Internal Control System: Definition, Components, Features

Internal Control SystemInternal controls system includes a set of rules, policies, and procedures an organization implements to provide direction, increase efficiency and strengthen adherence to policies.

These are important for achieving the business objective. 5 components of an internal control system are linked to the organization.

What is Internal Control System?

The internal control structure of a company consists of the policies and procedures established to provide reasonable assurance that specific entity objectives will be achieved.

In small business organizations, generally, the owner-manager controls the total activities of his business by his personal supervision and direct participation.

For example;

The owner generally purchases required business materials and other properties.

He himself gives the appointment of employees, completes the contract with them through discussion, and keeps constant watch over their activities.

He signs cheques for payments in different heads.

Since he signs all the cheques, he can easily understand what commodities, assets, and services he is signing for.

But with the expansion of business, the appointment of additional employees and officers is needed, and the scope of business also widens.

Under such conditions, it becomes almost impossible on the part of the manager to perform all the activities of the business alone for which he is to delegate authority. So his overall control tends to decrease.

In such circumstances, the introduction of internal control becomes essential.

The internal control system differs from one business organization to another depending on the nature and size of the business.

To achieve the objective of a business, proper execution of business activities in the light of prevailing laws and socio-economic conditions of the country is called an internal control system or structure.

The internal control system is introduced to avoid errors and frauds and for systematic control of business activities.

American Institute of Certified Public Accountants (AlCPA) says; the plan of organization and all of the coordinate methods and measures adopted within a business safeguard its assets, check the accuracy and reliability of its accounting data, promote operational efficiency and encourage adherence to preserved managerial policies.

Three elements of the internal control system are:

  1. Environment control: The attitude, alertness, and work-zeal of directors, managers, and shareholders are reflected through environmental control.
  2. Accounting system: Accounting system means some procedures and recordings with which identification of business transactions, classification, summarization, statement preparation, and analysis for timely presentation of correct information are performed.
  3. Control procedure: The additional policies and procedures adopted by the business authority for ensuring the achievement of the specific goal of a business organization are the controlling procedures.

These control procedures are:

  • Proper delegation of power,
  • Segregation of responsibility,
  • Preparation and use of documents,
  • Adoption of adequate security measures to protect the properties, and
  • Independent control over the execution of activities.

An internal control system not only prevent fraud forgery but also fulfills other objects:

  1. The business organization implements its policies complying with the prevailing laws of the country.
  2. Employees and officers discharge their assigned responsibilities to increase efficiency in the execution of work.
  3. Financial statements provide correct and reliable information maintaining proper accounts.

In light of the above discussion, it can be briefly stated that the overall policies and plans adopted by the management for the proper execution of business activities are called the internal control system.

5 Components of Internal Control System

  1. Controlling the environment

    The control environment is the basis of other elements of all other components of the internal control system. Moral values, managerial skills, employee honesty, managerial direction, etc., are included in the controlling environment.

  2. Risk assessment

    After setting up the objective of the business, external and internal risks are to be assessed. The management determines risk-controlling means after examining the risks related to every objective.

  3. Control activities

    The management establishes a controlling activities system to prevent risk associated with every objective. These controlling activities include all those measures that are to be followed by the employees.

  4. Information and communication

    Relevant information for making decision are to be collected and reported in proper time. The events that yield data may originate from internal or external sources.

    Communication is very important for achieving management goals. The employees are to realize what is expected of them and how their responsibilities are related to the activities of others. Communication of the owners with outside parties’ like’s suppliers is also very important.

  5. Monitoring

    When the internal control system is in practice, the organization monitors its effectiveness to bring necessary changes if any serious problem arises.

Responsibility for Internal Control System

It is the general responsibility of all employees, officers, management of a company to follow the internal control system.

The under-mentioned three parties have definite roles in making the internal control system effective:

  1. Management

    The establishment and maintenance of an effective internal control structure mainly depend on the management. Through leadership and example or meeting, the management demonstrates ethical behavior and integrity of character within the business.

  2. Board of directors

    The board of directors possessing a sound working knowledge gives directives to the management so that dishonest managers cannot ignore some control procedures. The board of directors stops this sort of unfair activity. Sometimes the efficient board of directors having access to the internal audit system can discover fraud and forgery.

  3. Auditors

    The auditors evaluate the effectiveness of the internal control structure of a business organization and determine whether the business policies and activities are followed properly. The communication network helps an effective internal control structure in execution. And all officers and employees are part of this communication network.

3 Objectives of Internal Control System

Internal controls system includes a set of rules, policies, and procedures an organization implements to provide direction, increase efficiency and strengthen adherence to policies.

3 objectives of internal control are;

  1. financial reports are reliable,
  2. effective and efficient operations, and
  3. activities comply with applicable laws and regulations.

Characteristics of a Proper Internal Control System

An effective internal control system includes organizational planning of a business and adopts all work-system and process to fulfill the following targets:

  1. Safeguarding business assets from stealing and wastage.
  2. Ensuring compliance with business policies and the law of the land.
  3. Evaluating functions of each employee and officer to increase efficiency in operation.
  4. Ensuring true and reliable operating data and financial statements.

It is to be kept in mind, a business organization, be it’s small or large, can enjoy the benefits of adopting an internal control system.

Prevention of stealing-plundering and wastage of assets is a part of the internal control system.

Protection of assets

A business organization protects its assets in the following ways:

  1. Segregating the duties of the employees

    Segregation of the duties of the employees means that each employee is assigned specific tasks. The person in charge of assets is not allowed to maintain accounts of the assets.

    Some other person maintains the accounts of these assets. Since different employees perform the same nature of transactions, the work of each is automatically checked. Segregation of the duties of the employees of an organization reduces the possibility of stealing assets, and if stolen, detection becomes easier.

    For example, there is no scope for stealing cash by a cash-receiving employee where cash receipts accounts.

  2. Assigning specific duties to each employee

    The employee assigned with a specific duty is held responsible for his assigned activities. If and when any problem arises, the manager can immediately identify the person concerned and hold him liable.

    Lost documents can easily be detected if the task of maintaining records is assigned to a particular employee, and it becomes possible to know the recording process of transactions.

    An employee assigned a particular job can easily provide necessary information regarding that job. Moreover, an employee feels proud if he is assigned a particular job and tries to complete the job using the best of his skill.

  3. Rotating job assignments of the employees

    Some organizations rotate job assignments of employees at intervals to avoid fraud-forgery by the employees concerned.

    Under this policy, the employee concerned can easily understand that on the placement of somebody else in his place, his dishonesty will be detected if it is done. This ensures the honesty of an employee.

  4. Using mechanical devices

    Business concerns adopt various mechanical devices to avoid stealing, destruction, and wastage of assets. Under the mechanical system, cash register, cheque-protectors, time-clock, mechanical-counters, etc. are used as control methods.

    Since a cash register contains locking tape, each cash sale is recorded here.

    The cheque amount is written on the cheque-protector machine to avoid any alteration. The arrival and departure of employees are recorded properly with the help of a time- clock.

Compliance with organization policies and laws of the country

Internal control becomes effective only when compliance with organization policies and laws of the country is ensured.

To make an internal control system effective and ensured, efficient and trustworthy employees are required to be appointed.

Effective starting of the internal control system depends on time and labor spent on the recruitment of employees.

There should be a training program for the newly appointed employees and policies of the business concerns are to be communicated to them properly.

For example,

Every cash disbursement must have prior approval of the higher authority.

Daily written job specification makes employees responsible for anti dutiful. ‘Employees duties and execution of policies are to be well-defined to them during the primary training period.

In the case of the joint-stock company, the internal control system is to be framed complying with the country’s law.

Evaluation of performance

The proper controlling system should have provisions for supervision and evaluation of assigned duties of the employees. The absence of an evaluation and supervision system hampers the objectives of a business organization to a great extent.

Many business organizations engage internal auditors to evaluate and supervise the work of the employees.

The functions of internal auditors are to evaluate and supervise the extent of policies and methods of the organization followed by the employees.

The accuracy of accounting records

A business organization should maintain a complete and correct accounting record.

For ensuring proper maintenance of accounts, efficient and honest personnel are to be appointed and trained.

The performance of the employees is evaluated at intervals. By the supervisors to ensure that the employees follow the policies of the business.

An inaccurate or incomplete accounting record prompts the dishonest employees to steal because they can easily subside the act of stealing.

Transactions accounted for are the documentary evidence of business.

This documentary evidence is an integral part of internal control systems.

These documents are to be arranged serially for convenient control. Since these primary documents are the documentary evidence of transactions of a business, the validity of these documents is to be checked from time to time.

For example,

The documents used for recording transactions of accounts are examined for the re-audit purpose of the merchandise inventory of a business organization.

While maintaining accounts of transactions, the accountant is to preserve the following four documents:

  1. Purchase requisition: The order placed by the department’s officers concerned to the purchasing department for purchasing a certain quantity of goods is called purchase requisition.
  2. Purchase order: Before purchase, the buyer sends a written order to the seller requesting him to send particular goods. This written order is called a purchase order.
  3. Invoice/Chalan: The seller sends an invoice with the sold goods to the buyer wherein the descriptions, quantity, rates of the goods are mentioned.
  4. Receiving report: It is a purchase document prepared by an officer of the purchasing department. It is treated as documentary evidence of the goods received.

The flow of documentary evidence of business transactions and commodities is shown below by a diagram:


  1. Requisition department sends a purchase requisition to the purchasing department.
  2. The purchasing department sends a purchase order to the supplier, with copies going to the receiving and accounting departments.
  3. The supplier sends goods to the receiving department, where goods received are checked against the purchase order and send an invoice to the accounting department.
  4. The receiving department sends goods to the requesting department and sends receiving a report to the accounting department.
  5. The accounting department checks to receive reports against the purchase order and invoice and sends a cheque for payment of invoice to the supplier.

The price of purchased goods is paid on the basis of these four documents, and these are compared with accounting records.

A business concern fails to make payment of a legitimate invoice without these documents, or it might have to make payment of the fictitious invoice or more than one invoice.

A business concern effectively completes its internal control system by comparing sources and documents with accounting records of those transactions.

Unfortunately, a business concerned about adopting its internal control system cannot avoid theft altogether.

A dishonest employee always tries to misappropriate whatever effective control systems exist as in a business concern.

Therefore, a business concern has to make an arrangement of casualty insurance on its assets. Under this system, loss of non-cash assets is reimbursed.


A business concern may arrange fidelity bonds between employees handling cash and other negotiable instruments. Under this system, a business concern will get reimbursement of money lost or theft.

Under these two systems, i.e., casualty insurance on assets and fidelity bonds on employees, a business concern can recover at least a portion of any loss caused due to stealing, misappropriation, etc.