Definition of Internal Control System

control system is a policy and procedure that protects assets from misuse. The internal control system can be used more effectively to prevent embezzlement or irregularities. In a company, internal control is very much needed considering the factors that cover the broad and very complex corporate entities. This results in management relying on reports and analyses to operate internal control effectively.

Fгοm thе dеfіnіtіοn οf сοntгοl, thеге аге thе fοllοwіng Ьаѕіс сοnсеρtѕ:

  1. Internal control is a process. 
  2. People run internal control.
  3. Internal control is expected to provide reasonable assurance, not absolute assurance, to the entity’s management and board of commissioners.
  4. Internal control aims to achieve interrelated objectives, financial reporting, compliance, and operations
control system

The objective of Internal Control

           The purpose of internal control is to provide reasonable assurance about the achievement of three classes of objectives:

  1. Reliability of financial information
  2. Compliance with applicable laws and regulations
  3. Effectiveness and efficiency of operation

Limitations of an Entity’s Internal Control

           Inherent limitations inherent in any internal control are as follows:

  1. Mistakes in judgment often, management and other personnel can err in considering business decisions or carrying out routine tasks due to inadequate information, time constraints, or other pressures.
  2. Disturbance personnel misunderstands orders or makes mistakes due to negligence, inattention or fatigue, temporary changes in personnel, or system and procedures.
  3. Collusion is the joint action of several individuals for criminal purposes that can result in the breach of internal controls built for the entity’s assets and not revealing irregularities or not detecting fraud by designed internal control.
  4. Management waivers, management may ignore established policies or procedures for illegitimate purposes such as the manager’s gain, financial overstatement, or pseudo-compliance.
  5. Cost versus benefit, the cost required to operate internal control should not exceed the benefits expected from the internal control.

Various factors make up the control environment within an entity:

  1. Values of integrity and ethics
  2. Commitment to competition
  3. Тhе bоагd оf соmmіѕѕіоnегѕ аnd thе аudіt соmmіttее
  4. Operating philosophy and style 
  5. Organizational structure
  6. Division of authority and assignment of responsibilities
  7. Human resource policies and practices

Risk Assessment

           Risk assessment for financial reporting is the identification, analysis, and management of entity risks related to preparing financial statements per generally accepted accounting principles. Management risk assessment for financial reporting purposes is an assessment of the risks embodied in specific assertions in the financial statements and the design and implementation of control activities aimed at reducing those risks to a minimum, considering the costs and benefits.

control risk
control risk
They are five types of risk assessment:
  1. Qualitative Risk Assessment
  2. Quantitative Risk Assessment
  3. Generic Risk Assessment
  4. Site-Specific Risk Assessment
  5. Dynamic Risk Assessment

The risk assessment process consists of four parts: hazard identification, hazard characterization, exposure assessment, and risk characterization. Hazard identification aims to determine the qualitative nature of the adverse effects of a contaminant (genotoxicity, carcinogenicity, neurotoxicity, etc.).


Internal control system and the performance of Agricultural small, medium enterprises in Eastern Uganda. A case of Mbale District.

Internal control system and the performance of Agricultural small medium enterprises in Eastern Uganda. A case of Mbale District.


  1. I agree with your point of view, your article has given me a lot of help and benefited me a lot. Thanks. Hope you continue to write such excellent articles.

Leave a Reply

Your email address will not be published.