Limitations of Internal Controls - Online Tutor, Practice Problems & Exam Prep

Topic summary

Created using AI

Internal controls are essential for preventing and detecting fraud, but they have limitations. Human error, collusion among employees, executive overrides, and the size of the business can compromise their effectiveness. While internal controls provide reasonable assurance over asset safeguarding and financial information reliability, they cannot guarantee fraud prevention. Businesses must weigh the cost of implementing additional controls against the trustworthiness of their employees, especially in smaller organizations. Understanding these factors is crucial for effective management accounting and maintaining financial integrity.

Unlike your professor, Internal Controls are not perfect.

concept

Limitations of Internal Controls

Video duration:

Video transcript

So, internal controls, the system in place to help us prevent or detect fraud in our company, are not perfect. Let's discuss some of the limitations of our internal controls. They're not going to be perfect. What are some reasons that internal controls could fail and result in fraud? First, the human element is involved. Employees aren't perfect. They could make mistakes, they could be careless, or even indifferent towards your internal control procedures. You might have all these great internal controls in place, but then they might think, 'Yeah, whatever, they were supposed to sign these documents, but it doesn’t really matter.' So, those internal controls could fail because the employees might not care, and you really have to emphasize to them, 'Hey, it's really important that you sign these documents or whatever that kind of seemingly meaningless step to the employee could be very important to the company.'

The next reason internal controls could fail is collusion. Collusion is when employees work together to commit fraud. And this goes with the separation of duties. Remember when we talked about separation of duties? When they collude together, maybe we separated these duties to prevent fraud, but then they work together. All those employees that were supposed to do different tasks work together to steal from the company, and there's nothing really you could do about that other than hire employees that aren't going to do that.

Next is an executive override. Usually, lower-level employees need to get verified; they need to ask, 'Is this okay? Can we get this expense?' But consider the executives, the CFO of the company; there's not really anyone that they have to ask to write a check. So a top-level employee generally does the final verification, a CFO. Therefore, the CFO can just authorize his own transactions. Maybe buy a jet ski on the company's dollar, and there's nobody really to authorize his transactions. He is the authorizer.

Lastly, we have the size of the business. Sometimes, in a small business, it's going to be tough. They might not have enough employees to separate duties. What if you only have three or four employees at your company? It might be really tough to do separation of duties in those cases. So you ought to think about the cost versus the benefit. The cost, in that case, would be actually hiring extra employees just for the sake of internal controls for the benefit of having this fraud prevention. So, you know, you have to weigh that out. Is it worth having this extra cost when maybe we have trustworthy employees? It's a tough call in those small businesses.

For these reasons, what we say is that internal controls provide reasonable assurance. Notice this kind of legal terminology they're using: Reasonable assurance. They're not saying, 'We have internal controls in place, so there is no fraud.' We can't say that. We say, 'There are internal controls in place, so we're pretty sure, we're reasonably assured that there's no fraud happening.' That's the kind of legal recourse that you have: reasonable assurance. So, overall, what do we have reasonable assurance over? Well, it's over the safeguarding of assets, ensuring that what we say we have is actually there, and the reliability of financial information. We feel pretty good that the assets are there and that our financial information is reliable too. So, that's what internal controls do.

Alright, let's go ahead and move on to the next video.

Here’s what students ask on this topic:

What are the limitations of internal controls in preventing fraud?

Internal controls are not foolproof in preventing fraud due to several limitations. First, the human element is involved, meaning employees can make mistakes, be careless, or indifferent towards internal control procedures. Second, collusion among employees can bypass controls designed to prevent fraud. Third, executive overrides allow top-level employees to authorize their own transactions without additional verification. Lastly, the size of the business can impact the effectiveness of internal controls, especially in small businesses where separating duties may not be feasible. These factors mean that internal controls provide reasonable assurance but cannot guarantee complete fraud prevention.

Created using AI

How does human error affect the effectiveness of internal controls?

Human error significantly affects the effectiveness of internal controls. Employees can make unintentional mistakes, be careless, or show indifference towards following control procedures. For example, an employee might forget to sign a document or overlook a critical step in a process, thereby compromising the control system. This human element introduces variability and unpredictability, making it difficult to ensure that all controls are consistently and correctly applied. Therefore, while internal controls are designed to mitigate risks, they cannot entirely eliminate the possibility of human error.

Created using AI

What is collusion, and how does it undermine internal controls?

Collusion occurs when two or more employees work together to commit fraud, thereby undermining internal controls. Even if duties are separated to prevent fraud, colluding employees can bypass these controls by coordinating their actions. For instance, one employee might approve a fraudulent transaction while another processes it, effectively nullifying the separation of duties. Collusion is particularly challenging to detect and prevent because it involves multiple individuals conspiring to deceive the control system, making it a significant limitation of internal controls.

Created using AI

Why is executive override a limitation of internal controls?

Executive override is a limitation of internal controls because top-level executives, such as CFOs, often have the authority to approve their own transactions without additional verification. This lack of oversight allows them to bypass established controls, potentially leading to fraudulent activities. For example, an executive could authorize a personal expense as a business expense without anyone questioning it. This ability to override controls at the highest level of the organization poses a significant risk to the integrity of the internal control system.

Created using AI

How does the size of a business impact the effectiveness of internal controls?

The size of a business can significantly impact the effectiveness of internal controls. In smaller businesses, there may not be enough employees to adequately separate duties, making it easier for fraud to occur. For instance, a small business with only a few employees might find it challenging to implement effective segregation of duties, as one person might handle multiple roles. This limitation forces small businesses to weigh the cost of hiring additional staff for internal controls against the potential benefits of fraud prevention, making it a complex decision.

Created using AI