These are the policies and procedures in addition to the control environment, which the management has established to achieve the entity’s specific objectives. The mix of types of controls implemented management will depend on the control objectives and the size of the entity.
a) Organizational plan chart
Companies should have proper organization plans. An organized plan shows clearly the various departments within the company, their functions and persons charged with ensuring that such functions are fulfilled. They seek to ensure that the entity is properly departmentalized preventing duplication of duties across departments and boosting accountability within the entity. Delegation and limits of authority should be well and clearly defined.
b) Segregation of duties.
This refers to separation of various duties and responsibilities such that one person cannot process and record a complete transaction from beginning to the end without being checked another person. E.g. in purchase of fixed assets, an individual should not authorize the purchase, place the order, receive the assets, record the transaction and keep custody of the assets. To minimize risk of error and or intention the following should be performed different individuals and departments as much as practicable.
• Initiation of transaction: This is where if an item is found to be out of stock and a requisition is made.
• Authorization: Different levels of management should be given limits as to what they can authorize or to what extent they can commit company resources.
• Execution: Person’s independent from those who authorize the transactions should execute them.
• Recording: Segregation of duties also includes an internal check which refers to the activities of one person being complementary to those of another person.
Example of segregation of duties in the procurement and supply chain
The purchasing of inventory involves several different tasks. Someone has to initiate a purchase requisition for a new supply of inventory. Someone has to place a purchase order with a supplier. Someone has to check that the items are delivered the supplier. Someone has to record the amount payable in the procurement system, and someone has to make the payment at the appropriate time.
Control risks include the risks that inventory will be ordered when it is not needed, that the supplier will not deliver any inventory or will deliver the incorrect quantity, or that the supplier will be paid too much or will be paid for items that he has not delivered.
A segregation of duties can help to reduce these risks:
|Initiation – Replenishment of
inventory item is required
|Warehouse staff/stores staff|
|Purchase ordered||order||–||Item||Purchasing officer. The purchasing officer
is able to check the material requisition from the stores staff
|Custody – Item received||Goods inwards officer. The items actually delivered are checked physically and counted. This is a check that items have actually been delivered in good condition, as stated in the supplier’s delivery note|
|Recording – Invoice received,
checked and processed
|Accounts clerk. The invoice from the supplier is checked against the delivery note and the original purchase order. The amount payable is recorded in the accounts system.|
|Payment – Invoice is paid||Cashier. The amount payable to the supplier is eventually paid a different person in the accounts department.|
Source: BPP. (2009). Auditing Assurance, ACCA study text
c) Physical controls
These are security measures concerned with the custody of company’s assets limiting access to authorized people only. Direct physical controls include keeping assets under lock and key, employment of security guards, building fences and use of closed circuit cameras. Indirect physical controls include use of a fixed asset movement registers and use of computers to record utilization of company vehicles.
d) Authorization and approval.
Transactions that commit the organizations resources should be subject to authorization and approval a responsible official. The limits for authorization should also be specified.
The proper functioning of any system is dependent on the competence and integrity of those operating it. The company must therefore recruit competent staff with integrity and intelligence. Staff should be assigned responsibilities that match their capability and undergo training where necessary.
Transactions and their recording should be subjected to supervision competent and responsible officials. Supervision is necessary because it gives the chance of correcting errors and also because lower level employees generally tend to be indiscipline if not closely supervised.
h) Management controls.
These are controls exercised management in addition to daily routines of the system. They include comparison of actual performance with budgets review of management accounts e.g. budgets and internal audit function.
i) Rotation of duties.
Duties should be rotated between personnel at the same organizational level e.g. payroll staff and credit control staff. Staff should be encouraged to take annual leave to provide an opportunity for their work to be checked an independent person.
j) Routine and automatic checks.
These are conducted on routine duties and operations to ensure that they are operating efficiently. Such checks are conducted on surprise basis to minimize errors and frauds. Examples may include surprise cash counts and physical inspection of fixed assets.
k) Internal audit
This is a control function set up management to review the procurement and internal control system. Internal audit carries out continuous evaluation of operating effectiveness of the internal control policies and procedures. The findings and recommendations are then reported to management.