Written by Isaac Gblee
Internal control is often said to be a set of procedures or measures put in place within an organization to prevent fraud, misuse and abuse of an organization resources.
According to the COSO 2013 framework, internal controls have five integrated components namely; control environment, risk assessment, control activities, information and communication and monitoring activities.
COSO 2013 framework further indicates that there are seventeen principles with in these five integrated components namely;
- Demonstration of commitment to integrity and ethical values,
- Exercising oversight responsibility,
- Establishing structure, authority, and responsibility,
- Demonstration of commitment to competence,
- Enforcing accountability,
- Specifying suitable objectives,
- Identifying and analyzing risk,
- Assessment of fraud risk
- Identifying and analyzing significant change,
- Selection and development of control activities,
- Selection and development of general controls over technology,
- Deploying control activities through policies and procedures,
- Use of relevant information,
- Communicating internally,
- Communicating externally,
- conduct of ongoing and/or separate evaluation
- evaluating and communicating deficiencies.
It is a popular view that when adequate controls are in place in an organization, it reduces or minimizes the risk of fraud or theft. Organizations will have to maintain robust and effective controls in order to prevent fraud.
However, what is mostly forgotten is that all the different processes and functions within an organization are managed by humans thus susceptible to mistake or deliberate intentions to commit fraud. Internal control therefore has its own limitations. Dishonest employees will always find weaknesses in the control procedures to circumvent the organization policies and commit fraud.
In as much as robust and effective internal controls will prevent fraud, misuse and abuse of an organization resources, it is important to note that honest staff with high integrity are required to safeguard organization resources as humans manage the processes.
Dishonest staff handling the various processes in the organization could collude and circumvent the controls to commit fraud. This is why in additional to all the rigorous control put in place, there is a need to recruit very honest staff with integrity to manage the various processes and functions within an organization.