 In this presentation, we will introduce the topic of internal controls, internal controls being policies within an organization in order to achieve certain objectives, those objectives including the safeguarding of assets, having reliable accounting records, efficient operations and company policy alignment, we'll get further into what each of these categories mean in detail. However, first, we want to discuss the fact that internal controls will change from organization to organization and industry to industry. We'll have similar objectives between organization to organization, industry to industry, however the customization of the internal controls will differ in order to have an optimal amount depending on size of company and type of industry. For example, a small company often run by one individual will have much fewer internal controls for multiple reasons. Often that that individual can really monitor a lot more of the transactions for a small company and have direct contact with the transactions that are taking place, whereas in a large company there's going to be a lot more decentralization, we're going to have to delegate authority in order to record many different types of transactions. A small company also will not have the same level of organizational structure, they won't have the number of employees to be able to implement some of the different types of internal controls often having to do with a separation of duties. So the owner often then will be a major component in running most of the processes in an internal control process. There are some internal controls that will be needed for both small companies and large companies. Some of the most common internal controls that we would want to make sure we have in place, even if we're a small company are going to be things like signing the checks, we don't want the bookkeeper to be signing checks and the authorizing transactions and recording them into the system. Also reconciling the bank account are a couple things that we would for sure want a small business to take place in and therefore reduce the likelihood of fraud. A large organization of course is going to have a lot of more decentralization, there's going to be a lot more things that are going to be delegated to other types of management and in order to do that effectively we're going to have to introduce internal controls. It's also we need to note that as a company gets larger it starts to become more of an entity. People see it as more of an entity than an individual person and they can therefore justify possibly fraud to themselves. They can rationalize different types of activities whereas they might not be as easily rationalizable when we talk about a small organization. And therefore a large organization needs to set it up in some policies to safeguard against having a fraud or other type of objective not being met with internal controls. So the goals of internal controls then will include safeguarding of assets. So clearly we want to make sure that we have policies in place, most obvious being that we are going to lock up our assets probably our cash and restrict access to it to key individuals. So that's going to be our goal that we'll be putting in place specifically when we think about implementing internal controls and when we do implement internal controls we want to have a really definite knowledge of what the goal is we are going for with that specific internal control so that we can design it most effectively. So we want a reliable accounting records we're going to have to rely on these accounting records in order to see how we're doing judge performance and therefore the internal control should be set up in such a way that our accounting records are done properly then we want to have efficient operations. So the internal controls also can be set up of course in order to manage things better in order to get the operations flowing better in order to go through the processes more efficiently and thereby having the business run more efficiently. Note that internal controls in general we might think of as actually slowing up a lot of different processes because they're going to be processes in order to safeguard assets and have reliable records we might be jumping through a different some more hoops that we may not need if we were to take those out and we can still get the job done however we would lose some of our safeguarding of assets and reliability. So the efficiency factor we could have some control controls in place in order to get more efficient and other times of course in order to achieve other goals we may actually be extending the processes that could go faster in order to achieve some of these other goals like safeguarding the assets and reliable records. Then we have company policy alignment we want to set up the internal controls in such a way that people are incentivized and supervised and enforcing company policies so we want to make sure that the controls are in alignment and incentivizing those policies. Now we're going to discuss some internal control principles that will be put in place in order to achieve the internal control goals. First principle, establish responsibility. This seems to be something that would be obvious but it really is something that we want to make sure that we have some responsibility for the particular outcomes. If we do not assign good responsibility then if the outcomes do not match what the expectations are we won't know who to hold accountable and therefore we won't be able to take any action. So being able to assign responsibility to particular outcomes is going to be key for us to implement controls and monitor those controls. We want to maintain records and clearly the accounting is going to be important in terms of record keeping. Record keeping is going to allow us to assess how we've been doing and how we can do better going forward so we need something to analyze. That means we have to store the data with records. Separation of duties is probably the main internal control we want to think of. When we think of internal controls for a large organization we are typically thinking of separation of duties. One big separation being the separation of custody of assets and recording of assets into the system. We want to separate them as much as possible so that someone couldn't for example steal cash and record the theft in the system at the same time. So the separation of duties in many different areas is going to be a key component of internal control when we want to understand when applying an internal control system and when working within a system. Because this is one area where we might say they would be faster if I could do this and this and we need to realize that there's a reason we can't do those two things that's part of the internal control system and that's part of kind of the bureaucracy of as companies grow they help us to safeguard assets but they could also lead to more steps within a process. Then we're going to have technology controls. We'll talk a little bit more about technology type controls as we get more technology of course the systems of controls will change meaning we could separate duties a little bit more easily with different type of technology because the system will allow us to do that. We have less of a paper trail oftentimes which is the records here but we can also set up systems within our database system to have more of an audit trail more of a trail of what is going on as well. So technical controls then technological controls and we want to have reviews we want to go through the process once we have our records once we have our information that we have done we want to be able to go back to it and say okay how did we do let's review this process and see if everything is functioning as it should. Now we'll go through these principles in a little bit more detail we've got the establishing responsibility and that's going to be the idea that we want to make sure that one individual is assigned for particular information so if it's the entering of the bill the bills we want to have an individual that is responsible for that information if that is not being done then we can assign responsibility and know who is responsible this does get more confusing than we might think after time we might say what type of outcomes are people responsible for and if we really dig down on it we might start saying hmm there's more than one individual that is responsible for these outcomes and therefore when we look at the measurement when we look at performance and we say performance is lower than it should be in a particular area if we don't have defined responsibility then we won't be able to know who to go to in order to improve information and we'll also have problems in terms of different people probably pointing fingers because to others because of this responsibility problem if we assign responsibility people feel more empowered over what it is that they're doing and they feel empowered when things are going well as well as responsibility when things aren't going well to improve the information. Maintain records clearly the record keeping is going to be important for many different reasons one we want to make sure that we're collecting the data so that we can go back and we can review the data that we are putting in place and see if everything is as it should be and of course if we don't have accurate records of what we have it's a lot easier for theft to happen because we won't know of it as easily if we don't have the records to keep in place in order to detect problems a good record keeping system using the double entry accounting system will also reduce greatly problems related to data input error and that'll make our whole system work better and that'll make it less likely that we will have problems and be easier than to be able to have data that we can read and make decisions on in terms of financial statements separation of duties this is going to be the idea of having different people in charge of certain operations and the goal being that it will reduce the amount of one person's ability to commit fraud by being in control of two separate items for example we want to make sure that we have different people involved with cash handling and the recording of cash and if that's the case then the person handling the cash knows that they can't really steal the cash without it being detected by the person recording the cash and the person recording the cash doesn't really have an incentive to falsify the records in any way because they don't have physical access to the cash to do that for now that of course means that these two could collude and that becomes kind of a bad word in terms of internal controls meaning they could get together and circumvent the system by colluding together in order to commit frauds that's going to be a danger of internal controls which is inherent just within internal controls and then we want to have reviews reviews of the system now when we look at reviews of the system we're really looking at oftentimes one of the goals is to see if there's compliance with the internal control system are we following all the steps and there might be a lot of steps within a certain internal control process and it could be the case where some individual might say hey you know I found a system that's faster to go from one to done pretty quickly and now the reason and and you might have to explain in that point system you want to have some outside person maybe another internal auditor someone not involved in actually processing the system preferably to go in and review the system because if we're in the system we may not realize that yeah there might be a shorter way to do it but by doing it in a shorter way we're not achieving some of the goals that we were looking for in other capacities meaning we're not safeguarding our assets as much as we could if we shortcut the process or something like that and therefore because there's an incentive to circumvent the steps and have different steps and have shorter steps if we don't enforce the internal controls we got to review them and make sure that all the steps are being gone through so that we are having effective internal controls not just in terms of what they are the planning of them but in the execution of the internal controls technology and internal controls technology is going to have some pros and cons when it goes to internal controls obviously we have more information being in a technical nature we're doing less paperwork the more the most common type of technology being the fact that we have all of our accounting information typically in some type of database program one of the benefits to that is it's going to reduce fewer errors we're going to have fewer errors as we put the information into a database program because we're not going to have those errors with just adding and subtracting information we could still punch the number in incorrectly but hopefully the double entry accounting system will help pick up some of those errors and we can do some other cross checks to pick that up but just adding and subtracting types of errors or pulling one number from one column to another is something that a computer system will do and reduce the amount of errors in regards to those types of activities more accessible information i clearly when we have the database program we can pull up different types of information much easier and the fact that we can do so means that we can go in and make reviews a lot more easy if we if we go into audit something it's a lot easier if we don't have to go into paper files and pull out all the records and take through a manual gl and a paper general ledger in order to find transactions if we can go through there and pull in this information in a relevant format from a database program that really helps us to be able to review information more often and more accurately changes in the audit trail now there could be pros and cons here obviously an automated system the goal is to have it automate as much as possible so if we're talking about a database program we're going to have a lot of transactions that the database program will do for us and therefore we won't have a person involved that could in some ways reduce like the type of paper trail that we will have whereas if we did it in a manual system we would know who'd be responsible for the entering of that data and we would know the forms that would be involved and we can have a more standard paper trail so that could be a problem however there's also types of ways that a computer-based system can account for that problem and and create different types of trails of activities to help the audit trail so there's differences there there's pros and cons but a good system is getting better at making that trail so we can see the activities happening separation of duties within within software the software can help us to separate duties because we can basically have access to different components within the software in order to separate duties so that can be very helpful for an organization in order to assign responsibility and separate what one individual can do as opposed to another individual which is one of our objectives in terms of internal controls also e-commerce of course is something that's going to be a lot more relevant to a lot of different types of companies and the technology involved is a big component in terms of why just e-commerce in and of itself is a type of industry that is picking up internal control fraud problems now there's always there's always going to be problems with internal control there's always going to be some type of problem in the system there is no perfect internal control system in other words no system that will totally reduce the the ability for fraud to happen what we can do is lessen the likelihood of fraud to happen and we can do this a lot we would think that most of time we think of that fraud will be reduced if we just have better hiring tactics if we hire better people but there's actually a lot we can do within the system within our company in order to reduce the likelihood of fraud and in order to do that we first want to get an idea of what are the components of fraud what makes fraud happen or more likely to happen and the components typically would be opportunity pressure and rationalization these are the three things that increase the likelihood of fraud opportunity of course means that there's not opportunity to or at least a perceived opportunity to to commit fraud and not be caught from the the fraud that would be committed so if we don't have good internal controls if we don't have separation of duties then it may be possible for someone to do that to actually commit fraud and have a low likelihood of being caught and therefore that would increase the likelihood of fraud to happen we need to safeguard that by one having the internal controls to make it more likely that a fraud would be caught and to be able to express that people should know that within the system and and know that and therefore their behavior of fraud will be less likely pressure obviously financial pressure being a huge component if people are under financial pressure they're much more likely to commit fraud and we just need to of course in our internal controls it's hard to know that of all of our employees what type of pressure there is but we can within our system be able to you know have a better understanding of our employees and know what type of pressure and problems are involved and the reduction of pressure will reduce the likelihood of fraud and then rationalization something that we all do uh and uh notes that rationalization is something that we typically do after decision making meaning we typically make a decision and then rationalize the decision we made and that's why fraud can escalate over time because after an activity has happened we'll rationalize it and make it probably more likely it could happen or that same behavior will be done in the future so if there becomes a culture of fraud or something like that or a culture of not catching fraud or something then it's likely that that that kind of culture can escalate to larger problems whereas if we are able to catch the fraud early then uh we are going to have less of this rationalization within the company as a as a whole and we're going to have less problems with it so rationalization is going to be a just inherent to people when uh when we have actions we tend to rationalize it how can we reduce that well we we can reduce uh we can try to catch the fraud earlier through the internal controls and show the show the the consequences of fraud and thereby uh reduce the likelihood or catching it early or reduce the likelihood of it going on for a while and thereby allowing for rationalization to take place