Thursday, August 5, 2010

Limitations of Internal Control

• Cost versus budget - The cost of an implemented control should not exceed its anticipated benefit. In circumstances where management has assessed the risk of loss and has decided to “accept” the risk as insignificant, this could lead to an absence of controls in areas where they could have prevented fraud.

• Routine versus non-routine transactions - Most controls are directed at routine rather than non-routine transaction processes, for example a business where thousands of sales transactions occur daily, such transactions are likely to be tightly controlled, with specific approval, processing, and monitoring controls in place. On the other hand, infrequent transactions such as the purchase of fixed assets for high values, usually formally approved by directors’ minutes may not have formalized procedures in place to identify, capture, and communicate the transactions. As a result, the completeness and measurement or accuracy of the recorded transactions may be in doubt.

• Human error - This relates to the potential for human error due to carelessness, distractions, poor judgment, and the misunderstanding of instructions. Temporary or permanent changes in personnel, systems, or procedures may contribute to human errors.

• Collusion - This refers to the possibility that a member of management or an employee colludes with parties inside or outside the organization to circumvent internal controls. An example of internal collusion is collusion between a staff member in human resources and a staff member dealing with funds transfers: The human resources staff member adds fictitious employees and/or additional employee back accounts onto the standing data files of the payroll, and the other staff member then authorizes the electronic fund transfers to these fictitious bank accounts.


• Management override - This revolves around the possibility that a person responsible for exercising a control could abuse that responsibility, for example, when a member of management overrides a control. Management override may be associated with aggressive earning policies, personal expenses processed through the business, the improper authorization of transactions, and deliberately misleading representations to secure financial benefits. These actions may be associated with deliberate attempts by management to mislead the auditors.

• Changes in conditions - This relates to the possibility that procedures may become inadequate owing to changes in conditions, and that compliance with control procedures may deteriorate. Examples are changes in the IT environment, and changes in the entity owing to large acquisitions, reorganizations, the development of new products or services operations in regions that are economically unstable, the application of new accounting standards, off-balance sheet finance, etc.

No comments:

Post a Comment