls, (exercised by management), the review of management accounts and comparison of actual expenditures with budgets and any other special review procedures. Moreover, management can assess the performance of officials by the use of some management tools as budgetary control, management by objectives etc. Segregation of duties One of the prime means of control is separation of duties. This reduces the risk of internal manipulations, accidental error and increases the element of checking. Functions which should be separated in an organization’s financial management include: initiation (officer or person who decides to give out a loan), Execution (the person who keeps the money to be loan out) and recording (the person who records the whole process in the book). System development and daily operations have to be considered in molding the internal control system to be full proof against fraud. Physical control This concerns the physical custody of assets and involves procedures and security measures designed to limit access to authorised personnel only. These include both direct and indirect access via documentations. These controls assume importance in the case of valuable, portable, exchangeable or desirable assets. Physical control can also be achieved by electronic means in a computerised environment, for example through the use of electronic identification cards and password to restrict access to particular file. Authorisation and approval All transactions should require authorization by an appropriate responsible person. This is very important in the financial system of an organization where large amount of money is handled, so therefore, it is appropriate for monies which are used for various transactions to be authorised by a trusted and responsible person. Components of the Control System Internal controls systems operate at different levels of effectiveness. “it is necessary that a system have certain elements or characteristics to increase the likelihood that accounting records will be reliable and that safeguarding of assets will be dependable” [3. P. 11]. The way in which internal controls are designed and implemented varies with the entity’s size and complexity. Specially, smaller entities may use less formal means and simpler processes and procedures to achieve their objectives. For example, smaller entities with active management involvement may not have extensive descriptions of accounting procedures or detailed written policies. For some entities, in particular very small ones, management or managers may perform functions which in a larger entity would be regarded as belonging to several components of internal control. Thus, the components of internal control may not be clearly distinguished within smaller entities, but their underlying purposes are equally valid. According to Arens& Co [3. P. 11]; the Committee of Sponsoring Organization of the Treadway Commission (COSO) report and the international standards on Auditing, ISA 315 stipulate the following as the five components of internal control: · Control environment, · Risk assessment, · Control activities · Information and communication · Monitoring There is a direct relationship between objectives, which are what an entity strives to achieve, and the components, which represent what is needed to achieve the objectives. The relationship can be depicted by a three - dimensional matrix: · The three objectives categories - operations, financial reporting, and compliance the five components · The units or activities of an entity, to which internal control relates. Control Environment Ofori, Dougles, Millichamp [1], Amudo&Inanga,Whittington & Pany [4], Messier, Sri Lanka Auditing Standards have mentioned that Control environment is the attitude toward internal control and control consciousness established and maintained by the management and the employees of an organization. It may be viewed as the foundation for other components of internal control providing discipline and structure. Millichamp describes control environment as the overall attitude, awareness and actions of directors and management regarding internal controls and their importance in the entity [1]. Seven factors affecting the control environment include management's philosophy and operating style, integrity and ethical values, a commitment to the competence, board of directors or audit committee, organizational structure, assignment of authority and responsibility and human resource policies and practices respectively. The control environment, serves as an umbrella for the other four components, Arens & Co. [3. P. 11]. It is the overall control consciousness of an organization effected by management through policies, procedures, ethical standards, and monitoring processes. This reflects the board of directors and management’s firm decision to internal control. The control environment includes management philosophy seen in its vision and mission for the organization. The element of control environment also encompass the organizational structures which specify responsibility in the performance of financial and non - financial duties, management operating style, attitude, ethical values, the integrity, skill and competence of personnel. They are the policies and procedures that help ensure that management directives are carried correctly and in a timely fashion. Lannoye. These involves control activities such as performance reviews, information processing, physical controls, and segregation of duties, these activities are implemented by management to ensure accomplishment of organizational objectives and the mitigations of risk. DiNapoli [5] postulated that the control activities are the instructions, rules, methods and decisions established over various activities by management to prevent or reduce risks that affect the organization in achieving its objectives. Control activities occur at all levels and functions of the entity. They include a wide range of activities such as approvals, authorization, verifications, reconciliations, performing reviews, maintenance of security and the creation and maintenance of related records which provide evidence of execution of these activities as well as appropriate documentation. However, the control environment is summarized into five principles. 1. The organization demonstrates a commitment to integrity and ethical values. 2. The board of directors demonstrates independence of management and exercises oversight for the development and performance of internal control. 3. Management establishes, with board oversight, structures, reporting lines, and appropriate authorities and responsibilities in the pursuit of objectives. 4. The organization demonstrates a commitment to attract, develop and retain competent individuals in alignment with objectives 5. The organization holds individuals accountable for their internal control responsibilities in the pursuit of objectives. Risk Assessment Every entity faces a variety of risk from external and internal source that must be assessed. Risk assessment is the process or procedure an organization goes through in the identification and analysis of relevant risks to the achievement of the objectives, forming a basis for determining how the risk should be managed. Risks are the happenings that threaten the achievement of objectives. They finally affect an organization's ability to achieve its mission. Risk assessment is the process of detecting, assessing and determining how to succeed these things. There are both internal and external risks that could prevent the achievement of established objectives at the every level in an organization. Therefore, management should take necessary actions to prevent these risks. But, sometimes management cannot avoid the risk from occurring. In these situations, management should determine whether to accept the risk, reduce it up to the acceptable levels, or avoid. So management should ensure each risk is assessed and handled properly to achieve its objectives. Risk assessment involves using professional judgment carefully in identifying and evaluating factors which can affect the organization adversely and result is possible losses both financially and non - financially.(Douglas, Ofori, Messier, Whittington & Pany [4]). According to COSO [2], there are four principles relating to risk assessment, these principles are: 6. The organization specifies objectives with sufficient clarity to enable the identification and assessment of risk relating to objectives 7. The organization identifies risk to the achievement of its objectives across the entity and analyses risk as a basis for determining how the risk should be managed. 8. The organization considers the potential for fraud in assessing risk to the achievement of objectives 9. The organization identifies and assesses changes that could significantly impact the system of internal control. Control Activities Control activities are tools - both manual and automated - that help prevent or reduce the risks that can impede accomplishment of the organization's objectives and mission. Management should establish control activities to effectively and efficiently accomplish the organization's objectives and mission. Messier noted that control activities are the policies and procedures that help ensure that necessary actions are taken to address the risks involved in the achievement of the entity’s objectives. Accordingly the control activities that are relevant to the audit include: · Performance review · Information processing · Physical control. · Segregation of duties. Amudo & Inanga viewed that authorization, segregation of duties, verification before making the payments, control over access to resources, reconciliation, review operations and supervision as the control activities in any organization. Management should establish control activities that are effective and efficient. Control activities occur at all levels and functions of the entity. He provided the following as example of control activities: 1. Top level reviews of actual performance, 2. Reviews by management at the functional or activity level, 3. Management of human capital, 4. Controls over information processing, 5. Physical control over vulnerable assets, 6. Establishment and review of performance measures and indicators, 7. Segregation of duties, 8. Proper execution of transaction and events, 9. Accurate and timely recording of transactions and events, 10. Access restrictions to and accountability for resources and records, and 11. Appropriate documentation of transactions (Douglas, Ofori, Messier, Whittington & Pany [4]) Information and Communication Pertinent information must be identified, captured and communicated in a form and time frame that enable people to carry out their responsibilities. Information systems produce reports, containing operational, financial and compliancerelated information, that make it possible to run and control the business. They deal not only with internally generated data, but also information about external events, activities and conditions necessary to informed business decisionmaking and external reporting. Effective communication also must occur in a broader sense, flowing down, across and up of the organization. All personnel must receive a clear message from top management that control responsibilities must be taken seriously. They must understand their own role in the internal control system, as well as how individual activities relate to the work of others. They must have a means of communicating significant information upstream. There also need to be effective communication with external parties, such as customers, suppliers, regulators and shareholders. There are three principles relating to information and communication, these principles are as follows: 1. The organization obtains or generates and uses relevant, quality information to support the functioning of other components of internal control. 2. The organization internally communicate information, including objectives and responsibilities for internal control , necessarily to support the functioning of other components of internal control 3. The organization communicates with external parties regarding matters affecting the functioning of other components of internal controls. Monitoring Activities Internal control system and application of controls change overtime. This can be due to the arrival of new personnel, varying effectiveness of implementing the procedures or supervision, time and resource constraints or changes in the circumstances for which the internal control system originally was designed. Thus the management needs to determine and observe whether the internal control system continues to be relevant and effective in the entity as intended. The purpose of monitoring is to determine whether internal control is adequately designed, properly executed, and effective. Internal control is adequately designed and properly executed if all five internal control components (Control Environment, Risk Assessment, Control Activities, Information and Communication, and Monitoring) are present and functioning as designed. Monitoring, the last component of internal control, is a process that assess the quality of internal control over time. Also monitoring is the evaluation of an organization's events and transactions to gauge the quality of performance throughout the period and to decide whether controls are effective. Management should emphasis monitoring efforts on internal control and accomplishes the organization objectives. It is important to monitor internal control to determine whether it is operating as intended and whether any modifications are necessary. All employees need to understand the organization's mission, objectives, and responsibilities and risk tolerance levels for monitoring to be most effective. Simmons posited that monitoring can be done through ongoing activities or separate evaluations. Ongoing monitoring activities include regularly performed supervisory and management activities such as continuous monitoring of customer complaints or reviewing the reasonableness of management reports. Separate evaluations are monitoring activities that are performed on nonrouting basis such as periodic audits by internal auditors. In evaluating the extent to which the effectiveness of internal control is monitored, the following criteria in ongoing monitoring activities, separate evaluations and reporting deficiencies should be considered. (COSO [6]). o Ongoing monitoring · Extent to which personnel, in carrying out their regular activities, obtain evidence as to whether the system of internal control continues to function; · Corroboration of the communication from external parties with internally generated information; o Periodic comparison of amounts recorded by the accounting system with existing assets and liabilities; · Feedback to management whether controls operate effectively; · Effectiveness of internal audit activities o Separate evaluation · Scope and frequency of separate evaluation of internal control · Appropriateness and logicality of evaluation process and methodology · Appropriateness of the level of documentation o Reporting deficiency · Existing of the mechanism for capturing and reporting identified internal control deficiencies; · Appropriateness of reporting protocols and follow up actions Monitoring includes management’s methods for following up and checking on performance to ensure that controls are complied with. With monitoring component the internal control has made a circle and monitoring activity help to improve control activities, information systems as well as overall control environment. Messier, Whittington & Pany [4], Douglas, Simmon, Ofori). Types of Internal Control Internal controls basically fall into two broad categories; these categories can be either preventive or detective. However, different writers have come out with different types of internal control systems. Milichamp indicates that the types of internal controls are safeguarding of assets, separation of duties, supervision, verification, approval and authorization, documentation and reporting. Other authors such as Lousteau [7], the state university of New York and DiNapoli [5] have agreed that the types of internal controls includes directive controls, preventive controls, compensating controls, detective controls and corrective actions. The type of internal control systems adopted in an organization depends on the varying requirement of an organization. However, the most common types that are implemented in most organizations include preventive internal control, detective internal control and corrective internal control. These types of internal controls are explained below. Preventive Controls They are the steps taken to deter or prevent undesirable events from occurring. They are proactive controls that help to prevent a loss. Examples of preventive controls are listed below: 1. Controls are separation of duties; duties are segregated among different people to reduce the risk of error or inappropriate action. Normally, responsibilities for authorizing transactions (approval), recording transactions (accounting) and handling the related assets (custody) are divided. 2. Proper authorization, management authorizes employees to perform certain activities and to execute certain transactions within limited parameters. In addition, management specifies these activities or transactions that need supervisory approval before they are performed or executed by employees. A supervisor’s approval (manual or electronic) implies that he or she has verified and validated that the activity or transaction conforms to established policies and procedures. 3. Adequate documentation, and 4. Physical control of assets. Access to equipment, inventories, securities, cash and other assets is restricted; assets are periodically counted and compared to amounts shown on control records. Detective Controls The measures a company uses to attempt to detect undesirable acts, so they can be corrected, ideally as promptly as possible. They provide evidence that a loss has occurred but do not prevent a loss from occurring. Examples of detective controls are: review of performance, management compares information about current performance to budgets, forecasts, prior periods, or other benchmarks to measure the extent to which goals and objectives are being achieved and to identify unexpected results or unusual condition that requires follow - up. Gupta, P. [8]. Reconciliation, an employee relates different sets of data to one another, identifies and investigates differences, and takes corrective action, when necessary. The common type of reconciliation is band reconciliation and stock requisition reconciliation. Audits, most companies hold regular external and internal audits to review financial statements, scrutinize departments, and determine if there are any irregularities. Controls over information systems (preventive and detective): control over information systems are grouped into two broad categoriesgeneral controls and application controls. General controls commonly include controls over data center operations, system software acquisition and maintenance, access security, and application system development and maintenance. Corrective Controls Simmons the corrective controls are put in place to address anything which is foreign and every problem that has occurred in the system. Examples of corrective control are system re - design, follow -ups, post audits and application of punishments by management for wrong doing. Directive Controls Directive controls refers to policies and procedure put in place by top management to promote compliance with independence rules. The policies and procedures from management that are important must pervade the organization and must be clear and consistent in order to ensure compliance, Rittenberg et al [9]. Compensating Controls According to Drury, C. [10], compensating controls are put in place for lack of controls elsewhere in the system. For example, firms with and electronic database could maintain a hard copy of the client list in the office library. Such a list would compensate for downtime in electronic system and difficulties in locating client names in an electronic system. These types of control are essential to an effective internal control system. From a quality standpoint, preventive controls are essential because they are proactive and emphasize quality. However, detective controls play a critical role providing evidence that the preventive controls are functioning and preventing losses. In addition, management specifies those activities or transactions that need supervisory approval before they are performed or executed by employees. A supervisor’s approval (manual or electronic) implies the he or she has verified and validated that the activity or transaction conforms to established policies and procedures. Objectives of Internal Controls Internal control objectives are desired goals or conditions for a specific event cycle which, is achieved, minimize the potential that waste, loss, unauthorized use or misappropriation will occur, IT Governance institute [11]. They are the conditions which we want the system of internal control to satisfy. For a control objective to be effective, compliance with it must be measurable and observable. Internal audit evaluates the organization’s system of internal control by accessing the ability of individual process controls to achieve seven pre -defined control objectives. The control objectives include: 1. Authorization, the objective is to ensure that all transactions are approved by responsible personnel in accordance with their specific or general authority before the transaction is recorded. 2. Completeness, the objective is to ensure that no valid transactions have been omitted from the accounting records. (All receiving documents are matched to purchase orders) 3. Accuracy, the objectives is to ensure that all valid transaction is accurate, consistent with the originating transaction data, and information is recorded in a timely manner. (Receipts of inventory are correctly recorded in the accounting system). 4. Validity, the objective is to ensure that all recorded transactions fairly represent the economic events that actually occurred, are lawful in nature, and have been executed in accordance with management’s general authorization. (Purchase is supported by purchase orders, receiving documents, and invoices). 5. Physical Safeguards and Security, the objective is to ensure that access to physical assets and information systems are controlled and properly restricted to authorize personnel. 6. Error Handling, this objective is to ensure that errors detected at any stage of processing receive prompt corrective action and are reported to the appropriate level of management. 7. Segregation of Duties, this objective is to ensure that duties are assigned to individuals in a manner that ensures that no one individual can control both the recording function and the procedures relative to processing a transaction. Importance of Internal Control Systems It is extremely important that every organization should have an efficient internal control system, Barnabas, C. [12]. As the definition of internal control system indicates, a proper internal control system will ensure; 1. Orderly and efficient running of the business 2. Adherence to management policies 3. Safeguarding the assets and securing as far possible the completeness and accuracy of the records 4. Considering of the likelihood of error in the system of internal control. Limitation of Internal Control Systems There is no such thing as a perfect control system, no matter how will the internal controls is designed; they can only provide a reasonable assurance that the objectives will be achieved R. T. Yeh & S. H. Yeh [13]. Designing and implementing effective systems of internal control requires management to clearly understand agency objectives and its operating environment. Management also needs to recognize the inherent limitations in the design and application of system that may impact on the ultimate delivery of agency objectives and services. These inherent limitations include: 1. Judgment The effectiveness of controls will be limited by decisions made with human judgment under pressures to conduct business based on the information available at hand. According to INTOSAI (2004), the effectiveness of controls is limited by the realities of human frailty in the making of business decisions. Such decision must be made with human judgment in the time available, based on information at hand, and under the pressures of the conduct of business. Some decisions are based on human judgment may later, with the clarity of hindsight, be found to produce less than desirable results, and may need to be changed. 2. Breakdowns Employees sometimes misunderstand instructions or simply make mistakes. Errors may also result from new technology and the complexity of computer information systems, carelessness, distraction, or being asked to focus on too many tasks, King, A.M. (2011). For example, an accounting department supervisor responsible for investigating exception might simply forget or fail to pursue the investigation far enough to be aisle to make appropriate corrections. Temporary personnel carrying out control duties for vacationing or sick employees might not perform correctly. System changed may be implemented before personnel have trained to react appropriately to signs of incorrect functioning. 3. Management Override High level personnel may be able to override prescribed policies or procedures for personal gains or advantages. This should not be confused with management intervention, which represents management actions to depart from prescribed policies and procedures for legitimate purposes. According to Committee of Sponsoring Organizations of the Treaway Commission (COSO) (1992), a manager of a division or operating unit, or a member of senior management, might override the control for many reasons: to increase reported revenue to cover an unanticipated decrease in the market shares, to enhance reported earnings to meet unrealistic budgets, to boost the market value of the entity prior to public offering or sale, to meet sales or earnings projections to bolster bonus payouts tied to performance, to appear to cover violations of debt covenant agreements, or to hide lack of compliance with legal requirements. Override practices include deliberate misrepresentations to bankers, lawyers, accountants and vendors, and intentionally issuing false documents such as purchase orders and sales invoices. 4. Collusion Individuals acting collectively and alter financial data or other management information in a manner that cannot be identified by the control systems. Accounting staff colluding to fraud the company finds ways to work around current internal controls, Buck, C.J., Breuker, J.B. (2008). When two or more employees work with the same financial information, they can manipulate the data for their own purposes. They might swap password allowing each other to access information without anyone else reviewing the work. They can create false transactions to steal money from the company and approve each other’s transactions. Collusion can occur, for example, between an employee who performs an important control function and a customer, supplier, or another employee may occur, King, A.M. [14]. On a different level, several layers of sales or operating unit management might collude in circumventing controls so that reported results meet budgets or incentive targets. The Relevance of Effective Internal Control Process It is the responsibility of the board of directors and management to effectively implement accounting software applications to mitigate risk and to reduce errors associated with financial reporting. Operating Effectiveness The goals of an internal control system are to help a firm improve its operating systems. Thus the existence of a financial system allows the financial departments to formulate adequate and functional policies by which personnel must abide when performing financial tasks [15]. Financial Reporting Internal control in financial accounting and reporting mechanism generally apply to all companies and organizations, Macintosh, N.B., Quatrone, P. [16]. It helps organization to report accurate and complete financial statement at the end of each month and quarter and eventually produces annual report. These statements include a balance sheet, income statement, cash flows statement and retained earnings statement. Compliance An effective internal control system helps senior executives and management to ensure that employees abide by government laws and regulations when performing duties. Non -compliance consequences may include adverse regulatory initiatives, such as fines and litigation. Every business organization is subject to some kind of risks depending on several factors such as the project being implemented and the sources through which is financed, and the way it utilizes its resources. Internal controls play critical roles in the detection and elimination of errors and irregularities before they have occurred. Parties Responsible for and Affected by Internal Control Internal controls affect every single individual within a business organization, while all of an organization’s people are an integrals part of internal control, certain parties merit special mention. These include management, board of directors (including the audit committee), internal auditors and external auditors. Management The primary responsibility for the development and maintenance of internal control rests with an organization’s management. With increased significance placed on the control environment, the focus of internal control has changed from policies and procedures to and overriding philosophy and operating style within the organization. Emphases on these intangible aspects highlight the importance of top management involvement in the internal control system. If internal control is not a priority for management, then it will not be one for people in the organization either. As an indication of management’s responsibility, top management at a publicly owned organization will include the organization’s annual financial report to the shareholders a statement indicating that management has established a system of internal control that management believe is effective. The statement may also provide specific details about the organization internal control system. Internal control must be evaluated in order to provide management with some assurance regarding its effectiveness. Internal control evaluation involves everything management does to control the organization in the effort to achieve its objectives. Internal control would be judged as effective if its components are present and function effectively for operations, financial reporting and compliance. Board of Directors The board of directors and its audit committee has responsibility for making the internal control system within the organization is adequate. This responsibility includes determining the extent to which internal controls are evaluated, Van der Stede [17]. Two parties involved in the evaluation of internal controls are the organization’s internal auditors and their external auditors. Internal Auditors Internal auditors often are involved in policing the effectiveness of internal controls. Hermanson & Co. They also have the responsibilities which typically include ensuring the adequacy of the system of internal control, the reliability of data, and the efficient use of the organization’s resources. Internal auditors identify control problems and develop solutions for improving and strengthening internal controls. Internal auditors are concerned with the entire range of an organization’s internal controls, including operational, financial and compliance controls. Internal control will also be evaluated by the external auditors. External Auditors External auditors assess the effectiveness of internal control within an organization to plan the financial statement audit. In contrast to internal auditors, external auditors focus primarily on controls that affect financial reporting, Shim, J.K. [18]. External auditors have a responsibility to report internal control weakness (as well as reportable conditions about internal control) to the audit committee of the board of directors. As a conclusion. It is the responsibility of management of the assembly to decide on the extent of the internal control mechanism, which is deem appropriate and such controls should be designed in part to prevent, control and minimize errors, irregularities that might arise rather than preventing or eliminating total fraud and irregularities. The effectiveness of internal control system rest in the duties and responsibilities of the management of the organization which arise out of the contractual duty of care once they act as stewards for and on behalf of the government. The next part includes the methodology, analysis, data, conclusions and recommendations.

About the authors

Emmanuel Owusu-Ansah

Kuban State University

master student of Faculty of Economics Stravropolskaya Street 149, Russia, Krasnodar, 350040


  1. Millichamp A.H Internal Control Systems Auditing, Ed. London: Ashford color press. 2002
  2. Committee of Sponsoring Organizations of the Treadway Commission (COSO) Report, USA, Allen and Bacon, Inc. 2004
  3. Arens, A.A, Elder, J.R and Basely, S.M’’Auditing and Assurance Services an integrated approach 11th edition. New Jersey: Prentice Hall. 2006
  4. Whittington & Pany K. Principles of Auditing, (4 Edition).US McGraw Hill companies 2004
  5. DiNapoli TP. (1999), Standards of Internal Control in New York State Government. URL: www.d/NewYorkstatecomptroller.htm. Accessed: 18.06.2019.
  6. Committee of Sponsoring Organizations of the Treadway Commission (COSO) Internal Control-Integrated Framework. Coopers & Lybrand, September, Vol. 1-4. 1992.
  7. Lousteau the role of controls for auditors’ independence, USA, CPA Journal.2006
  8. Gupta, P. Internal Auditing Practices in India. VDM Verlag Dr. Muller Aktiengesellschaft & Co. KG. 2010. 240p
  9. Rittenberg et al. Internal Control Guidance Not Just a Small Matter Journal of Accountancy March p.5 2007 URL: Accessed: 20.06.2019
  10. Drury, C. Management and cost accounting 8th revised edition. Cengage Learning EMEA. 2012. 800 p.
  11. IT Governance institute. (). Cobit 4.1 Control objectives. Management guidelines. Maturity models. Prieiga per internetą: 2007. URL: Accessed 20.06.2019
  12. Barnabas, C. Internal Control. Cede Publishing. 2011. 144 p.
  13. Yeh, R.T.; Yeh, S.H. Verslo menas: sekant milžinų pėdomis. Vilnius: Alma littera. 2007.
  14. King, A.M. Internal Control of Fixed Assets: a Controller and Auditor’s Guide. John Wiley and Sons Ltd. 2011
  15. Collier M.P and Samuel K. Management Accounting Risk and Control Strategy, Ed. Ghana: National Science and Technology Press. 2006
  16. Macintosh, N.B., Quatrone, P. Management Accounting and Control Systems: an Organizational and Sociological Approach. John Wiley and Sons Ltd. 2010. 378 p.
  17. Merchant, K. A., Van der Stede, W. A. Management Control Systems: Performance Measurement, Evaluation and Iincentives. 3rd revised edition. Prentice Hall. 2011. 832 p.
  18. Shim, J.K. Internal Control and Fraud Detection. Global Professional Publishing Ltd. 2011

Copyright (c) 2019 Owusu-Ansah E.

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.

This website uses cookies

You consent to our cookies if you continue to use our website.

About Cookies