Internal Controls in Accounting - CoCo Model - Case Study Example

Introduction The nature of the environment in which most of the organisations are conducting their business is continuing to change dramatically. Technological advances, economic factors and an increasing rate of global competition are some of the examples causing these changes. With every new development, management faces more challenges to manage liquidity, control costs and for achievement of a competitive advantage. These upcoming challenges have increased the concern of the directors and managers in the organisations to seek for evaluation of the operating performance. In addition, as a result of current increase in failures in high profile business, corporate fraud allegations, and restatement of financial statements there has been observed a congressional and public attention through the applicability of internal control in the organisations over the financial reporting. This has led to various provisions for protection of investors through reliability and accuracy improvements in the corporate disclosures (Bailey et al. 1985). Internal control is referred to as the process which is designed with purpose of ensuring that there is reliable reporting in finance, the operations are effective and efficient and also there is compliance with laws and regulations that are applicable. Internal control also involves safeguarding of the assets against acquisition, theft, unauthorised use and disposal. Internal control of accounts consists of an organisational plan and records and procedures that are concerned with assets safeguarding and the reliability of the records in finance. The major goals for internal controls in accounting include assets safeguarding against any loss that arise from both intentional and unintentional errors involved in the processing of transactions and handling of the assets that are related and also maintaining the financial records’ reliability for the purposes of external reporting. An internal control system of accounting is said to be satisfactory if it contains an organisational plan which provides a functional responsibilities’ segregation that is appropriate and a system consisting of record procedures and authorization that is sufficient to provide an accounting control that is reasonable over liabilities, assets, expenses and revenues (Hall 2008). A system for internal control may also incorporate some elements which are beyond activities of finance and accounting. These include standard costs, budgetary control, statistical analyses, operating costs that are said to be periodic and dissemination of the following; a program designed for training meant for aiding the personnel in accomplishing their responsibilities and staff internal audit meant for providing additional managerial assurance for the efficiency of the outlined procedures and also the degree to which these procedures are carried out effectively (Ashton 1974). Although there are various models used for internal control, the two primary models used for internal accounting control are committee of sponsoring organisations (COSO) and criteria of control (CoCo) (Haskins et al. 1987). The literature review focuses on the purpose of internal controls in accounting. It examines the history of accounting control, the control process, and the two primary models of internal controls. History of internal accounting control Internal control was first defined in 1949 by the American institute of accountants. Further clarifications on internal accounting control followed in 1958 and 1972. In 1977, the companies that were owned by public were incorporated in the legislation for effective implementation of control in order to protect the company’s information on finance (Brown 1995). The recent documents which explain internal controls are the 1992 COSO report and the 2002 Sarbanes-Oxley Act. Internal control assist the organisations in presentation of financial reports which can be relied upon, to conform to the laws and regulations and to foster operations which are effective and efficient. The design of internal control is to make sure that no one in the organisation may try to use information on personal grounds. It also restrains any individual with an intention misuse the organisation funds or steal the inventory. This can lead to reduced profit due to increasing in operation cost (Lauren 2011). The control process There control process undergoes three steps namely prevention, detection and correction. The preventive control is developed to prevent the irregularities or errors from happening in the organisation’s financial reports. These controls are usually developed to deter any problem long before it arises, they are used for monitoring of both inputs and operations, they attempt to predict any potential problem before these problems happen and at the end they make adjustments. The controls for prevention are designed to take immediate corrective action if the forecasts will indicate any deficiency. Some of the preventive controls include hiring of the personnel with sufficient qualification, segregation of duties, controlling of access to any physical facility in the organisation, using of documents that are well designed to prevent errors, and establishment of procedures that are suitable for transaction s authorisation. Other examples of preventive controls are a system of budgeting cash which will monitor the cash flows and also forecast the future cash flows, a control system for inventory which will predict items that are out of stock and a system for credit authorization which will check the worthiness of the credit before shipment of goods (Brauchli et al. 1995). The detective controls are developed to look for irregularities and errors in the organisation’s records and books. These controls are designed to discover the problems of control soon after they have occurred and they also measure some features of the processes and then adjust these processes in case that measure show some deviation from the organisational plan. Some examples of the controls include duplication of calculation checks, reporting of periodic performance with variances, reporting the past due accounts, reconciling receivables, reporting inventory items that are out of stock, standard costing, bank reconciliations, verification of the proper use of the documents that are pre-numbered such as checking for the numbers of missing documents. Other examples of controls for detection include periodic review of credit history, drawing of a trial balance on monthly basis and internal audit functions (Colbert & Bowen 1996). Controls for correction are designed for correction of irregularities or errors which have been detected in the financial operations of the organisation. Corrective controls involve the procedures that are developed to solve problems that are discovered by the controls for detection, the steps which are taken for the purpose of identifying the cause of a problem. It also involves the steps which are put in place for correction of errors that arise out of the problem and those steps that are taken in order to modify the system processing to reduce any future occurrence of the problem in an organisation. An example is a report that shows unusual elevated numbers of the stock-outs. Through the investigation it may be revealed that the suppler is shipping the orders as fast as it was in the past. The solution to this problem would be to change suppliers or to earlier placement of orders (Bailey et al. 1985). Models for internal control COSO model Most of the organisations throughout the world have adopted the concepts of internal control which was presented in the report of COSO model published in 1992. This report visualises internal control as a process which is made into effect by entity’s management, director’s board and other personnel and it is designed to give a reasonable assurance about the achievement of organisational objectives categorised as efficiency and effectiveness of operations, reliability of the reporting on finance, and compliance the laws and regulation that are applicable. COSO defines internal control into five essential components that are interrelated. These essential components include risk assessment, monitoring, control environment, information and communication, and control activities (American Bar Association 1992). The control environment is determined by the style of management and upper level managers’ expectations in particular their policies employed for control. A control environment that is effective will make sure that the established procedures and policies are followed. It consists of an independent oversight which is provided by board of directors or in case of companies that are publicly held, it is provided by an audit committee. It also includes the ethical values, integrity and philosophy of the management, an organisational structure which is defined with trustworthy and competent employees and assignment of responsibility and authority. The control activities are referred to as specific procedures and policies used by the management for the achievement of its objectives and are performed in a timely manner in order to reduce and manage the risks. The most essential ones include segregation of duties, adequate records and documents, proper authorization of activities and transaction, physical control over the records and assets and checks which are independent in the performance (Brauchli et al. 1995). Risk assessment involves determination of the goals and objectives where at the highest level, they should be presented in a plan that includes the statement of the mission and strategic initiatives that are defined broadly. It also involves identification of risks after the goals are determined and the analysis of risks for prioritisation of the risks identified (Hall 2008). Information and communication are very essential as they affect the control. Information on the plans of the organisation, risks, control environment, performance and control activities must be communicated across, up and down in an organisation (Brauchli et al. 1995). Monitoring is referred to as the internal control of the organizational performance over time. Monitoring is achieved through monitoring activities that are ongoing and through separate internal control evaluations which include peer reviews, internal audits and self- assessments. The aim of monitoring is determination of whether there is an efficient design, effective and proper execution of the internal control (Lieberman et al. 1975). CoCo model Most of the organisations found it complicated to read and understand the COSO report. The CoCo report from Canadian institute of charted accountants (CICA) that was issued in 1995 was found to solve the difficulties from the COSO report. The CoCo model describes the internal accounting control as actions which are employed in order to promote the best results within an organisation. These actions assist in achieving the objectives of the organisation and they centre around; effectiveness of operations, both external and internal reporting reliability, and conformity with internal policies, laws and regulations which are applicable. The model describes control as the one comprising the elements within an organisation which include its resources, processes, customs, systems tasks and structures that when taken together, they support personnel in the achievement of the objectives of an organisation (Hall 2008). This model recognises four internal control elements which are interrelated. These elements include learning and monitoring, capability, purpose and commitment. Any organisation that performs a task is usually guided by the understanding of the purpose of performing this task which is the objective that needs to be achieved and also the organisation is supported by capability which is the resources, information, supplies, and skills. In order to accomplish the task successfully over time, every organisation is required to have a sense of commitment. The organisation must also monitor the performance of the task in order to improve the task process. The above elements used for control consist of twenty control criteria that are specific and are regarded as the steps which an organisation takes for the purpose of promoting the right action (Leitch 2008). According to the COSO model internal controls are very essential in any organisation and the management is required to evaluate the internal controls in each year and in addition financial auditors should monitor the process for effectiveness and efficiency of the internal controls. However, the role of an accounts profession in the process of internal control is the protection of the public from the information that is said to be misleading and false by requiring the corporations that are owned by the public to disclose financial information and any other information in a way that will accurately show the corporate activities’ results. This is achieved through application of the models of internal accounting controls which tend to depict similarity in their application (Roth 1997). Even if the specific definitions of the internal control for the two models tend to differ, there are various concepts that are very similar in these models. The emphasis of these models is that the internal accounting control is not based only on the procedures and policies that assist organisations to achieve their objectives but it is also a system or a process which is affected by the people. In the two models, people are seen as central part for an effective internal accounting control (Hall, Colbert & Bowen 2008, 1996). The models also place emphasis on the reasonable assurance concept in its relation to the internal control. Also, the internal accounting control does not necessarily guarantee that an organisation will achieve its objectives but it provides an assurance of meeting the objectives set in an organisation. The effectiveness and efficiency of the internal controls entirely depend on the competency and dependability of the people within the organisation (Leitch, Roth 2008, 1997). However, the policies and rules in management which refers to the behaviour of the employee will give a reasonable assurance that there is achievement of the control objectives through proper authorization, segregation of duties, adequate record and documentation, and independent checks on the performance. Proper authorization will lead to empowerment of the employees to perform various tasks and make decisions which will impact the assets, and it will ensure that the authorization code and the signature are involved (Moeller, American Bar Association 2008, 1992). Segregation of duties will ensure that there is no any single individual that takes a lot of responsibilities and also there is no employee that will be in a condition of both perpetrating and concealing irregularities. It will also ensure that the general category functions which include authorization, recording and custody of assets are separated from one another. However if segregation of duties will not occur; responsibility in both recording receivable accounts and custody will lead to diversifying some cash receipts and falsifying the accounts in order to conceal the diversion. If there is authorization of the write-offs account and cash receipts custody, it will lead to authorization of false write-offs and the diversion subsequent account collection. If there is authorization of issuing of the purchasing order to vendors that are specific and also a responsibility for inventory receipts recording, one can issue a purchase order to a vendor that is fictitious and then prepare a receipt record for fictitious inventory. This would lead to funds disbursement for something that was never received (Brauchli et al. 1995). Documents and records for collection of any relevant information should provide allowance for receipt of assets and proper authorization and should be pre-numbered in order to account for all documents and at the same time reducing the likelihood of fraud. There should also be an audit trail where a transaction will trace throughout the system to allow for verification (Ashton 1974). Audit institutions identified three criteria that were made compulsory rules to be followed for effectiveness of internal control. The rules indicated that there must be appropriate controls, there must be consistency with the functioning of these controls according to the plan with no bypassing under any circumstances and the controls must be cost effective such that the benefits outweigh the implementation cost (Environment Canada 2005). According to Porter et al, a good internal control system can be identified by the following characteristics; a reliable and competent personnel of integrity, areas of authority and responsibility that are defined clearly, proper procedures in authorization, adequate records and documentation, segregation of duties that are incompatible, independent performance checks and physical safeguarding of records and assets. Lack of quality employees leads to the failure of any system of internal control hence requires a training program that is essential. In addition to knowing the expectations of the employees, clear responsibility assists in identification of areas of training in case of a detection of errors. Procedures ensure that the authorised personnel approve the transactions. If the operation of control system is effective, there must be revisions and creation of documents. Separation of duties is essential to ensure that no one have the custody and authorisation of the same assets. Independent checks prevent errors resulting from human mistakes. There should also be a physical safe guarding of assets from tampering and theft (Porter et al 2003). Internal control also has some limitations which include faulty judgements made by human, errors, misunderstanding of the instructions, overriding of controls by the management, and collusion which is a conspiracy planned by two or more personnel in order to commit fraud. Also, due to considerations in cost-benefit, all possible controls will not be implemented. Due to these limitations that are inherent, there is no guarantee that the objectives of the organisation will be met (Hall, American Bar Association 2008, 1992). Future research Cost-benefit is one of the limitations of the application of internal control. Accountants view cost-benefit issue as a driving force employed in evaluating the effectiveness of the internal control and also as reasonableness of any system of internal control while on the other hand legislators see it as a single multitude of the components that are used for driving a final evaluation of the effectiveness of any system of internal control system. A future research that is effective in cost-benefit internal control will in the first place make the researchers to define a point of view. On establishment of a point of view, the ‘how’ and ‘when’ of the cost and benefit measuring must occur. Do we employ the same point of view as it was done for the cost? A research on separation of appropriate benefits and costs for the analysis of internal control would be good for legal community as also the stakeholders. Would the potential liability be part of costs? Conclusion Internal controls can be administrative or financial where financial ones are the procedures which are designed for the purpose of safeguarding the assets of the company and ensuring a financial reporting that is reliable, accurate and consistent. The administrative controls are developed with an aim of producing an operational efficiency and also ensuring there is compliance with the policies of the management and governmental regulations. Internal controls is very essential in overcoming the challenges faced by the management as technology advances such as managing the liquidity, control of costs and achievement of a competitive advantage. It has also been an essential tool in preventing, solving and mitigating problems that has led to public attention such as current increase in failures in high profile business, corporate fraud allegations, and restatement of financial statements. The process of internal control in an organisation involves three steps which are prevention, detection and correction. Although there are various models used for internal control, the two primary models used for internal accounting control are committee of sponsoring organisations (COSO) and criteria of control (CoCo). Regardless of the model that is chosen, all the models used for internal control have similar intents and concepts. Each of these models puts more emphasis on the actual procedures and policies, the collected data quality, and the role which is played by the personnel that is involved in the internal controls of the organisation. People are always seen as the central part for an internal control that is sufficient and the internal control effectiveness depends on dependability and competency of the people in the organisation. Since the application of the system of internal control cannot necessarily guarantee the success and achievement of the objectives of the organisation as it relates mostly to the outlined goals, it cannot also guarantee the collected information’s sanctity. By internal monitoring of the organisation, it is easier to mitigate and prevent any potential problem arising being it legal or otherwise. However, some of the limitations that are related to internal control include faulty judgements from human, errors, misunderstanding of the instructions, overriding of controls by the management in the organisation and collusion which is as result of conspiring of two or several people in order to commit fraud. Cost-benefits consideration has also been a major limitation as it has been observed that not all possible controls can be implemented. Due to these limitations that are considered inherent, application of internal controls is not necessarily a guarantee that the objectives of the organisation will be achieved. References Ashton, H 1974, ‘An Experimental Study of Internal Control Judgments’, Journal of Accounting Research, vol.12 no. 1, Pp. 143-157. American Bar Association 1992, ‘Committee of Sponsoring Organizations of the Treadway Commissions, Internal Control-Integrated Framework’ vol. 2, Pp. 86. Bailey, AD, Duke, GL, Gerlach, J, Ko, C, Meservy, RD, & Whinston, AB 1985, ‘TICOM and the analysis of internal controls’, Accounting Reviews, Pp. 186-201. Brauchli, Marcus, W, Bray, Nicholas, & Sesit, M 1995, ‘Barings PLC Officials May Have Been Aware of Trading Position’, Wall Street Journal, vol. 4, Pp. 1-6 Brown, CE 1995, Internal Control Concepts. Viewed on 20 February 2012 from: http://www.shsu.edu/~aac_cwb/control1.htm Colbert, L & Bowen, L 1996, ‘A Comparison of Internal Controls: CobiT, SAC, COSO and SAS 55/78’, IS Audit and Control Journal, vol. 4, Pp. 26-35. Environment Canada 2005, symbol of the government of Canada. Viewed on 21 February 2012 from: http://www.ec.gc.ca/aeve/default.asp?lang=En&n=B86CCD28&offset=3&toc=show Haskins, Mark, E & Nanni, AJ 1987, ‘Toward Attribute Models of Accounting Control Systems: Qualitative versus Quantitative Approaches’, Journal of Accounting Literature, vol. 6 no. 1, Pp. 111-130. Hall, JA 2008, . 6th ed. Mason, OH: South-Western Cengage Learning. Lauren, D 2011, the History of Internal Control Systems. Viewed on 20 February 2012 from: http://www.ehow.com/facts_7203983_history-internal-control-systems.html Lieberman, AZ & Whinston, AB 1975, ‘A Structuring of an Events- Accounting Information System’, The Accounting Review, pp. 246-58. Leitch, M 2008, ‘Intelligent Internal Control and Risk Management: Designing High-Performance Risk Control Systems’. Aldershot, UK: Gower Publishing. Moeller, R 2008, ‘Sarbanes–Oxley Internal Controls: Effective Auditing with AS5, CobiT, and ITIL’. Hoboken, NJ: Wiley. Porter, B, Simon, J & Hatherly, D 2003 ‘Principles of External Auditing’, 2nd ed. West Sussex: John Wiley & Sons Ltd., 247. Roth, J 1997, ‘Control Model Implementation: Best Practices. Altamonte Springs’, FL: Institute of Internal Auditors Research Foundation. Read More