Thu, Aug 11, 2022

A Working Definition of Internal Controls

For accounting, risk and audit, internal controls are a set of accounting best practices activities designed and implemented to minimize organizational risks and reduce legal and regulatory liability.

The internal control process promotes the observance of established rules, regulations, laws and policies to protect financial and other tangible and intangible assets, achieve accuracy in data and records, and generally safeguard the interests of an organization and its stakeholders.

The Importance of Internal Control Policies

Every organization has important goals it wants to accomplish in a timely and efficient manner. But, for every desired objective there are a hundred (or more) known and unknown risks waiting to disrupt well-laid plans and derail progress. Risks will always exist, they can’t be eliminated but, if conscientious accountants and auditors do their job properly, they can often be avoided and their deleterious effects can be mitigated.

A sound, comprehensive internal control policy is a bulwark against common and costly risks such as the following:

  • Internal and external fraud
  • Insufficient regulatory reporting
  • Inaccurate financial statements
  • Cyberthreats (hacking)
  • Waste, abuse and inefficiencies
  • Theft of institutional, proprietary information
  • Lack of management oversight

These common risks are far from being the only ones that a good internal control policy guards against. The best control policies are wide-ranging and dynamic; they can grow with a company and change with changing circumstances.

The Internal Control Policy as a Money Saving Device

When done right, developing suitable internal controls and organizing them into an understandable, easy-to-execute policy isn’t easy or inexpensive. It takes a significant commitment of time, money and human resources. In addition, integrating the policy into existing systems and implementing it on an institutional scale will involve its own set of challenges and expenses. In the long run, however, it will all be worthwhile.

The nitty-gritty of an internal control policy — all the templates, checklists, processes, assignment of tasks, audits, training and management review — might sound like tedious and pricy work, but it all combines to save the company money.

Accounting controls help avoid an untold number of small but potentially costly problems before they even happen, but the biggest savings are realized when monstrous financial or regulatory disasters are prevented by diligent compliance with well-thought-out, well-maintained controls. While regular internal audits, for instance, cost money and are incontinent, an unannounced audit by the IRS, the SEC or some other government agency (that won’t have your firm’s best interest at heart) will probably cost a lot more and would definitely be more stressful.

When problems can’t be avoided altogether, control activities save money by catching issues early and bringing them to the attention of the right people. An error on a financial statement, as an example, is problematic at any stage in the reporting process, but it can’t be fixed until it’s found. The checks and balances that are the essence of risk and accounting controls exist to spot exactly these types of problems. It takes time and money to re-run numbers and come up with an accurate report, but the cost of correcting financials confidentially in-house is exponentially lower than publishing and distributing faulty numbers to the public and having to reissue critical reports after the fact.

Well-designed internal controls thoughtfully enumerated in a high-quality policy document — whether offensive (designed to detect problems) or defensive (designed to prevent problems), manually executed by people, or computer automated — simply make good business sense.

Important Policies Should Be in Writing

Internal control policies can’t just exist conceptually; they must be in writing and communicated to everyone in the organization who will implement them and throughout all levels of management. To this end, KnowledgeLeader has created an Internal Control Policy for you to use as a framework or outline in creating a customized internal control policy.

Judicious use of this tool will help accounting departments achieve several important objectives.


When things go wrong in a business — and, unfortunately, things will sometimes go wrong — and money is lost, questions will fly and fingers will be pointed. Professionals in the risk, audit and accounting divisions will be asked what they did to prevent the problem that caused the loss. And they will be expected to show their work.

Without a properly formatted, written control policy document that’s been published and widely circulated it will be nearly impossible to prove to management, regulators and stakeholders that control policies ever existed.


Continuity of purpose and process is critical to efficiency. Everyone needs to be pulling in the same direction, as the saying goes. The detailed assignment of process and examination (supervision) responsibilities along with reporting requirements need to be included in every control policy.

Create Confidence

We’ve established that good internal controls can help protect assets, but they do more than just that. A program of high-quality, well-executed internal controls expressed in a published policy document will create a high level of confidence in company financial statements and other assertions.

Public and private investors, government regulators, the board of directors and C-suite executives are bound to have more faith in assertions by the accounting department if they know all numbers, projections and reports were run through a vigorous set of internal controls before being presented.


It’s the job and sometimes the fiduciary duty of personnel in risk, audit and accounting departments to report numbers that others can depend on. Shareholders and company executives will expect it. Government agencies will demand it.

A functioning system of internal accounting controls is imperative. A thoughtfully developed, written policy is very highly recommended.