What is Internal Control?

Define Internal Control

Whether you are running a small business or a large conglomerate, internal control is an important part of making sure your business operations are efficient and consistent across the board. Internal controls are designed to promote company efficiency, adherence to company policies or values, and safeguard against fraud, unauthorized use or theft of a company's assets. Elements of a strong internal control program include segregation of duties, proper authorization processes, inventory and asset control, good recordkeeping and documentation practices, and independent oversight. Making sure your company incorporates all these elements in its internal control program can make a huge difference in the quality of the products and services you deliver and in making sure that the profits from those activities are well protected and managed.

Segregation of Duties

By dividing responsibility for different elements of related activities, companies can create a system of checks and balances to ensure that assets are managed properly and that the company meets quality, legal and ethical standards. For example, a common internal control practice in manufacturing is to assign testing of a finished product to a different individual than the one who produced the item. This ensures greater objectivity in judging whether the finished product meets company quality standards. Segregation of duties also should be practiced in a company's financial, recordkeeping, and inventory and asset management activities. For example, a good small business practice is to have separate individuals assigned to approving expenditures and reviewing (and paying) invoices.

Proper Authorization

Obtaining proper authorization for transactions and activities involving expenditure of company funds and pricing of its products or services helps to ensure that a company's activities meet established guidelines and objectives, and to prevent theft and fraud. For example, a supervisor or other manager must approve expense reports for employees before reimbursement can be made. Proper authorization controls also should be applied to other activities that could impact the company's performance or reputation. An example of this is making sure that company press releases are approved by management.

Inventory and Asset Control

Inventory and asset controls help to protect a company's intellectual and physical assets from misuse and theft. Electronic, computer-based or mechanical controls often are used to record and limit employees' access to various company assets, depending upon their level of responsibility and job duties. They also prevent outsiders from accessing or damaging valuable company assets, such as intellectual property or a company's website. Examples of such tools include electronic ID cards, fences, security systems, fireproof files, anti-virus software, back-up and recovery software, and many others.

Recordkeeping and Documentation

Recordkeeping controls involve making sure that financial statements and information are accurate and produced on a timely basis. Financial records, such as invoices, contracts and bills of sale, should be substantively informative, easy to use and organized well. Using pre-numbered, consecutive documents (such as checks) to pay accounts is an example of an effective recordkeeping control. Documentation controls also can assist in making sure that a company's operations meet policy and quality and legal guidelines, especially for highly regulated industries. Companies that employ Six Sigma or ISO 9000 standards have to meet documentation guidelines to demonstrate that they have controls and processes in place to meet certification requirements.

Independent Oversight

Independent oversight from a board of directors, outside auditors and management can help to ensure accurate and effective operations throughout an entire company. Oversight activities typically are carried out by employees or outside individuals, such as auditors, consultants or an independent board of directors. These directors should not be directly involved in the work being checked but who understand the ethical values, legal, quality and policy standards that need to be adhered to.