Internal Control

Friend or Foe?

Definition of Internal Control.
Types and Examples of Internal Controls.
Factors to Consider on the Level of Control Needed.
Factors Influencing Effectiveness of Internal Control.

Definition of Internal Control

Internal control is "the whole system of checks and controls, financial or otherwise, established by management in order to provide reasonable assurance" regarding the achievement of one or more of the following objectives:

the reliability and integrity of information;
compliance with policies, plans, procedures, laws, regulations and contracts;
the safeguarding of assets;
the safeguarding of the Council's reputation;
the economical and efficient use of resources;
the accomplishment of established objectives and goals for operations or plans.

Internal control should therefore be your 'friend' as its purpose is to:

Protect the interests of the taxpayers in the borough.
Assist managers and councillors in the discharge of their responsibilities.
Protect all employees and members from fear of accusation or temptation.

The importance of internal control to the Council is demonstrated by its inclusion in its Financial Regulations. It is the responsibility of all employees and members to ensure that all controls established in the organisation are adhered to and adequate steps are taken to rectify any weaknesses identified.

Types and Examples of Internal Controls

There are generally 3 types of internal control recognised:

Directive - these controls cause or encourage a desirable event to occur.

Preventative - these controls deter undesirable events from occurring.

Detective - these controls detect and correct undesirable events that have occurred.

Here are some examples of each type of control:

Directive

Establishment of defined policies and procedures such as Financial Regulations and Contract Standing Orders.

Documentation of procedures to be followed.

Employee ICT induction.

Contingency arrangements for process failure.

Preventative

Segregation of duties so that no one is in control of the whole of a transaction.

Authorisation rights reflecting level of responsibility eg: authorising orders/invoices & signing cheques.

Physical security of valuables by use of safes, keys, and room access controls.

Access controls over electronic information and processing.

Setting and monitoring budgets.

Detective

Checking of exception reports.

Maintenance of records of stocks/assets followed by regular stock checks.

Reconciliation between records such as income taken and income banked.

Production and monitoring of management information.

Supervisor and management checks on transactions.

Factors to Consider on the Level of Control Needed

Internal control can sometimes be seen to be a 'foe' when it appears to be inappropriate in relation to the objectives it is trying to achieve. All controls have a cost and a time implication and therefore the following need to be considered when assessing the adequacy and relevance of controls in place:

The Nature of the Organisation - FBC is a guardian of public money and therefore cannot accept all the risks and losses that may be tolerated by a private sector company. Local Authorities are subject to an array of legislative requirements in relation to internal control which are subject to external audit.

Likelihood and Impact of Perceived Risk - Controls are introduced to manage risk effectively. Therefore, the cost of the control should not outweigh the perceived risk. When Audit Say Risk - What do we mean? provides you with further details on risk.

Practically and Cost of Control - Controls can only give 'reasonable assurance' and are introduced to assist a number of objectives for the system. Therefore, internal controls set up must be balanced against achievement of the service objectives.

Compensation Controls in Place - In some cases detective compensating controls such as exception report checks can reduce the need for fool-proof preventative controls such as full segregation of duties. However, any increased reliance on just one control means that implementation of that control needs to be more thorough and robust.

Factors Influencing Effectiveness of Internal Controls

As discussed above, internal control is only designed to give 'reasonable assurance' on the achievement of objectives without becoming too overwhelming or cost ineffective. Even when controls are working effectively problems can still occur particularly due to human error, collusion or high level corruption.

However, to maximise the effectiveness of internal control to minimise the risks of problems the following are needed:

Clearly defined responsibility and purpose for established controls
Timeliness when carrying out control so that problems identified can be tackled
Monitoring of robustness of controls in practice (and level of errors occurring)
Adequate actions taken on breaches of controls, or problems and errors found as the result of a control
Clear information on consequences of breach in control

The Internal Audit team are specialists in internal control and part of their role is to test the effectiveness of the controls in the Council's systems. They are always available for advice and help Who, What, Where?

Back to Internal Audit Home Page

How to get here

Fareham Borough Council, Civic Offices, Civic Way, Hampshire, PO16 7AZ

Tel: +44 (0)1329 236100 | Mobile Text/Photo: 07876 131415 | Fax: +44 (0)1329 821770

Privacy Statement | Disclaimer | Technical | Copyright | Top of Page