Part One: Theory on control of assetsInternal ControlInternal control within a business or organisation is the combination of policies, guidelines and regulations that a business implements in order to accomplish the business’s goals and objectives successfully by minimising risk.
The procedures which are implemented are aimed at controlling risks in the business by preventing, identifying and rectifying any events which may cause harm to the business. In addition internal controls are designed to ensure the effective running of the operations within a business. 2) The purpose of internal controlsEffective internal control is vital within a business as it ensures an ethical work environment is created where industry and applicable laws are respected and upheld. Furthermore, internal controls aid a business in assuring daily operations are carried out in an efficient manner by avoiding unnecessary risks and optimising performance. 3) The role of an internal auditorAn internal auditor reviews and assesses the validity and reliability of internal control measures which have been put in place within a business. Additionally the auditor will evaluate the business’s risk management systems and overall governance. For example whether or not the business is complying with relevant laws and identifying fraud and errors. Once the auditor has formed a report on the business by taking the above elements into account the auditor will provide recommendations.
These recommendations will provide the business with insight on how to improve their internal control and governance. 4a) Preventative controlThis type of control refers to the policies or regulations a business will impose in order to proactively deter harmful events from happening such as errors or irregularities. Some policies may include the division of duties or the requirement for authorisation. For example a business may limit the access employees have to company assets without supervision or authorisation. Only certain employees may have access to the bank account or cash register. 4b) Detective control This form of internal control refers to systems within the business which recognise and alert management to harmful factors affecting the business. Detective controls also determine the effectiveness of preventative controls. The type of policies this may include could be internal checks of documentation.
For example the manager may perform random checks of transaction documentation to ensure all safety and company mechanisms have been followed. 4c) Corrective controlThese controls are aimed at rectifying and mitigating the negative effects which harmful factors or incidents may have already had. These controls often involve disaster management guidelines on how to restore the optimal running of the business. Such controls may include backing up an online system which can then be restored if a system crash were to happen. 4d) Directive controlDirective controls are aimed at achieving desirable outcomes and results for a business. Unlike preventive controls which only aim to prevent negative outcomes directive control focuses more specifically on promoting positive outcomes.
For example such controls may include training seminars to develop employees thereby empowering employees to be effective and ethical. This will in turn create a work environment where goals are easily achievable. 5) Risk AnalysisA risk analysis is considered a part of internal control.
A risk analysis identifies risks that a business could face in the future and the potential effects these risk may cause. A risk analysis is a tool which allows businesses to recognise threats which may inhibit the business from achieving its targets and goals. For example a business may perform a risk analysis on their operations and a potential problem may be that their online system could be susceptible to hackers. 6a) Trading stock and stationeryPreventative control 6b) Cash 6c) Tangible Assets 6d) Debtors