INTERNAL CONTROL Internal control is defined as a process effected by an organization's structure, work and authority flows, people and

management information systems, designed to help the organization accomplish specific goals or objectives. It is a means by which an organization's resources are directed, monitored, and measured. It plays an important role in preventing and detecting fraud and protecting the organization's resources, both physical (e.g., machinery and property) and intangible (e.g., reputation or intellectual property such as trademarks). At the organizational level, internal control objectives relate to the reliability of financial reporting, timely feedback on the achievement of operational or strategic goals, and compliance with laws and regulations. At the specific transaction level, internal control refers to the actions taken to achieve a specific objective (e.g., how to ensure the organization's payments to third parties are for valid services rendered.) Internal control procedures reduce process variation, leading to more predictable outcomes. AAS-6 issued by the ICAI deals with the study and evaluation of Internal Control in connection with an Audit. It defines Internal Control as All the policies and procedures adopted by the management of a concern to ensure the orderly and efficient conduct of its business. The internal auditors and external auditors of the organization also measure the effectiveness of internal control through their efforts. They assess whether the controls are properly designed, implemented and working effectively, and make recommendations on how to improve internal control. They may also review Information technology controls, which relate to the IT systems of the organization. The system of internal control is the plan of the organisation and all the methods and procedures adopted by the management of an enterprise to accomplish the following objectives: a) Execution of transactions in accordance with managements general or specific authorisation; b) prompt and correct recording of all transactions so as to enable preparation of financial information as per recognised accounting policies and practices and relevant legal requirements, if any, and to maintain accountability of assets; c) safeguarding of assets from unauthorised access, use or disposition; d) comparison of recorded assets with the existing assets at reasonable intervals so as to enable appropriate action in the case of any difference.

The effectiveness of internal control procedures depends on the environment in which the internal control system operates. But a strong environment with effective budgetary and internal audit system may not necessarily ensure an effective internal control system. The internal control environment may be affected by the following factors a) Organisation structure, i.e., delegation of authority and assignment of functions so as to facilitate the working of the internal control system. b) Management supervision, i.e., a regular review of the adequacy of the internal control system with a view to ensuring effective operation of all significant controls. Internal audit system can also take care of such review. c) Personnel, i.e., competence and integrity of the persons who are responsible for establishment and operation of the internal control system. Important Points to be Considered by an Auditor with regard to Internal Control: The auditor should review the accounting system and the related internal controls to understand the flow of transactions and the specific control procedures to identify the controls which could be relied upon during the audit, keeping in view the size of the enterprise and the extent of controls. The review will be mainly by way of enquiries addressed to personnel at various levels in the enterprise, together with reference to documentation, e.g., procedure manuals, flow charts, job descriptions, etc. In a continuing engagement, knowledge about the control procedures should be regularly updated. A certain number of representative transactions should be traced through the accounting system so as to understand the system and the related internal controls. Information relating to the internal controls may be recorded by way of narrative descriptions, questionnaires and flow charts, as the auditor deems appropriate. Preliminary review should be based on the assumption that the controls operate generally as described, and they function effectively throughout the period of intended reliance. The purpose of the review is only to identify the specific controls which can continue to be relied upon. The auditor may decide not to rely on any particular controls because of their defective design or because the effort required to test whether they are being complied with, will not be commensurate with the reduction in effort to be achieved by placing reliance on them.

Internal Control in a Hospital:

The two panels on the left represent the hospital administration. The right-hand panel represents the medical staff. For clarity, only a few of the many departmental entries have been labeled in each panel. Although the administration's exact departmental grouping varies considerably with the size and type of hospital, it basically consists of patient care services (e.g., pharmacy), depicted in the middle panel, and support services (e.g., accounting), depicted in the left-hand panel. As indicated in the right-hand panel, the medical staff is usually divided into clinical services according to the specialty branches of its member physicians (e.g. cardiology).