The organization communicates with the outside parties concerning the matters which affect the roles of the internal controls. Control objectives 13. The organization normally selects and then improves the control activities which contribute to the modification of the risks to the accomplishment of the objectives to the satisfactory levels. 14. The organization chooses and improves the overall control activities over the technology in order to support the accomplishment of objectives.
The challenges may emanate from poor judgement in decision-making, human error, management‘s ability to override controls, collusion to circumvent control, and consideration of costs and benefits relative to internal control. No system of controls can be an absolute guarantee against the risk of wrongdoing or honest error. Any system that attempted to reach that goal, especially in a complex organization, would impose costs far out of proportion to the risks and create rigidities for the organization. Thus the proper goal of the control system should be to provide reasonable assurance that improprieties will not occur or that if they occur, they will be revealed and will be reported to the appropriate authorities (Pridgen et al.
Institute of Chartered Accountants of England and Wales as cited by Kumar and Sharma (2005) defines internal control system in a broad manner. According to that “internal Control system is the whole system of controls, financial or otherwise, established by the management in order to carry on the business of the enterprise in orderly and efficient manner, ensure adherence to management policies, safe guard assets and secure as far as possible the completeness and accuracy of records”. It comprises of five components as mentioned above, the control environment, the entity’s risk assessment process, the information system, the related business processes relevant to financial reporting and communication, control activities and monitoring of controls.
Report) in United Kingdom, were established to investigate the reason behind the large number of business failure, frauds, and audit failures. This effort has been followed by the introduction of the definition of internal control by the committee of sponsoring organizations of the Treadway Commission (COSO) in 1992, 2013 as “a process, effected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance”. The Canadian Institute of Chartered Accountants (CICA) introduced its definition to internal control as “procedures, processes, and methods implemented by management to ensure the company 's efficiency
2.9 Limitations of Internal Control: An organizational system of internal control is designed to provide reasonable assurance that assets can adequately safeguard and that the accounting records are reliable. Internal control can do much to protect against both errors and irregularities, and it also ensures that accounting data is consistent. It is vital to recognize the actuality of inherent limitations in any internal control structure. Mistakes may result in the performance of internal control policies and procedures as an outcome of the misunderstanding of instructions, errors in judgment, carelessness, distractions, or fatigue. The size of the organization made impose limitations on internal control.
2.5 When A System Of Internal Control Is Believed To Be Effective Both applied internal control systems like COSO framework and laws governing the issue of internal control systems namely Sarbanes-Oxley Act (SOX) are interested in expressing a professional opinion with respect to the effectiveness of internal control systems. On one side, COSO framework considers the board of directors and the judgment practiced by the board of directors and top management within the boundar¬ies established by laws, rules, regulations, and standards as the main factor effecting the design, implementation, and the assessment of the effectiveness of internal control systems. However, this practiced judgment is exhibited in the form of obtaining reasonable assurance relative to the application of such internal control system within the entity structure in a manner that its operations are functioning effectively and efficiently when external events are either considered likely or unlikely to have
They include: • Understanding the concepts • Balancing risk and reward • Using risk appetite and tolerance for more than finance • Leveraging positive aspects of risk taking • Evolving risk appetite and tolerance over time • Communicating risk appetite and tolerance An organization 's risk appetite can be seen as linked to the returns the organization expects from the transaction and can be expressed quantitatively or qualitatively. There are organization 's that use broad categories, such as high, medium and low to describe their risk appetite, others organization 's base their risk appetite on a calculation of the level of earnings or value of risk. During risk evaluation an understanding of risk appetite is required. Residual risk ratings are compared with the risk appetite to determine if the risk requires treatment. Risk appetite has been defined as ‘the level of risk that an organization is willing to accept’1, ‘the amount of risk an entity is willing to accept in pursuit of value’2, or ‘The amount of risk which is judged to be tolerable and justifiable’.
A control plan basically is the written description of the system which can be used for controlling processes and parts. A single control plan is applicable to a family or group of products that have the same process for production and are produced at the same
Fatemi and Fooladi (2006) notes that effective risk management leads to more balanced trade-off between risk and reward, to realize a better position in the future. Bobakovia (2003) notes that the profitability of a firm depends on its ability to foresee monitor and avoid risks, and possibility of provisions to cover losses brought about by risk that arises. Shafiq and Nasr (2010) notes that an institution needs not do business in a manner that unnecessarily imposes risk upon it; avoid risk that can be efficiently transferred to other participants. Rather, it should only manage risks that are more efficiently managed at the firm level and shun those that can be managed by the market itself or by their owners in their own portfolios. In short, only those risks that are uniquely part of the firm's array of services should be accepted.
In the same way that managers are primarily responsible for identifying the financial and compliance risks for their operations, they also have line responsibility for designing, implementing and monitoring their internal control system (Alvin & Loebbecke, 1997). These activities include authorization and approval, arithmetical and accounting controls, segregation of duties chart of accounts, system manuals, physical controls and independent checks (Andreasen, and Kotler, 2008). Controls can be either preventive or detective. The intent of these controls is different. Preventive controls attempt to deter or prevent undesirable events from occurring.