An analogy for internal control
I try to make the dry subject of internal control easy to understand with this analogy.
Did you put on the alarm and lock the door when you left home this morning? If you did, you not only have a sound personal ‘internal control’ system, but it is working. If you forgot to put on the alarm, your internal control system is not working properly. If you don’t have an alarm, or worse no lock on the door, your internal control system is deficient. Internal control then is the way you protect your home or in accounting jargon ‘safeguard your assets’.
Depending on how worried you are, you might want to build a three metre wall around the house, with glass and barbed wire on the top and hire armed guards to filter visitors at the gate. This is part of your internal control decision-making process. However, if someone knocks out the guard, breaks down the door to enter the house, this is equivalent to ‘fraud’ in the accounting world. Internal controls on their own do not always protect your home, neither do they prevent fraud in the corporate world.
So internal control is a simple concept, but accountants make it complicated. Protecting assets is too banal, too basic. Let’s make it complicated, they say.
Let me take just the first line of the British definition of internal control to give you an idea:
“The policies, processes, tasks, behaviours and other aspects of an organisation that taken together …” [1] and then they list a large number of actions management must take.
I don’t need to go further than that to make my point.
[1] Internal Control: Guidance for Directors on the Combined Code (1999) also known as the “Turnbull Report” was a report drawn up with the London Stock Exchange for listed companies.