Internal controls are important to your organization. However, they do not ensure that all control objectives of your organization can be achieved as they have certain limitations that may reduce their effectiveness and advantages to the business. This is especially obvious when the controls are performed manually. Today we are going to discuss the limitations of internal control and how it will affect your organization. Segregation of duties is effective when the employees involved performed their roles properly. However, it can be compromised when the employees decided to work with each other to override the system. For example, instead of reviewing the employee who raises purchase requisition, the reviewer
colludes with that employee to raise purchase requisitions for their personal gains. This kind of fraudulent activity will be hard to discover since the control has been circumvented and undermined. These unnecessary purchases will cause the business to lose money and affect the profitability of the business. Lack of segregation of dutiesEmployees can collude when there is a segregation of duties, but things can get a lot worse when there is no segregation of duties in place for an internal control system. The limitation is that one employee can easily influence the entire operation, resulting in an undesirable outcome if the employee has malicious intent. Subject to human errorFor manual controls, the greatest limitation would be human error. The employee in charge could either not know how to perform the control, forget to perform the control, or make an error when carrying out the control. This may be due to several factors, such as the employees are not properly trained or is not responsible enough to perform the control. They may also lack the experience in performing the control properly. This will cause the control to be fully compromised, and your organization might be exposed to unnecessary risk under this kind of circumstances. Insufficient training or lack of communicationThis happens when the purpose of the control is not communicated properly to the employees or that the employees are not well-trained in the first place to perform the control. The employee may not understand how the internal control will affect the business as a whole and neglects it for their own ease of working. A control will lose its effectiveness when the employees cannot follow through and perform it per the internal policy. This will, again, expose your organization to risks that could have been largely reduced had the control been carried out properly. Subject to incorrect judgementAnother limitation is that internal control, which is thought to be sufficient in reducing the business risk in your organization, is actually not effective enough to handle such risk. Designing the right control for a business risk requires a lot of judgment and relevant experience. An internal control suitable for another business may not always be suitable for your organization as no two businesses are the same due to their business nature and organizational cultures. Therefore, your organization should misspend the effort to identify the risk and control by performing risk assessments and periodically evaluating the current internal control system. Subject to system errorThere is a limitation even when the internal control system is fully automated. The internal control system might break down suddenly or be subject to hackers’ attacks. This might result in losing important business information and a potential loss in customers’ trust in more serious cases. Therefore, your organization must ensure its automated controls are well-protected and monitored for potential errors and attacks. Subject to the occurrence of unforeseen circumstancesThere is a misconception that internal controls provide reasonable assurance. However, that is not true. They can help your organization in terms of avoiding, identifying, and remediating errors and frauds. However, it is almost impossible for the controls to work all the time. One of the factors is that there are always certain circumstances or risks that the management cannot predict. Therefore, there will not be any control in place to prevent or detect such risks. These circumstances could either arise from internal sources or external sources. As a result, the internal controls may be rendered completely useless when such circumstances happen unpredictably and require the management to act spontaneously to resolve them. Subject to management overrideWhen there is personal gain from not performing a control, a person in the management team with the authority to override an internal control may be tempted to do so. This is what we know as management override. This individual has the authority to bypass the control, and this will cause a breakdown in control and emphasis the risk that the control is meant to mitigate. Affected by the organisation sizeInternal controls may not even be implemented in smaller businesses since the business owners are often heavily involved in the daily operations. Not just that, for smaller organizations, the cost of fully implementing internal controls and having proper segregation of duties can outweigh the benefits of having these controls. After considering all the costs and benefits, these businesses may decide not to implement such controls. Can become obsoleteIf it is not updated according to the changes in business nature and the organizational culture, the controls may become obsolete. This may reduce their efficiency in mitigating risks and preventing problems. Requires periodic reassessmentTo prevent the controls from becoming obsolete, frequent follow-up procedures and periodic reassessment are required to ensure they keep working the way they are intended to. This can be costly and time-consuming. ConclusionInternal controls are procedures set up by an organization to protect its assets and manage risks. The internal controls to implement vary from one organization to another, and they have certain limitations that may undermine their effectiveness. Having a good understanding of these limitations is very useful for your organization. What are two possible limitations to internal controls?What Are the 12 Limitations of Internal Controls?. Manual Processes/Human Error. ... . Lack of Accurate Data. ... . Too Many Controls. ... . Inconsistent Controls. ... . Insufficient Resources. ... . Siloed Approach. ... . Cannot Achieve 100% Control. ... . Collusion/Fraud.. What are the limitations of internal audit?Some of the limitations of the internal control system in auditing are: High Cost: The expense of setting up and working an Internal Audit in an association is extravagant. Unsatisfactory for a Small Organization: Internal Audit is not reasonable for small associations because of the inclusion of significant expenses.
What are the limitations of internal control quizlet?Terms in this set (5). misunderstanding of instructions.. mistakes of judgment.. carelessness.. distraction.. fatigue.. What are the types of internal control narrate the limitations of internal control system?There are three main categories of internal controls: preventative, detective and corrective. Internal controls are characteristically summed up as a series of policies and procedures or technical protections that are put in place to prevent problems and protect the assets of a business organization.
|
