Level 2 Business Studies AS90843 Demonstrate understanding of the internal operations of a large business

Internal Controls Students will understand the need for internal controls. Understand internal controls used by business (tangible and intangible) Understand the importance of using internal controls Understand the need for procedures and policies for internal controls

Internal Controls Internal control is defined as a process designed to help a business accomplish specific goals or objectives. It is a means by which businesses resources are directed, monitored, and measured. It plays an important role in preventing and detecting fraud and protecting the businesses resources, both tangible (e.g., machinery and property) and intangible (e.g., reputation or intellectual property such as trademarks).

Internal Controls (continued) With controls in place, employees’ duties can be arranged and the records and systems designed to make it possible to carry out effective accounting control over the assets, liabilities, income and expenses of the business.

Internal Controls (continued) Profitability is not only achieved through high sales and meeting consumer demand, but also from controlling costs and limiting excessive spending. Management should on a regular basis review all aspects of their company and insert internal controls that will strengthen the company and increase profitability. Source

Types of Internal Controls Detective controls are designed to detect errors or irregularities that may have occurred. Corrective controls are designed to correct errors or irregularities that have been detected. Preventive controls are designed to keep errors or irregularities from occurring in the first place.

Types of Control Activities Approvals Authorisations Verifications Reconciliations Review of operating performance Security of assets Segregation of duties

Risk Assessment Risk assessment is an important internal control. Every business decision comes with a certain amount of risk; avoiding or mitigating this risk is achieved through strong internal controls. Controls that mitigate risk could include capping the levels of debt used to finance operations or acquisitions, ensuring reinvestment of cash into the business, or guidelines to avoid risky securities when generating cash from investment activities. These types of internal controls prevent executive management from making potentially dangerous decisions that would have long-term effects on a company. Source:

Financial Information The most important internal controls usually preside over the financial information of a company. Improperly reporting financial information is considered fraud and will quickly cause problems. Companies usually develop internal controls for financial information and then test them periodically to ensure that they are adequate safeguards.

Intangible assets Examples include patents, copyrights, trade names, customer lists, royalty agreements, databases, and computer software and goodwill Intangible assets can be classified either as: Identifiable — for example, trademarks or Unidentifiable — which generally implies goodwill.

Internal Controls to manage Tangible Assets Internal controls are policies put in place to prevent theft of, and damage to, a company's valuable assets. Tangible assets, such as real property, productive equipment, inventory and cash, can be a challenge to keep safe at all times. Source -

Controlled Access Controlled access to key areas of a business operations, such as inventory storage facilities, cash vaults and equipment rooms, with locks or security checkpoints. Electronic systems are available that allow businesses to restrict access to sensitive areas to designated personnel without using traditional keys. These systems have the ability to keep a log of which employees accessed specific areas at specific times.

Delegation Issues Businesses should delegate activities involving open access to inventory, cash and other valuables to their most trusted employees. According to Montana.edu, managers should not allow anyone to sign the manager's name when dealing with suppliers, distributors or customers. Businesses should not allow any employee exclusive control of, or exposure to, delivery or cash-handling activities.

Security Issues A disciplined attention to detail is vital for the security of a businesses tangible assets. They should thoroughly lock, gate and secure your premises after each working day, and utilise camera surveillance to record trespassers or suspicious activity. Businesses should make bank deposits frequently, and only keep as much cash on hand as necessary. tangible-assets.html

Access Trails Businesses should: Record access to sensitive areas whenever possible. Keep an electronic record of access to restricted areas. Require cashiers to log into cash registers with a unique ID, and do not allow cash register sharing. Require employees to mark their initials on bank deposit receipts, delivery forms, cash register tapes and other control documents. Source- /

Physical Audits Businesses should: Perform regular and random audits of their inventory, equipment and bank accounts to catch suspicious activity early. Consider utilising a third-party audit company to ensure the reliability of the audit results. Not allow employees to audit their own areas of responsibility. For example, do not allow an employee in charge of receiving deliveries to audit raw materials inventory, and do not allow the employee who makes bank deposits to audit the bank statements and cash register records. source-

Transparency The concepts and techniques mentioned previously can aid in loss and damage prevention, but making internal control policies completely transparent to employees, customers and business partners can serve to prevent occurrences from happening in the first place. For example, businesses should: a. tell their employees that access to restricted areas is logged; b. let customers know that their premises are monitored by video surveillance; c. and let their suppliers know their internal audit policies.

Summary Control activities may also be explained by the type or nature of activity. These include (but are not limited to): Segregation of duties - separating authorisation, custody, and record keeping roles of fraud or error by one person. Authorisation of transactions - review of particular transactions by an appropriate person. Retention of records - maintaining documentation to substantiate transactions. Source:

Summary Supervision or monitoring of operations - observation or review of ongoing operational activity. Physical safeguards - use of cameras, locks, physical barriers, etc. to protect property, such as merchandise inventory. Top-level reviews - analysis of actual results versus organisational goals or plans, periodic and regular operational reviews, and other key performance indicators (KPIs).

Summary IT Security - use of passwords, access logs, etc. to ensure access restricted to authorised personnel. Top level reviews - management review of reports comparing actual performance versus plans, goals, and established objectives. Controls over information processing - a variety of control activities are used in information processing. Examples include edit checks of data entered, accounting for transactions in numerical sequences, comparing file totals with control accounts, and controlling access to data, files and programs.

Summary Companies use policies to ensure a safe and profitable business environment. Companies inform employees of these internal controls to ensure that the company's reputation is not tarnished as a result of improperly educated employees. Publicly held companies have strong internal control policies to assure that investors are not improperly influenced by informal communications outside normal company standards. Source -

Effectiveness In order to make internal controls effective, senior managers need to clearly identify the activities each department needs to do in order to be in compliance with stated internal control objectives. All employees need to fully understand the policies and procedures for internal controls. Controls can be both preventative or detective (reactive), but they should not interfere with or hinder the productivity of work.

Effectiveness The best controls are automated, such as an automatic sent to obtain signature authority for purchases over a certain threshold. The effectiveness of the controls should also be tested on a regular basis.

Responsibility Regardless of size, all members of a business have some responsibility in creating and maintaining effective internal controls. Top management establishes internal controls that are effective and achievable. Middle management or supervisors develop policies and procedures to comply with the controls. Individuals in the organisation are responsible for completing their jobs according to the policies and procedures established.