Web Directory

A BRIEF ON INTERNAL CONTROLS

Roles and Responsibilities

Internal controls exist at every level of the organization. Therefore, it is a dynamic system that relies on individuals at every level of the organization. The individual roles and responsibilities are essential for the entity-wide effective implementation and maintenance of internal control. Prominent roles and responsibilities are as under:

1- The board of directors are responsible for ensuring appropriate internal controls are in place and operating effectively.

2- Senior management is responsible for setting the tone at the top and supporting the control environment by demonstrating a commitment to ethical behaviour, compliance and control consciousness.

3- The board of directors provides oversight of the organization’s internal control system. They ensure that the controls are implemented and maintained by the management to ensure the achievement of the strategic objectives of the organization.

4- The board approves the organizational risk appetite and ensures that the internal control aligns with the appetite.

5- Internal audit, which is independent of management, monitors the control effectiveness throughout the organization.

6- Senior management plays a vital role in identifying, assessing and prioritizing key risks that the organization faces. They design and implement suitable control activities to address the identified risks.

7- The legal and compliance department ensures that the entity complies with laws and regulations. They guide the other departments to implement control activities that address the compliance requirements.

8- Every employee adheres to established policies and procedures. They follow control activities related to their roles.

9- External auditors provide an independent assessment of the financial statements of the entity and the effectiveness of internal controls over financial reporting through their management letter.

Types of control

There are a variety of types of control based on their purpose and objectives. Primary types of control include:

Preventive Controls: They are proactive controls designed to prevent undesired acts from occurring. It includes segregation of duties, access controls, physical security of assets and documented policies and procedures.

Detective Controls: They find undesired acts after the transaction occurs. It provides evidence of whether the preventive controls are operating effectively. It includes reconciliations, internal audits and forensic accounting.

Corrective Controls:They are put in place where irregularities are identified. Detective control provides evidence that an error has occurred, and then the corrective control shall remedy the identified issues.

These types of internal controls work in combination to provide a comprehensive defense against risks and threats.

Effective control practices and challenges

The COSO framework stands as a globally accepted and influential guideline for establishing, assessing, and enhancing internal control systems. It provides a structured approach that assists organizations in achieving their objectives while managing risk effectively.