Hotline: (+84) 949 594 116
Tel: (+84-24) 73033699
Live support
Hotline: (+84) 949 594 116
Tel: (+84-24) 73033699
Blog

Blog

What is internal control? Steps to build internal control process

admin January 12, 2023

Internal control plays an important role in helping businesses control risks, improve business efficiency and orient the business to the right goals. So what is this activity and what role does it play in the business? How to build this control process?

Popular Post

What is internal control?

Internal control is the activity of establishing and organizing a certain work cycle within an enterprise in order to improve business efficiency and reduce risks and avoid unexpected losses.

The first internal control activities appeared at the end of the 19th century with the advent of auditing firms. Along with economic development, which requires stricter management, audit standards were born, leading to the development of internal control activities.

The United States National Council (COSO 2013) has defined internal control against fraud in the preparation of financial statements as a process governed by the board of directors, managers, and employees of the entity. dominant. These controls are designed to provide reasonable assurance regarding performance, compliance and reporting objectives. Specifically, the three objectives of internal control are as follows:

- Operational objectives: expressed through effective operation as well as making good use of internal resources (financial, human, and material resources).

- Reporting objective: including financial statements and non-financial reports for outsiders and inside the company to ensure honesty, science and reliability.

- Compliance goals: comply with the law and comply with company regulations.

The role of internal control

Stemming from the fact that many businesses still manage loosely or in a family style, pushing responsibility for control to subordinates leads to loss and inefficiencies. The appearance of internal control helps to establish an objective monitoring and control mechanism, thereby bringing many benefits such as:

- Limit errors and risks in production and business

- Ensure product quality, production plan, right price

- Accurately recorded financial and accounting data

- Protect assets, reduce damage, loss, fraud

- Optimizing enterprise resources

- Build trust and credibility

- Protect the interests of investors, shareholders as well as business owners and employees

- Increase management efficiency, improve production and business efficiency

With the above important role, today, internal control is not only applied in auditing - accounting but also applied to many non-financial activities and processes in the business related to finance such as purchase, control information…

5 parts of internal control

The components of internal control include: control environment, risk assessment, control activities, communication and monitoring.

What is internal control? Steps to build internal control process

Control environment

Control environment is a working environment where all members of the enterprise support and comply with the regulations and procedures of the internal control system. In it, members at different levels carry out responsibilities and make decisions. Specifically, you need the following 6 principles to build a control environment:

- Commitment and honesty, ensuring ethical values in corporate culture, from management to employees. This commitment can be reflected in regulations, ethical standards, manners, and communication in the business.

- The management level, the board of directors (BOD) needs to demonstrate independence when implementing and monitoring the development and operation of the internal control system.

- Establish a structure of the reporting process, and clearly delineate authority levels to achieve goals

- Demonstrate a commitment to employing qualified personnel through recruiting, retaining and developing appropriate human resources.

- Individual personnel are responsible for reporting as required, meeting the goals of the organization. Establish methods for evaluation as well as reward and discipline methods depending on the level of goal completion.

- Establish a method for performance evaluation

Risk assessment

Risk assessment is the process of identifying, analyzing and predicting possible risks, thereby helping enterprises manage these risks and improve business efficiency.

The principles to help manage risks in the internal control system include:

Set clear and complete goals to identify and assess risks that may arise in the process of achieving goals. Specifically, goals are established through a general policy or guideline and are consistent with the overall strategy of the business. Management orients and directs subordinates to recognize the consequences of risks.

Identify and assess risks in achieving goals, conduct analysis to find out how to manage risks according to each risk level and content

+ Operational risks: failure to achieve goals as committed to assets and other resources, loss of or damage to the use process.

+ Risk of compliance: violating the law (Vietnamese law, international law) or violating the regulations of the enterprise.

+ Reporting risks: financial statements, non-financial reports or internal reports are inaccurate.

In terms of influence, there are:

+ Enterprise-wide risk

+ Risks at the division level

The source of risks can come from inside or outside the business.

+ External factors: economic environment (prices, capital costs, competitors, unemployment rate...), natural environment (natural disasters, immigration...), political factors, social factors The development of science and technology…

+ Internal factors: personnel, processes, infrastructure, equipment...

The entity needs to assess potential frauds (report fraud, misappropriation of assets, non-compliance, bribery, system control, etc.)

Evaluate changes in the environment that may affect the internal control system.

Prepare contingency measures when risks occur to minimize damage.

Set goals so that subordinates have a basis to perform their jobs in accordance with regulations.

Control operation

Control activities include policies or procedures to ensure that regulations and directives are implemented at all levels and activities. Control activities can be through: authorization, reconciliation, assignment of tasks, verification...

According to COSO 2013, control activities have the following principles:

Select and develop control activities that contribute to limiting risks and achieving goals within limits. Depending on the goal, depending on the process, depending on the characteristics of each part, there is control or compliance or automatic, preventive or detection control.

+ Preventive control: control activities to prevent and minimize the possibility of errors and frauds, affecting the achievement of the objectives of the entity.

+ Detective control: control activities to detect frauds and errors that have been performed in a timely manner.

Choosing to develop joint control activities with modern technology to achieve the following goals: ensuring accuracy and reliability when processing, providing information to managers, backing up and recovering data if there is an accident threats, avoiding unauthorized access and threats from outside the enterprise.

Organizations implement control activities through policies and implement policies into specific actions.

What is internal control? Steps to build internal control process

Information and communication

Communication is the exchange and communication of necessary information within the enterprise and also to the outside. There are three types of information in the internal control system:

+ Financial information

+ Operational information

+ Compliance information

The principles of information communication in the internal control system include:

- Collect and communicate useful information to support other departments.

- Communicate necessary information, including objectives and responsibilities, to support the control function. Enterprises/units need to set up many information channels such as hotlines, websites, emails, etc. to receive information and warn about unusual events that may cause risks.

- The information system responds quickly, accurately, to many people.

- Install a secure security system to avoid losing important data.

- Communicate to external parties such as customers, suppliers, investors, etc., and collect suggestions and feedback to improve the control system more effectively.

Monitor

This is the process of evaluating the quality of the system, thereby improving the control process more professionally and effectively. The principles of supervision include:

Selecting, implementing, performing continuous or periodic reviews to ensure that parts of control are still operating (through internal audits, periodic reviews, periodic audits, etc.)

Evaluate and notify the limitations and weaknesses of the internal control system in a timely manner to responsible subjects and management levels for remedial action.

The unit/enterprise can build an internal control process according to the following steps.

Step 1: Determine the direction and possible risks

You can rely on the operating process of the department or the business to determine the direction and analyze the possible risks. The risks include:

- Financial risk

- Strategic risk

- Operational risks

From there, you evaluate the impact of each type of risk on the business/unit or department.

Step 2: Modeling, analyzing

After defining the workflow and identifying the risks, you can model the system as well as the position of each level of personnel in this system. From there, clear regulations and control regulations are built at each level.

Step 3: Compare management rules/standards

After the regulations and regulations in control are established, you compare them with the established management rules (under the control environment) to assess the conformity with the management rules of the enterprise.

Regulations, rules that are inappropriate or contrary to the rules of the enterprise need to be removed or adjusted.

Step 4: Form the process, guide how to do it and communicate

After completing the above steps, you give instructions for implementing the internal control process and communicate to employees and departments to follow.

Step 5: Test, evaluate and adjust

It will be difficult to have a perfect internal control process in the first place. However, you can test on a departmental scale to assess fit and then gradually scale up to the entire organization/business.

Replies to This Discussion