internal control audit and auditors

As far as fraud and error prevention are concerned, the establishment and maintenance of a good system of internal controls is and will still remain the best measure that can be taken to minimize or prevent fraud and error.

Internal controls are those calculated conscious actions that an organization take so as be assured that reasonable assurance towards meeting her objectives are guaranteed, those objectives are to ensure that;

Financial information (financial statements) are reliable,

Operations are carried out in an effective and efficient manner,

Companies assets are protected and

Provisions of laws, rules and regulations are strictly adhered to

In the bid to reduce or prevent fraud, companies set out control objectives that when achieved will mean a reduced level of prevalence of fraud.

To achieve this, control goals/ objectives and control plans/ actions needs to be in place.

While control objectives sets out what is acceptable, control plans are strategies put in place to achieve these objectives while be; preventive control plan, detective plan objectives or corrective control plan.

For a business to achieve a reasonable assurance that her control objectives will be met, the above three control plans must be combined. However, preventive control is the one that helps prevent fraud and errors which is the subject matter of this article.

I struggled to really understand the aspect of Auditing that deals with internal control throughout my University days. The main reason for this my difficulty was because of the numerous control plans that are to be inplace in order to achieve the desired control objective

This my ordeal continued even after graduation until I attended a workshop organized by the Nigerian Chapter of ACCA. In that workshop, an acronyms formed with ACCA was given to us by one of the speakers and that changed my situation. But, hey! Don’t laugh at me and my dull brain hehehe.

ACCAMAPS

A = AUTHORIZATION/ APPROVAL.

Approval and Authorization must be obtained for every material project. Materiality is a relative term that is used to describe the influence the inclusion or exclusion of an item would have on a decision maker’s opinion. This approval must always come from an authorized person.

C = COMPARISON.

Figures should be compared. It could be on a; daily, weekly, monthly basis. Actual performance is compared with budgeted performance. This can also be called variance analysis.

C = COMPUTER CONTROLS.

Computer controls is of two kinds. Physical access controls and logical access controls. Physical access controls has to do with physical security measures taken to protect the computer, for example, keeping the computer in a locked room. Logical access controls are those measures taken to limit the use of computer and its resources. More information on computer controls can be found on this website http://www.isaca.org they have sections that can be accessed by non-members or better still, you can register with them to get more benefit.

A = ACCOUNTS RECONCILIATION

Stuffs like bank reconciliation, statement of financial position (balance sheet) reconciliation, receivables reconciliation, payables reconciliation and suppliers’ reconciliation can be performed on a fairly regular basis.

M = MAINTAIN AND REVIEW CONTROL ACCOUNTS

A lot of frauds and errors can be prevented by simply maintaining a control account that will be reviewed regularly.

A = ARITHMETIC CHECKS

This will help uncover minor errors that would have otherwise not been detected. Frauds also can be uncovered through this singular act. System should be put in place to re-calculate figures for possible errors or outright fraud.

P = PHYSICAL CONTROLS

Can anybody from anywhere walk into a company’s premise and do whatever he she likes? Controls must be in place to restrict this. Guards should be at the gate to monitor those that come in and out of the company. Smartcards can be used to restrict physical access to sensitive areas of a company

S = SEGREGATION OF DUTIES

Is a CRIME not to have proper segregation of duty in an organization. Though, employees might collude to perpetrate fraud or crime but, the presence of segregation of duty will at least give the perpetrators some extra work to do. A person that raise invoice should not be the same person that will dispatch and record sales.

The above tips cover both the general, application and systems and control plans. I want to make an assumption here and that assumption is that you were having the same problem that I had and that this article has help solve that problem.