Maintaining Organizational Integrity with an Internal Controls Policy
Internal controls are the mechanisms and procedures used by an organization to ensure the integrity of financial and accounting information, promote accountability, and prevent waste, abuse and fraud. Besides complying with laws and regulations and preventing employees from stealing assets or committing fraud, internal controls help improve operational efficiency by improving the accuracy and timeliness of financial reporting.
The organization's board of directors must adopt an internal control policy that addresses the following:
- provides adequate directions for
- identifies expectations in
- establishing effective safety and soundness control over
- ensures accountability for, the organization's operations, programs, and resources
Internal controls are comprised of control activities such as authorization, documentation, reconciliation, security, and separation of duties. They are broadly divided into preventative and detective activities.
Preventive control activities aim to deter errors or fraud from happening and include thorough documentation and authorization practices. Separation of duties, a key part of this process, ensures that no single individual can authorize, record, and be in the custody of a financial transaction and the resulting asset. Authorization of invoices and verification of expenses are internal controls.
Detective controls are backup procedures designed to catch items or events that have been missed by the first line of defense. Here, the most important activities are reconciliation, external audits from accounting firms and internal audits of assets such as inventory.
A good Internal controls system must address:
- The efficiency and effectiveness of the organization's activities
- Safeguarding the assets of the organization
- Evaluating the reliability, completeness, and timely reporting of financial and management information
- Compliance with applicable laws, regulations, regulatory directives, and the policies of the organization's board of directors and senior management
- The appropriate segregation of duties among the organization personnel so that personnel are not assigned conflicting responsibilities, and
- The completeness and quality of information provided to the organization's board of directors who have a fiduciary responsibility to represent the best interests of the organization.
The organization is responsible for establishing and implementing an effective system to identify internal controls weaknesses and taking action to correct detected weaknesses. The organization must document:
- The process used to identify weaknesses,
- Any found weaknesses, and
- How identified weaknesses were addressed and corrected
Making sure there is a good internal controls policy as well as adequate segregation of duties among staff and the board of directors helps ensure that the organization is doing everything possible to prevent and detect any possible waste or fraudulent activities and protect the organization and the people they serve.
