Logo en.artbmxmagazine.com

Internal control in business management and economics

Anonim

The importance of control over material, financial and human resources for the recovery of the economy is unquestionable.

Within an organization the administrative process constitutes a harmonious development where the functions of planning, organization, direction and control are present.

In our country, where almost all the entities and their resources are social property, administered by state institutions, the application of control systems in all its aspects is of great importance, since to obtain results of efficiency, effectiveness and economy in business management cannot ignore the planning and application of an Internal Control System with the necessary requirements to achieve these objectives.

internal-control-in-the-business-economy-2-1

Internal control is a well-thought plot of coordination methods and measures assembled in such a way that they work in a coordinated manner with fluency, security and responsibility, guaranteeing the objectives of preserving, with maximum security, the control of resources, operations, policies administrative, economic regulations, reliability, accuracy of operations noted in primary documents and recorded by accounting. In short, it must help protect resources against fraud, waste and misuse.

  • INTERNAL CONTROL. BASIC PRINCIPLES AND CONTROL REGULATIONS.

Internal control has lacked for many years a common frame of reference, generating different expectations between businessmen and professionals. Without being clearly defined it is used in laws, rules or regulations.

To develop this chapter, we are going to base ourselves on the so-called COSO Report (Committee of Sponsoring Organization), which is also known as “The Commission of Sponsoring Organizations of the Treadway Commission”, where through the same Internal Control it was submitted to a rigorous study. COSO members include the American Institute of chartered Public Accountants (AICPA), the Financial Executives Institute (FEI), The Institute of Internal Auditors (IIA), The Institute of Management Accountants (IMA), and the American Accounting Association (AAA, which groups university accounting professors), whose aforementioned institutions enjoy recognized prestige and are directly related to Internal Control

The COSO Report is internationally considered today as an obligatory point of reference when dealing with internal control matters, both in the practice of companies and at the legislative and educational levels.

The COSO Report has a primary objective which is to establish a definition of internal control and a development of the concepts as clearly as possible, that is, it was modified in terms of its traditional approach, so that when talking about internal control all the world is talking about the same. The definitions of Internal Control, the content of its Components and its Standards, are put into effect in Resolution 297/2003 of the Ministry of Finance and Prices.

Due to the aforementioned, we consider it vitally necessary to stop to approach Internal Control from its conceptual point of view, its importance, objectives, principles and regulations, components and limitations.

  • CONCEPT, IMPORTANCE OF INTERNAL CONTROL.

Within an organization the administrative process constitutes a harmonious development where the Planning, Organization, Direction and Control functions are present. Control in its most general conception examines and censures sufficiently in advance a certain reality that it approves or corrects. This can be external, managerial and internal. It should be noted that in practice the last two converge into one.

The internal control system is developed and lives within the organization, meets and / or achieves the objectives pursued by it. The great technological advances accelerate the productive processes that unquestionably have an impact on an improvement in the fields of organization and administration, since this must be reordered to survive. Already in the late nineteenth century, the importance of control over business management was demonstrated and that it had lagged behind an accelerated production process.

Internal control owes its existence within an entity for the interest of the administration itself. No administrator wants to see losses caused by error or fraud or through erroneous decisions based on unreliable financial information. Thus, internal control is a useful tool through which the administration manages to ensure the orderly and efficient conduct of the company's activities.

The COSO in its study defines internal control as that process that is carried out by the Board of Directors, the management and the remaining group of an entity, with the purpose of granting a reasonable level of confidence in achieving the following objectives:

  • Ensure the accuracy and reliability of accounting and financial operations data, protect resources against waste, fraud or inefficient use, as well as evaluate the performance of all the administrative and functional divisions of the entity (effectiveness and efficiency of operations).Ensure compliance with the entity's economic regulatory policies.

For this reason, we can affirm that internal control is the set of mechanisms, systems, procedures and standards that ensure efficient management of the entity, the achievement of its objectives and the maintenance of its assets, in an environment of participation and integration of all those who use it and with whom they interact: customers and suppliers.

From all this it follows that internal control is the nervous system of a company as it encompasses the entire organization, serves as a two-way communication system, and is designed solely to meet the needs of a specific company. It includes much more than the accounting system and covers things such as: employment and training practices, quality control, production planning, sales policy and internal audit. Every operation has internal control implicit. The worker executes it without realizing that he is an active member of its execution. When a process is executed, the concept of control must work within it.

The internal control system is developed and lives within the organization, with pre-established procedures or forms that ensure its internal structure and behavior; It must also have an ideal human group for the functions to be performed.

The definition of Internal Control above reflects the following fundamental concepts:

Internal Control is a process, where a group of structured and coordinated actions is carried out, which are aimed at achieving an end. It has a higher degree of efficiency when they are inserted into the processes and complement each other as an inseparable part of the entity.

Internal Control is performed by people at each level of the entity. Well, from the management of the entity to the last worker they must feel part of it, in this way each of them will be able to acquire a high degree of awareness when evaluating risks, applying controls and being in a position to respond appropriately to it.. Well, it is impossible for the entity to be in a position to know all those risks to which it is exposed at any time.

Internal control will only provide a reasonable degree of security to the entity's management, so knowing its limitations, the achievement of the objectives can be guaranteed.

Internal control cannot be a restrictive element, but rather enables processes, allowing and promoting the achievement of objectives in one or more independent areas, but with common elements.

  • PURPOSE OF INTERNAL CONTROL.

The objectives can be classified and focused for analysis in three categories:

  • Operations Objectives.

They refer to the effective and efficient use of resources in the entity's operations. They are the raison d'être of companies and are aimed at achieving the corporate purpose. Thus constituting the most important part of the entire process of building strategies and allocating available resources. Therefore, it is of utmost importance that the objectives are coherent and realistic. They constitute elements of management and not of internal control, despite being a prior basis for it. This group of objectives is peculiar to each entity, but not the other two that, with some changes, are applicable to all entities. The achievement of operational objectives is not always under the control of the entity.Internal control is not capable of preventing some external events that may prevent the achievement of operational goals, but it can provide a reasonable level of assurance that the administration is informed at the precise moment of the level of progress in achieving these objectives.

  • Objectives related to financial information.

These are framed in the preparation and publication of reliable financial statements, whose factor is of utmost importance in relations with the outside, in addition to being an important element of internal management, which is why reliable financial information is an important objective to comply.

For the financial statements to be reliable, they must follow the following requirements:

  • Have accounting principles accepted and appropriate to the circumstances Possess sufficient and appropriate financial information, suitably summarized and classified Present the economic facts in such a way that the financial statements adequately reflect the financial situation, results of operations and cash flows sources and applications of resources in an appropriate and reasonable manner.

    The statements underlying the financial statements are: Existence: Assets and liabilities exist at the balance sheet date and the transactions accounted for have actually occurred during a certain period. Totality: All transactions and events that occurred during a certain period have been effectively reflected in the accounting records.Rights and obligations: The assets are the rights and the liabilities the obligations of the entity.Valuation: The amount of assets and liabilities and the amount of income has been determined with appropriate criteria in accordance with accounting principles generally Accepted Presentation: The financial information presented in the financial statements is sufficient, adequate and correctly classified.

Compliance Objectives. They refer to the entity's compliance with laws and regulations. Every entity must carry out its activity within the framework of the legality and regulations that regulate aspects of social relations, such as: commercial, civil, labor, financial, environmental, and security regulations, among others. Failure to comply with them may cause problems and may affect their prestige. Each entity must establish its own compliance objectives within which to move.

After knowing the internal control objectives, we can say that an objective can belong to more than one category. In any case, there must be a coherent structuring of objectives, classifying them by their importance and recognizing their interconnections and derivations.

A group of objectives of special interest is the one referred to “the safeguarding of assets”, which is included within the operational objectives, within which the efficient use of resources is present, avoiding inefficiencies, losses or embezzlement. They may relate to compliance objectives or objectives related to financial reporting. Internal control should ensure that there is an appropriate level of information on the achievement of operational objectives.

Interrelationships of the three types of objectives. The previous categories overlap, a target can belong to more than one category. The achievement of some objectives may be conditioned to the achievement of others, but in any case there must be a coherent structuring of objectives, classifying them by their importance and recognizing the interrelationships and derivations of them.

A group of objectives of notable interest is that related to the safeguarding of assets, which would be included within operational objectives, which include the efficient use of resources, avoiding inefficiencies, losses or embezzlement. These objectives may be related to compliance objectives or objectives related to financial reporting, for example: it is necessary to maintain appropriate control over losses that occur in inventories, to reflect them adequately in accounting records. Note that the old definition of internal control included the objective of properly reflecting transactions in accounting records and safeguarding assets. The COSO Report has transferred the safeguarding of assets to operational objectives,within the context of broader definition of internal control.

Internal control is responsible for ensuring that there is an appropriate level of information on the achievement of operational objectives. Information systems are closely related to operational and financial reporting objectives.

1.3 ADMINISTRATIVE CONTROL AND ACCOUNTING CONTROL.

The different coordinated and integrated actions that are carried out by all the activities of the organization can be classified according to the objectives or goals that each of them can achieve, but always keeping in mind that they are not isolated elements, which are part of a process and that are interrelated with other actions that in turn are integrated with the different management processes.

Taking into account the interests of the auditor for the evaluation of Internal Control and that in essence the external auditor is interested in giving his opinion regarding the reliability of the financial statements, it is still vitally necessary to differentiate the actions that make up the internal control process; They can be classified into administrative control: Operational and strategic and accounting control.

Administrative control is made up of: operational control and strategic control. Administrative control, which is called by some authors as operational, has so far been identified as the organization's plan and all methods and procedures related to operational efficiency and adherence to management policies.

Taking into account the conceptualization that the COSO report exposes about internal control and in the increasingly widespread use of strategic direction, administrative control can be defined as all the coordinated and integrated actions that are executed by people (from the Council (up to any member of the organization), at each level of the entity to grant a reasonable degree of confidence in achieving the objectives of efficiency and effectiveness of operations, strategic objectives and compliance with applicable laws and regulations. Where subgroups such as:

  1. Operational control. Controls, understood as structured and coordinated actions, to achieve a reasonable level of confidence in compliance with applicable legislation in the operational area, and in achieving the expected levels of economy, efficiency and effectiveness in operations and in the protection of assets.
  1. Strategic control: Process that includes the coordinated and integrated actions of the entity's units or activities, to achieve a reasonable level of security in the success of the strategies formulated.

Accounting Control are those actions structured, coordinated and integrated into the basic management processes of planning, execution and supervision with the purpose of granting a reasonable degree of reliability over financial information. These actions are made up of the accounting controls and procedures established for this purpose.

Internal controls are most effective when incorporated into an organization's infrastructure and become part of its most elementary activity. They should not hinder, but behave positively in achieving the objectives.

However, for its implementation, the cost benefit of the internal control system has always been taken into account, as well as the limitations inherent in any system.

1.4 PRINCIPLES AND REGULATIONS OF INTERNAL CONTROL.

As we have previously stated, internal control includes the organization plan, the set of properly classified and coordinated methods, the measures taken in an entity to ensure its resources, promote the accuracy and reliability of accounting information, support and measure the efficiency of operations and compliance with plans, as well as encourage compliance with established rules, procedures and regulations.

The implementation of internal control measures, as well as the systematic performance of controls and the application of divisions to eradicate deficiencies in order to achieve increased economic efficiency and quality and the positive result of the activities carried out by each entity.

In order to establish an effective internal control system, the organization of the entity must be previously taken into account on the basis of certain principles, among which the fundamental ones are the following:

  • Division of labour.

In no case will a single person have full control of an operation, to process each type of transaction the internal control must go through four separate stages:

In such a way that it guarantees that those responsible for the custody of the media and the preparation of the primary documents do not have the authority to approve them and that both do not have the function or possibility of making entries in the accounting records in this way the work of one person is verified by another who works independently and at the same time verifies the operation performed, making it possible to detect errors.

  • Liability setting.

Guarantee that the procedures inherent to the control of economic operations, as well as the preparation and approval of the relevant documents, allow determining, in all cases, the primary responsibility for all the entries and operations carried out.

The functions of each area must be provided, as well as the consequent responsibilities of each one of the members of the same, taking into account that the authority is delegable, not being the responsibility.

  • Charge and discharge.

It must be ensured that all resources or services received or delivered are registered, that is, that the charges of everything that enters and discharges of everything that comes out are counted, which will serve as documentary evidence that specifies who executed, approved, registered and verified.

It should be made clear in what form and when an account receives credits and debits, which is why any entry that does not obey the rules of an account must be investigated in detail.

The supervision of the operations reflected in each account and subaccount or analysis in a systematic way, by independent personnel to whom such annotations are made, will allow observing if the registered operations correspond to the content of each account.

It is also convenient to apply the practice of rotating workers in their different jobs taking into account their knowledge and occupational level, which limits the risks of the commission of frauds, making their discovery viable in the event of these occurring and also has the advantage of increase work efficiency by achieving more comprehensive training.

For an Accounting System to guarantee efficient internal control, the following must happen:

  1. Every company before starting its operations must have its organization defined correctly, as a minimum it must have:
    • Organization chart Manual of functions by positions.
    Fundamentally, the accounting and treasury functions must be well defined, in addition to their relationships and points of convergence being well segregated and established. which means that it must have absolute independence of opinion before the rest of the company's officials.Every entity classified as medium or large according to its economic activities, must have the internal audit function, directly subordinate to the first-class official level of the organization, to which it must report. Internal intervention basically consists of periodically checking the internal control mechanisms established in accounting procedures.The entity must have, before the start of its operations, an account classifier detailing the chart of accounts that accounting uses to record economic events, the economic content of each account with the details of its fundamental credits and credits, and the system information that the accounting periodically issues to the management of the company, to economically direct it. Another management document that the entity must have before the start of its operations is the manual of accounting procedures and internal control, in which They will describe the accounting procedures and the internal control requirements to which each described operation is subject, with the aim of its checking and comparison. The periodic information system must provide management with the appropriate instrument to direct,It must provide, among other things, the following:
    • Significant variations with normal figures Budgets or previous periods.

These periodic statements must be reviewed and discussed with the Board of Directors, Executive Committee, President, Treasurer, Heads of Departments, etc., with a view to making economic decisions aimed at greater effectiveness of the company.

  1. For efficient management, the institution must have the following elements:
    • Cost Control System Budgetary control of costs and expenses. Analysis of the interpretation of both.

The cost system is a document that contains the set of methods, rules and procedures that govern the determination and analysis of the cost, as well as the process of recording the expenses of one or more activities. This system must guarantee the information requirements for a correct direction of the entity.

  1. The budgetary control establishes the comparison of the actual execution with the forecast or budget, determining the deviations and their causes. The analysis of the costs and the budget allows the adoption of concrete measures to eradicate the negative effects of the deviations. The entity must have Defined the general policy regarding insurance coverage, as well as the definition of the official in charge of the periodic review of said coverage. This should define the format of the daily vouchers, the way they should be justified and the person and position of the official who approves them. If you have branches, control over them should be similar to that of the parent company in terms of internal interventions.It must be established that all officials and administrative employees take annual vacations and that in that period they are replaced by other officials or employees, as the case may be. In the possession of an official there must be a calendar or file of dates relative to the expiration of tax payments. and special reports and the terms for claims. The main shareholders or executive officers of the company, should be obliged to declare their links with other companies with which the first has business. Compilation of the Rules and Procedures to apply, based on the regulations issued by global and branch organizations, as well as those specific to each entity, attending to the particularities of their activity and the requirements of their organization and management.Design of the set of models and documents that need to be used in the entity, both for common use that establish relationships with third parties, and those that support internal operations, as well as those for specific use, according to the peculiarities of the activities that they develop, including their corresponding methodologies and foreseeing the adequate filing and conservation of the same, according to the regulations that in the matter of prescription are legislated for this purpose. Establishment of the Internal Information System compatible with the General Information System in force for the entire economy, which ensure analysis needs at every level.as well as those for specific use, according to the peculiarities of the activities they carry out, including their corresponding methodologies and providing for the proper filing and preservation of them, according to the regulations that are prescribed for this purpose. Internal Newsletter compatible with the General Information System in force for the entire economy, which guarantees the analysis needs at each level.as well as those for specific use, according to the peculiarities of the activities they carry out, including their corresponding methodologies and providing for the proper filing and preservation of them, according to the regulations that are prescribed for this purpose. Internal Newsletter compatible with the General Information System in force for the entire economy, which guarantees the analysis needs at each level.that guarantees the analysis needs at each level.that guarantees the analysis needs at each level.

1.5 COMPONENTS OF INTERNAL CONTROL.

Adopting more advanced and rigorous systems, assimilable by the economy of the entities, will also influence the management style, taking into account that our entities are not subject to a single owner or a small group of them and that, therefore, they are obligated to a necessary feedback of the internal control systems and of the provisions and regulations established by the competent organs and agencies of the State.

The control elements are:

  • Control Environment. Risk Assessment. Control Activities. Information and Communication. Supervision.

These definitions of the Internal Control components, with a strategic focus on the development of the entities, must include norms or procedures of a general nature to be considered in the design of the Internal Control Systems in each entity, accompanied by control criteria and evaluation in some areas of the organization.

  • Control environment.

The control environment or environment constitutes the fundamental point for the development of actions and reflects the attitude assumed by senior management in relation to the importance of internal control and its impact on the entity's activities and results, so it must have present all the provisions, policies and regulations that are considered necessary for its successful implementation and development.

The Control Environment sets the tone for the organization by influencing staff awareness. This can be considered as the basis for the other components of internal control.

The entity's management and internal auditor are in charge of creating an adequate environment through an effective organizational structure, sound administration policies, and thus laws and policies are better assimilated by the worker.

The Control Environment is the basis for the development of the rest of the elements, its key foundations are:

  • The integrity, ethical values, professional competence and commitment of all the components of the organization, as well as their adherence to the established policies and objectives. The philosophy and style of management. The structure, the organization plan, the regulations and procedures manuals, forms of assigning responsibilities and personnel administration and development, the degree of documentation of policies and decisions, and the formulation of programs that contain goals, objectives and performance indicators, in organizations that justify it, the existence of Internal Audit Units with a sufficient degree of independence and professional qualification.

Standards for the Control Environment.

  • Integrity and ethical values.

The highest authority of the body must seek, disseminate and monitor the observance of ethical values ​​and the Regulation of the Tables of the State and Government accepted, which constitute a solid moral foundation for its management and operation.

Ethical values ​​are essential for the Control Environment. The Internal Control System is based on ethical values, which define the conduct of those who operate it. These ethical values ​​belong to a moral dimension and, for this reason, they go beyond mere compliance with the Laws, Decrees, Regulations and other legal provisions.

Behavior and moral integrity find their sustenance in the culture of the organism, what determines, how things are done, what norms and rules are observed and if they are avoided. The top management of the entity, in creating an appropriate culture for these purposes, the top management of the entity plays a main role, since by example it will help to develop or destroy this requirement of internal control on a daily basis.

  • Professional competence.

Leaders, officers and other workers must be characterized by having a level of competence that allows them to understand the importance of developing, implementing and maintaining appropriate internal controls, that is, they must have a level of professional competence in relation to their responsibilities, understanding Sufficiently, the importance, objectives and procedures of internal control, as well as ensuring the qualification and competence of all leaders and other workers.

Management must specify the level of competence required for the various tasks and translate it into knowledge and skill requirements. Personnel hiring methods must ensure that the candidate has the level of preparation and experience, adjusted to the requirements of the position. Once incorporated, the entity must receive the necessary orientation, training and training in a practical and methodical way.

  • Atmosphere of mutual trust.

For control, a level of mutual trust between people is essential, which contributes to the flow of information that people need to make decisions and take action. It also fosters the cooperation and delegation required for an effective performance aimed at achieving the entity's objectives. Trust is based on security regarding the integrity and competence of the other person or group.

Open communication creates and depends on trust within the entity. A high level of trust encourages you to ensure that any topic of importance is known to more than one person. Sharing such information strengthens control, reducing dependence on judgment, ability, and the presence of a single person.

Every entity must develop an organizational structure that meets the mission and objectives, which must be formalized in an organization chart. The organizational structure, formalized in an organization chart, constitutes the formal framework of authority and responsibility in which the activities that are carried out in compliance with the organism's objectives are planned, carried out and controlled.

The important thing is that your design adjusts to your needs, providing the appropriate organizational framework to carry out the strategy designed to achieve the set objectives. The appropriateness of the organizational structure may depend, for example, on the size of the entity. Highly formal structures that meet the needs of a large entity may not be advisable in a small entity.

  • Assignment of authority and responsibility.

Every entity must complement its organizational chart with an organization and functions manual, in which responsibility, actions and positions must be assigned, while establishing the different hierarchical and functional relationships for each of these.

The Control Environment is strengthened to the extent that the members of an entity clearly know their duties and responsibilities. This encourages the use of initiative to confront and solve problems, always acting within the limits of its competence.

There is a new trend of shifting authority to the lower levels, so that decisions remain in the hands of those closest to the operation. A critical issue of this trend is the limit of delegation: you have to delegate as much as necessary, but only to improve the probability of achieving the objectives.

Any delegation of authority contributes to the need for chiefs to review and approve, as appropriate, the work of their subordinates and for both to be held accountable for their responsibilities and tasks.

It also requires that all personnel know and respond to the entity's objectives. It is essential that each member of it knows how their action interrelates and contributes to achieving the general objectives.

To be effective, an increase in the delegation of authority requires a high level of competence in the delegates, as well as a high degree of personal responsibility. In addition, effective management and results monitoring processes must be applied by management.

  • Personnel policies and practices.

The management and treatment of the entity's personnel must be fair and equitable, clearly communicating the expected levels of integrity, ethical behavior and competition.

The procedures for hiring, induction, training and training, qualification, promotion and discipline, must correspond to the purposes stated in the policy.

Personnel is the most valuable asset that any entity possesses and must be treated and conducted in such a way that its highest performance is obtained. Your personal satisfaction in the work you do must be sought, tending to consolidate yourself as a person and enrich yourself humanly and technically.

Management assumes its responsibility in this regard, at different times; selection, by establishing adequate knowledge, experience and integrity requirements for the incorporations to the entity; induction, by caring for new employees to be methodically familiar with the body's customs and procedures; training, by insisting that they be properly trained for the proper performance of their responsibilities; rotation and promotion, by ensuring that organizational mobility works that means the recognition and promotion of the most capable and innovative; sanction, when applying, when appropriate, the disciplinary measures that transmit rigorously that deviations from the planned path will not be tolerated.

  • Control Committee.

A control committee made up of at least one top-level leader and the chief internal auditor must be established in each entity, whenever conditions allow. Its general objective is to monitor the proper functioning of the Internal Control System and its continuous improvement.

The existence of a Committee with such objective, reinforces the Internal Control System and contributes positively to the Control Environment. For its effective performance, it must adequately integrate with members who generate respect for their capacity and comprehensive career, who exhibit an appropriate degree of knowledge and experience that allows them to support the entity's management through their guidance and supervision.

Control Environment Assessment.

Knowledge and conscious acceptance of the written standards (Codes of Conduct) and Ethics established in the entity, which must include issues related to generally accepted business practices, conflicts of interest and expected levels of ethical behavior.

Check that the responses are efficient and forceful in cases of actions that do not comply with the established rules, based on the provisions of current legislation. Verify that corrective measures are communicated so that they are known by the entire entity.

Compliance with the procedures for the selection, training, formation, evaluation and promotion of the necessary human resources in the entity, as well as the content of each job position and activities that are linked to it are clearly and explicitly defined.

Evaluate whether the organizational structure is appropriate to the size of the entity, type of activity and approved objectives, if the lines of responsibility and authority are defined, as well as the channels through which the information flows.

Assess the use of correct management styles at any of the hierarchical levels of the entity, with respect to the internal control procedures implemented. Verify that the control committee works properly and contributes to the continuous improvement of the Internal Control System implemented.

  • Risks evaluation.

Internal control has been designed essentially to limit the risks that affect the activities of the entities. Through the investigation and analysis of the relevant risks and the extent to which the current control neutralizes them, the vulnerability of the system is evaluated. For this, practical knowledge of the entity and its components must be acquired as a way of identifying weak points, focusing on the risks of both the entity (internal and external) and the activity.

It should be remembered that the control objectives must be specific, as well as adequate, complete, reasonable and integrated with the overall objectives of the institution.

Once risks are identified, your analysis should include:

  • An estimate of their importance and significance. An assessment of probability and frequency. A definition of how they will be managed. Changes in the environment. Redefinition of institutional policy. Reorganizations or internal restructuring. Recruitment of new employees or rotation of existing ones. New systems, procedures and technologies. Acceleration of growth. New products, activities or functions.

Rules for risk assessment.

  • Identification of the risk.

The relevant risks that an entity faces in achieving its objectives must be identified, whether they are of internal origin, that is, caused by the entity taking into account the specific activity or its internal characteristics in the operation, as external that are the elements outside the organization that affect, to some extent, the fulfillment of its objectives.

Risk identification is an interactive process, and generally integrated into strategy and planning. In this process it is convenient to "start from scratch", that is, not to rely on the risk scheme identified in previous studies.

Its development must include carrying out a risk analysis, which includes the specification of the key domains or points of the organization, the identification of general and specific objectives and the threats and risks that can be faced.

A domain or key point of the entity can be:

  • A process that is critical to their survival. One or more activities that are responsible for part of important provision of services to citizens. An area that is subject to laws, decrees or regulations of strict compliance, with threats of severe penalties for non-compliance. An area of ​​vital strategic importance for the Government (Example: defense, advanced technological research).

When determining these key activities or processes, strongly linked to the entity's objectives, it should be borne in mind that there may be some of these that are not formally expressed, which should not be an impediment to their consideration. The analysis is related to the criticality of the process or activity and the importance of the objective, regardless of whether it is explicit or implicit.

There are many sources of risk, both internal and external. By way of illustration only, the following may be mentioned:

  • Technological developments that, if not adopted, would lead to obsolescence of the organization, changes in the needs and expectations of the population, changes in legislation and regulations that lead to forced changes in strategy and procedures, changes in the economic and financial scenario that impact in the entity's budget, its sources of financing and its possibility of expansion.

Among the inmates, we can mention:

  • The organizational structure adopted, given the existence of typical inherent risks, both in a centralized model and in a decentralized one; The quality of the incorporated personnel, as well as the methods for their instruction and motivation. The very nature of the entity's activities.

Once the risks at the entity level have been identified, a similar process should be practiced at the program and activity level. Consequently, it will be considered a more limited field, focused on the components of the key areas and objectives identified in the entity's global analysis.

  • Risk estimation.

The frequency with which the identified risks will be presented must be estimated, as well as the probable loss that they may cause.

Once the risks have been identified at the institution and program or activity level, they should be analyzed. The methods used to determine the relative importance of risks can be diverse, and will include as a minimum:

  • An estimate of its frequency, that is, the probability of occurrence. An assessment of the loss that could result.

In general, those risks whose occurrence is estimated as low frequency do not justify major concerns, on the contrary, those that are considered high frequency should deserve preferential attention. Among these extremes are cases that must be carefully analyzed, applying high doses of good judgment and common sense.

There are many risks that are difficult to quantify and, at most, lend themselves to ratings of "large," "moderate," or "small." but it must not yield to the widespread inclination to quickly conceptualize them as "not measured." In many cases, with reasonable effort, a satisfactory measurement can be achieved.

This can be expressed mathematically in the so-called Exposure Equation:

PE = F x V

Where:

PE = Expected Loss or Exposure, expressed in pesos and annually.

F = Frequency, probable times that the risk materializes in the year.

V = Estimated loss for each case in which the risk materializes, expressed in pesos

  • Determination of control objectives.

After identifying, estimating and quantifying the risks, the top management and those responsible for other areas must determine the specific control objectives and, in relation to them, establish the most convenient control procedures.

Once the top management and those responsible for other areas have identified and estimated the level of risk, measures should be taken to deal with it in the most efficient and economic way possible.

The entity's specific control objectives must be established, which will be adequately articulated with its own global and sectoral objectives. Based on the determined control objectives, the measures or safeguards that are considered most effective at the lowest cost will be selected to minimize exposure.

  • Detection of change.

Every entity must have procedures capable of capturing and timely reporting the changes registered or imminent in the internal and external environment, which may conspire against the possibility of achieving its objectives under the desired conditions.

A fundamental stage of the Risk Assessment process is the identification of changes in the environmental conditions in which the entity carries out its action. A control system may cease to be effective by changing the conditions in which it operates.

An information system capable of capturing, processing and transmitting information related to the facts, events, activities and conditions that cause changes to which the entity must react is required.

By way of example, some conditions are listed that should deserve particular attention:

  • Changes in the external context: legislation, regulations, adjustment programs, technology, changes in authorities, etc. Accelerated growth: an entity that grows at a too rapid rate is subject to many internal tensions and external pressures. New lines of products or services: the investment in the production of new goods or services generally cause imbalances in the Internal Control System, which must be reviewed. Reorganizations: generally mean reductions in personnel that cause, if not rationally practiced, alterations in the separation of functions and at the supervisory level. Creation of the information system or its reorganization: it can generate a period of excess or defect in the information issued, causing in both cases the probability of making incorrect decisions.

Risks evaluation.

Check the existence of suitable procedures to anticipate risks, identify them, estimate their importance, evaluate their probability or frequency and react to events or changes (routine or not) that influence the achievement of the planned objectives, both from internal and external sources., as well as at the company level and the most important units or functions (sales, production, finance, human resources, etc.).

At company level

External factors

New technologies, products, services or activities.

Changes in the needs and expectations of the population.

Modification in legislation and regulations.

Changes in the country's economic-financial scenario or in the international context.

Internal factors

Existing organizational structure.

Quality of the incorporated personnel, as well as the methods for their instruction and motivation.

Internal restructuring.

Information systems.

The very nature of the company's activities.

Verify the existence of policies and performance criteria defined by the management and communicated to the corresponding levels within the entity, referring to:

Transaction authorization.

Transaction approval.

Process and registration of operations.

Classification of operations.

Verification and evaluation of the accounting record.

Physical safeguarding of assets.

  • Control Activities.

Control activities are procedures that help ensure that management's policies are carried out, and must be related to the risks that management has determined and assumes.

Control activities are carried out at all levels of the organization and in each of the stages of management, starting from the elaboration of a risk map, knowing the risks, controls intended to avoid or minimize them are provided.

In many cases, control activities designed for one objective often help others as well: operational ones can contribute to those related to the reliability of financial information, these to regulatory compliance, and so on.

In turn, in each category there are different types of control:

  • Preventive and corrective, automated or computer manuals, managerial or executive.

At all levels of the entity there are control responsibilities and it is necessary for the agents to individually know which ones are their responsibility, for this purpose these functions must be clearly explained to them.

The questions set out below show the comprehensiveness of control activities, seeing them in their most general sense, although they do not constitute all of them.

  • Analysis carried out by the management. Follow-up and review by those responsible for the various functions or activities. Verification of the transactions regarding their accuracy, completeness, pertinent authorization: approvals, reviews, comparisons, recalculations, consistency analysis, pre-enumerations. Physical patrimonial controls: tonnage, reconciliations, counts. Security devices to restrict access to assets and records. Segregation of duties. Application of performance indicators.

We consider that this component should include all the regulations in force in the country referring to the Internal Control Subsystems. Below we show a set of minimum activities to include in an Internal Control Procedures Manual to be drawn up in the entities, respecting the general rule that the specific characteristics of the entity must be taken into account.

Control Activities Standards.

  • Separation of tasks and responsibilities.

The essential tasks and responsibilities related to the treatment, authorization, recording and review of transactions and events must be assigned to different people.

The purpose of this standard is to seek a suitable balance of authority and responsibility within the organizational structure.

By preventing the fundamental issues of a transaction or operation from being concentrated in the same person or sector, the risk of errors, waste or illegal acts is noticeably reduced and the probability that they will be detected is increased.

In small entities, it is necessary to establish a balance between this separation of tasks and responsibilities and the benefit that can be obtained from them, without neglecting what it would cost us to divide functions, so it would be necessary to reinforce the activity of supervision and monitoring.

  • Coordination between areas.

Each area or subarea of ​​the entity must operate coordinated and interrelated with the other areas or subareas. In an entity, the decisions and actions of each of the areas that comprise it require coordination. For the result to be effective, it is not enough that the units that compose it achieve their own objectives; rather, they must work together so that those of the entity are reached in the first place.

Coordination improves integration, consistency and responsibility and limits autonomy. Sometimes a unit must sacrifice its effectiveness to some extent to contribute to that of the entity as a whole.

Consequently, it is essential that officials and employees consider the implications and repercussions of their actions in relation to the entity. This involves consultations within and between entities.

  • Documentation.

The internal control structure and all significant transactions and events must be clearly documented, and the documentation must be available for verification.

Every entity must have the documentation referring to its Internal Control System and the pertinent questions of transactions and significant events.

Information on the Internal Control System can be included in its policy formulation and, basically, in the aforementioned manual, it will include data on control objectives, structure and control procedures.

  • Defined levels of authorization.

The relevant acts and transactions can only be authorized and executed by leaders, officials and other workers acting within the scope of their powers.

Authorization is the ideal way to ensure that only acts and transactions are carried out that have the agreement of the management. This conformity supposes its adjustment to the mission, the strategy, the plans, programs and budgets.

The authorization must be explicitly documented and communicated to the authorized persons or sectors. These must execute the tasks assigned to them, in accordance with the guidelines, and within the scope of competence established by the regulations.

  • Timely and adequate registration of transactions and events.

Transactions and events that affect an entity must be recorded immediately and properly classified.

Transactions or events must be recorded, at the time of their materialization or as soon as possible, to guarantee their relevance and usefulness. This is valid for the entire process or cycle of the transaction or event, from its beginning to its conclusion.

Likewise, they must be classified properly so that, once processed, they can be presented in reports and financial statements with reasonable balances, facilitating decision-making for managers and managers.

  • Restricted access to resources, assets and records.

Access to resources, assets, records and vouchers must be protected by security mechanisms and limited to authorized persons, who are required to sign the Accountability Acts to account for their custody and use.

All valuable assets must be assigned to a person in charge of their custody and have adequate protections, through insurance, storage, alarm systems, access passes, etc.

In addition, they must be duly registered, and periodically, physical stocks will be compared with accounting records to verify their coincidence. The frequency of the comparison depends on the vulnerability level of the asset.

These protection mechanisms cost time and money, therefore, in determining the intended level of security, the emerging risks, among others theft, waste, misuse, destruction, must be weighed against the costs that may arise from control.

  • Rotation of staff in key tasks.

No employee should be in charge, for a long time, of the tasks that present a greater probability of committing irregularities. Employees in charge of these tasks must periodically be employed in other functions.

Although the Internal Control System must operate in an environment of ethical solidity, it is necessary to adopt certain protections to avoid events that may lead to acts that are contrary to the body's code of conduct.

In this sense, rotation in the performance of key tasks for security and control is a mechanism of proven effectiveness and often not used by the mistaken concept of the "indispensable man".

  • Control of the information system.

The information system must be controlled in order to guarantee its correct operation and ensure process control of the various types of transactions.

The quality of the decision-making process in an entity rests heavily on its information systems. An information system encompasses quantitative information, for example, performance reports that use indicators, and qualitative information regarding opinions and comments. The system must have security mechanisms that reach the entrances, processes, storage and exits.

The information system must be flexible and subject to rapid changes to meet changing management needs in a dynamic reporting and operating environment. The system helps control all of the entity's activities, record and monitor transactions and events as they occur, and maintain financial data.

Application system control activities are designed to control the processing of transactions within application programs and include associated manual procedures.

  • Control of information technology.

Information technology resources must be controlled in order to guarantee compliance with the information system requirements that the entity needs to achieve its mission.

The information required by the entity's activities is provided through the use of information technology resources, which include: data, application systems, associated technology, facilities and personnel.

The administration of these resources should be carried out through naturally grouped information technology processes, in order to provide the necessary information that enables each worker to fulfill their responsibilities and monitor compliance with policies. In order to ensure compliance with the requirements of the information system, appropriate control activities must be defined, implemented, supervised and evaluated.

Information system security is the control structure to protect the integrity, confidentiality, and availability of data and information technology resources.

The general control activities of information technology apply to the entire information system, including all of its components, from the processing architecture of large computers, mini computers and networks, to the management of processing by the end user. They also cover manual measures and procedures that guarantee the continuous and correct operation of the information system.

  • Indicators of performance.

Every entity must have performance measurement methods that allow the preparation of indicators for its supervision and evaluation.

The information obtained will be used for correcting courses of action and improving performance.

The management of an entity, program, project or activity must know how it is going towards the objectives set to maintain control of the course, that is, to exercise control.

A system of indicators elaborated from the emerging data of a performance measurement mechanism will contribute to the support of decisions.

The indicators should not be so numerous that they become unintelligible or confusing, nor so few that they do not reveal the key issues and the profile of the situation under review.

Each entity must prepare a system of indicators adjusted to its characteristics, that is, size, production process, goods and services it delivers, level of competence of its leaders and other elements that distinguish it. The system can be made up of a combination of quantitative indicators, such as budgeted and qualitative amounts, such as the level of user satisfaction.

Qualitative indicators must be expressed in a way that allows for their objective and reasonable application. For example: an indirect measurement of the degree of user satisfaction can be obtained by the number of complaints.

  • Independent Internal Audit Function.

The entities' internal audit unit must report to their highest authority and their functions and activities must remain detached from the operations subject to their examination.

The internal audit units must provide their services to the entire entity. They constitute a "security mechanism" with which the highest authority has to be informed, with reasonable certainty, about the reliability of the design and operation of its internal control system.

This internal audit unit, depending on the superior authority, can carry out the analyzes, inspections, verifications and tests that it deems necessary in the different sectors of the entity, independently of these, since its functions and activities must remain detached from operations. subject to examination.

Thus, the internal audit monitors, on behalf of the higher authority, the proper functioning of the system, timely informing the latter about its situation. For their part, the mechanisms and procedures of the Internal Control System protect specific operational issues to provide reasonable assurance of success in the effort to achieve the organization's objectives.

Evaluation of the Control Activities component.

Verify that the responsibility to authorize, execute, register and verify a transaction is duly segregated and differentiated (as far as is rationally possible), taking into account the necessary coordination between the different areas of responsibility defined in the entity.

Verify the timely registration and classification of important transactions and events, taking into account the importance, relevance and usefulness that this has for the fair presentation of the balances in the financial statements.

Check the realization of physical and periodic counts of the assets and their reconciliation with the accounting records.

Evaluate the quality and compliance of the rotation plans in the performance of the key tasks of the personnel involved.

Verify that the management carries out periodic and systematic analyzes of the results obtained, comparing them with previous periods, with the approved budgets and plans and other levels of analysis that are useful to them.

Evaluate the use of the system of performance indicators implemented in the entity for the implementation of corrective actions that reduce or eliminate significant deviations.

Assess the operation, use and respect for the results of the Internal Audit.

Verify compliance with information technology controls regarding:

  • Physical security of information equipment. Access controls. Software controls. Controls for data processing operations. Controls on application development and maintenance. Application controls.

Review that the prepared prevention plan has taken into account the diagnosis of internal risks or potential dangers, the analysis of the causes that provoke or propitiate it and the proposed measures to prevent or counteract its occurrence.

Verify that the prevention plan, in each of the actions, defines the execution time or moments, the executors and those responsible for their control.

  • Information and communication.

The relevant information must be captured, processed and transmitted in such a way that it reaches all sectors in a timely manner and allows individual responsibilities to be assumed.

Communication is inherent to information systems. People must know, in time, the issues related to their management and control responsibility. Each function must be clearly specified, understanding as such the issues related to the responsibility of individuals within the Internal Control System.

Reports must be conveyed appropriately through effective communication, including a multidirectional flow of information: bottom-up, top-down, and cross-sectional. The existence of open lines of communication and a clear will to listen, by the leaders, are vital.

In addition to good internal communication, effective external communication that favors the flow of all the necessary information is important and, in both cases, it is important to have effective means, such as policy manuals, reports, institutional dissemination, formal and informal channels, the attitude assumed by management in dealing with their subordinates. An entity with a history based on integrity and a strong culture of control will have no communication difficulties. Action speaks louder than words.

Information and Communication Standards.

  • Information and responsibility.

The information must enable officials and employees to fulfill their obligations and responsibilities. The pertinent data must be identified, captured, registered, structured in information and communicated, in a timely manner.

An entity must have a fluid and timely flow of information regarding internal and external events. For example, you need to be aware of user requirements promptly to provide timely responses or changes in laws and regulations that affect you. Similarly, you must have constant knowledge of the situation of your internal processes.

The risks faced by an entity are reduced to the extent that decision-making is based on relevant, reliable and timely information. The information is relevant to a user, insofar as it refers to issues within his responsibility and that he has sufficient capacity to appreciate its significance.

The supervision of the performance of the entity and its component parts, operates through information processes and demands for formal and informal responsibilities. The culture, size and organizational structure have a significant influence on the type and reliability of these processes.

  • Content and flow of information.

The information must be clear and with a degree of detail adjusted to the level of decision-making. It should refer to both external and internal situations, financial and operational issues.

In the case of the executive and managerial levels, the reports must relate the performance with the objectives and goals set. The information flow must circulate in all directions: ascending, descending, horizontal and transversal.

It is fundamental for the management and control of the entity to have satisfactory information, in time and in the necessary place, and therefore, the design of the information flow and its subsequent adequate operation should be central concerns for those responsible for the entity, for decision making, if nothing would do.

  • Quality of the information.

The information available in the entity must meet the attributes of: appropriate content, timeliness, updating, accuracy and accessibility. This standard raises questions to consider in order to form judgments about the quality of the information that an entity uses and makes its reliability essential.

It is the duty of the highest authority, responsible for internal control, to strive to obtain an adequate degree of compliance with each of the aforementioned attributes.

  • Flexibility to change.

The information system should be reviewed and, if necessary, redesigned when deficiencies in its operation and products are detected. When the entity changes its strategy, mission, policy, objectives, work program, etc., the impact on the information system must be considered and act accordingly.

If the information system is designed based on a strategy and a work program, it is natural that when changing these, it must adapt, taking into account that the information that is no longer relevant continues to flow to the detriment of other information that did become relevant, taking care that the system is not artificially overloaded, a situation that is generated when the information, now necessary, is added, without eliminating the one that lost importance.

  • The information system.

The information system must be designed taking into account the entity's strategy and operations program.

The information system classification is applied, both to the one that covers the financial information of an entity and to the one intended to record other internal processes and operations. Here it is explained in a broader sense because it also includes the treatment of events and events external to the entity, referring to the timely capture and processing of situations regarding: changes in the rules, legal or regulatory, that reach the entity, know the opinion of users on the service provided, their complaints, concerns and emerging needs.

Such information system must be designed to support the entity's strategy, mission, policy and objectives.

The entity needs information that enables it to achieve all categories of objectives: operational, financial and compliance. Each particular piece of data can help achieve one or all of these goal categories.

  • Management commitment.

The interest and commitment of the entity's management with the information systems must be made explicit through the allocation of sufficient resources for their effective operation.

It is essential that the management of an entity have a full understanding of the important role that information systems play, for the proper development of their duties and responsibilities and, in this sense, must show a committed attitude towards them.

  • Communication, organization values ​​and strategies.

For control to be effective, entities need an open, multidirected communication process, capable of transmitting relevant, reliable and timely information.

The communication process is used to convey a variety of topics, but we want to highlight, in this case, the communication of ethical values ​​and the communication of mission, policies and objectives. If all the workers of the entity are imbued with the ethical values ​​that they must respect, the mission to be fulfilled, the objectives pursued and the policies that frame them, the probability of an effective, efficient and economic performance, framed in legality and ethics, increases noticeably.

  • Communication channels.

Communication channels must present a degree of openness and efficiency appropriate to internal and external information needs.

The system is structured in data and information transmission channels. To a large extent the maintenance of the system lies in monitoring the opening and good condition of these channels, which connect different emitters and receivers of varying importance.

Communication with employees, so that they can send their suggestions on improvements or possible changes that provide compliance with tasks and goals.

Information and Communication Assessment.

There are mechanisms to obtain pertinent external information on market conditions, competitor programs, new legislation or control agencies, and economic changes.

Directors and department heads are provided with the information they need to fulfill their responsibilities.

Information is available, in a timely manner, to allow effective control of events and activities, enabling rapid reaction to commercial economic factors and control issues.

A long-term IT plan has been developed, linked to strategic initiatives.

Sufficient resources are provided, as necessary, to improve or develop new information systems.

Communication channels, formal or informal training sessions, meetings and supervision during work, are sufficient to carry out such communication.

There are established mechanisms so that employees can contribute their recommendations.

  • Supervision or Monitoring.

It is the process that evaluates the quality of internal control over time. It is important to monitor internal control to determine if it is operating as expected and if modifications are necessary.

Permanent monitoring activities include supervision activities carried out permanently, directly by the different management structures.

Separate evaluations are monitoring activities that are performed on a non-routine basis, such as periodic audits by internal auditors.

Some of the issues to consider are:

  • Constitution of the integrated control committee, by a top-level leader and the internal auditor, whose objective would be to monitor the proper functioning of the Internal Control System and its continuous improvement. In organizations that justify it, the existence of internal audit units with a sufficient degree of independence and professional qualification.

The objective is to ensure that internal control works properly, through two types of supervision: continuous activities or specific evaluations.

The former are those incorporated into normal or recurring activities that, carried out in real time and rooted in management, generate dynamic responses to surviving circumstances.

Regarding specific evaluations, the following considerations apply:

  • Their scope and frequency are determined by the nature and importance of the changes and risks that these entail, the competence and experience of those who control them, and the results of continued supervision.They are carried out by those responsible for the management areas, the Internal audit included in planning or specially requested by management and external auditors. They constitute a whole process within which, although the approaches and techniques vary, appropriate discipline and unavoidable principles prevail. The evaluator's task is to find out the real functioning of the system: that the controls exist, are formalized, that they are applied daily as a routine incorporated into the habits and that they are suitable for the purposes pursued.They respond to a certain methodology with techniques and tools to measure efficacy directly or through comparison with other proven good control systems. The level of documentation of controls varies according to the size and complexity of the entity. There are informal controls that, although not documented, are applied correctly and are effective, although an adequate level of documentation usually increases the efficiency of the evaluation and is more useful by promoting the understanding of the system by employees. The nature and level of documentation require greater rigor when the strength of the system needs to be demonstrated to third parties.The level of documentation of the controls varies according to the size and complexity of the entity. There are informal controls that, although not documented, are applied correctly and are effective, although an adequate level of documentation usually increases the efficiency of the evaluation and is more useful by promoting the understanding of the system by employees. The nature and level of documentation require greater rigor when the strength of the system needs to be demonstrated to third parties.The level of documentation of the controls varies according to the size and complexity of the entity. There are informal controls that, although not documented, are applied correctly and are effective, although an adequate level of documentation usually increases the efficiency of the evaluation and is more useful by promoting the understanding of the system by employees. The nature and level of documentation require greater rigor when the strength of the system needs to be demonstrated to third parties.The nature and level of documentation require greater rigor when the strength of the system needs to be demonstrated to third parties.The nature and level of documentation require greater rigor when the strength of the system needs to be demonstrated to third parties.

An action plan must be drawn up that covers the scope of the evaluation, the existing continuous supervision activities, the tasks of the internal and external auditors, areas or matters of greatest risk, evaluation program, evaluators, methodology and control tools, presentation of conclusions and supporting documentation, follow-up so that the pertinent corrections are adopted.

Supervision or Monitoring Standards.

  • Evaluation of the internal control system.

The entity's management and any official in charge of an organizational segment, program, project or activity area, must periodically evaluate the effectiveness of its Internal Control System and communicate the results to whoever is responsible.

A periodic analysis of the way in which this system is operating will provide the manager with the peace of mind of proper operation, or the opportunity to correct and strengthen it.

  • Efficiency of the Internal Control System.

The Internal Control System is considered effective to the extent that the authority it supports has reasonable security of information about progress in achieving its objectives and goals and in the use of criteria of economy and efficiency, the reliability and validity of the reports and financial statements, compliance with current legislation and regulations, including the policies and procedures issued by the entity itself, this standard sets the criteria to rate the effectiveness of an Internal Control System, based on the three control matters:

  • Operations, financial information, compliance with laws, decrees, regulations and any type of regulations.

  • Internal Control System Audits.

Audits must be carried out, which will report on the effectiveness and efficiency of the Internal Control System, providing recommendations for its strengthening if appropriate.

In the interrelation game of elements that configure and sustain the Internal Control System, audits play an important role.

These exams, carried out on the basis of generally accepted norms and procedures, allow obtaining a valid technical opinion on the state and operation of an Internal Control System.

The nature, extent and frequency of evaluations of the Internal Control System should vary depending on the level of risk determined and the weight of the importance of control to reduce it.

The audit must follow an objective and systematic method that, reasonably, increases the probability of the formation of a correct judgment.

  • Validation of the assumptions made.

The assumptions that support the objectives of an organization must be periodically validated.

An entity's objectives and the control elements that support its achievement rest on fundamental assumptions about how its environment works.

Assumptions about how the system works are often widely held in an organization, although staff may be unaware of them. Such unconscious assumptions can inhibit the ability to adapt to change, because they lead staff to discard all information that does not fit their concepts. An open dialogue is needed to identify the assumptions. If an organization's assumptions are invalid, control can be ineffective, so periodic revalidation of the organization's assumptions is key to control effectiveness.

  • Treatment of detected deficiencies.

Any deficiency that affects or could affect the effectiveness of the Internal Control System must be reported.

Procedures should be established to determine on what matters, in what form and to whom such information will be presented.

The deficiencies in the functioning of the Internal Control System, given their importance, must be quickly detected and communicated. The term deficiency should be understood broadly, that is, any "condition" within the system that is worthy of attention.

The identification of deficiencies can arise from different sources: internal control itself, supervision and evaluation. Also, through the relationship with third parties, through claims, demands, etc.

Communication of deficiencies should normally follow the path that leads to the immediate superior, but the general orientation should be that they finally reach the authority that can take corrective action. A case that can serve as an example is one in which the detected problem invades the organizational limits; here communication must be directed at a level high enough to ensure appropriate action.

Detected deficiencies that exceed a designated limit in terms of their relevance and impact must be reported.

Evaluation of Supervision and Monitoring.

Management responsible for operations compares production, stocks, sales, or other information gained in the course of its daily activities, with information generated through the systems.

Evaluate to what extent the communications received from third parties corroborate the information generated within the organization or indicate problems.

Periodic comparison of the amounts recorded by the accounting system with tangible assets.

Analyze the entity's response to the recommendations of the internal and external auditors to strengthen internal controls.

Compliance with the entity's code of ethics or conduct and whether essential control activities are regularly carried out are emphasized.

Assess the effectiveness of internal audit activities.

1.6 LIMITATIONS OF INTERNAL CONTROL.

  • The REASONABLE SAFETY conceptIt is related to the explicit recognition of the existence of inherent limitations of the Internal Control. In the performance of the controls, errors can be made as a result of erroneous interpretations of instructions, errors of judgment, carelessness, distraction and fatigue. Separation of duties may be circumvented by collusion between employees, that is, agreeing to harm third parties. The extent of the controls adopted in an organization is also limited by cost considerations, therefore, it is not feasible to establish controls that provide absolute protection from fraud and waste, but establish controls that guarantee reasonable security from the point of view of costs that are inherent in all internal control systems,For example: the opinions on which decisions are based may be wrong, those in charge of establishing controls have to analyze their cost / benefit ratio, etc. Furthermore, controls can be evaded if two or more workers intend to do so. The Administration could also ignore the internal control system.

Conclusions:

  • Internal Control is an extremely important tool to safeguard and protect aspects such as financial, economic, etc. Because its proper use brings with it that entities remain in due order according to what is established by the relevant resolutions in each national territory for entities. The use of Internal Control in entities allows illegalities and corruption to be greatly reduced within of the labor framework, since it forces each element of the organization to be controlled by the relevant person.

Recommendations:

  • We recommend continuing to deepen this comprehensive and abundant topic regarding internal control, in order to bring it to its maximum use in the entities. Take into account the new modifications and established resolutions, both in the territorial and international scope issued by the pertinent institutions., to give internal compliance in each institution.

Bibliography:

  • Audit, first part / sl: sn, sa /. –P 14Braraz, Alfonso. Accounting of Operating Costs. - Havana, 2001. –p 85Cashin, James A. Accounting Theory and Problems I. –Mexico, 1973. –p 25Catacora Carpio, Fernando. Accounting: The Basis for Business Decisions.

- Caracas: Mc Graw - Hill Interamericana, 1998. –p 7

  • Cordovés Capote, Graviel. Internal control and control. Audit Magazine and

Control. 1 (1): 21-28, 2000

  • Estrada Santander, José L. Economic Dictionary. - Havana: Political Editor 1987– p7,158
  • General Accounting Study / sl: sn, sa /. –P 11-12 López López Martha. Internal Control - Cuba, 2003. - p1-38 Accountant's Manual. Mexico, 1943. –p 1633 - 1646Ministry of Audit and Control. Resolution 13/03. - Havana: Ministry of

Audit and Control, 2003

  • Ministry of Finance and Prices. Resolution 297/03: - Havana: Ministry of 3

Finance and Prices, 2003

  • Nuñez López, Aurelio. Internal control. Risk analysis. Audit Magazine and

Control. 3 (5): 1-11, 2002

  • Improvement of the Economic Activity of the MONTH. - Havana: MONTH, 2002.

-p 198-216

  • Basic Principles of Auditing. - 4. ed. - / Arthur W. HalmesWood Fonseca, Guillermo. Control is man. Audit and Control Magazine.

2 (4): 37-45, 2001

Download the original file

Internal control in business management and economics
Administration

Editor's choice

Talent management. Why should someone work at your company?

Talent management. Why should someone work at your company?

Technological management focused on education

Technological management focused on education

Treasury management applied to organizations skeacher case of venezuela

Treasury management applied to organizations skeacher case of venezuela

Total management of business productivity

Total management of business productivity

Management and identification of risk factors

Management and identification of risk factors

Knowledge management within organizations

Knowledge management within organizations

© Copyright en.artbmxmagazine.com, 2024 October | About site | Contacts | Privacy policy.