The concept of internal control may be defined as the plan of organization and all the methods and procedures adopted the management of an entity to assist in achieving management‟s objectives of ensuring the orderly and efficient conduct of its business, including adherence to management policies, the safeguarding of assets, prevention and detection of fraud and error, the accuracy and completeness of the accounting records, and the timely preparation of reliable financial information. The system of internal control extends beyond those matters which relate directly to the functions of the accounting system and comprises control environment and control procedures. Internal control is an essential prerequisite for efficient and effective management of any organization. It is thus, a primary responsibility of every management to establish and maintain an adequate system of internal control appropriate to the size and nature of the business of the entity.
An internal control system can provide only reasonable, not absolute, assurance that the management‟s objectives in establishing the system are achieved. This is because there are some inherent limitations of internal control. These limitations are mentioned hereunder:
Controls have to be cost effective. Hence, some control mechanisms may not have been implemented merely because they are not cost-effective.
Most control tools are directed at transactions of a usual nature. Therefore, transactions of unusual nature might have been escaped from such controls.
The human error potentiality prevails everywhere, even in the control systems.
Any system of control has its limitations in preventing frauds through collusion between two or more persons.
Controls may not change with the pace of changes in conditions.
Management itself may manipulate transactions or accounting estimates.
A member of management may himself override the control system.