Our working definition of internal control describes it in the broad sense of both selecting the ends to be attained (control goals) and specifying the means to ensure that the goals are attained (control plans). Control also extends to the processes of reviewing a system periodically to ensure that the goals of the system are being achieved, and to taking remedial action (if necessary) to correct any deficiencies in the system (i.e., monitoring). Control is concerned with discovering courses of action that contribute to the general welfare of the business organization and with ensuring that the implementation of these actions produces the desired effects.
What are the three generic control goals of the operations process and the five generic control goals of the related information process?
Control goals are business process objectives that an internal control system is designed to achieve. Table 8.1 provides an overview of the generic control goals of the operations process and of the information process. To illustrate our discussion we use a cash receipts process, similar to the Causeway system depicted in Figure 2.14.
|Control goals of the operations process|
|Ensure effectiveness of operations by achieving the following operations process goals: (itemize the specific goals for the process being analyzed)||Effectiveness: A measure of success in meeting one or more goals||Did we achieve our goal? If my goal was to get an A in the course, did I get an A?|
|Operations process goals: Criteria used to judge the effectiveness of an operations process||If our goal is to deposit cash receipts on the day received, we are effective if cash receipts are deposited on the day received.|
|Ensure efficient employment of resources||Efficiency: A measure of the productivity of the resources applied to achieve a set of goals||What is the cost of the people, computers, and other resources needed to deposit all cash on the day received? Could it be accomplished at a lower cost?|
|Ensure security of resources (specify the applicable operations process and information process resources)||Security of resources: Protecting an organization’s resources from loss, destruction, disclosure, copying, sale, or other misuse||Are the physical (e.g., cash) and nonphysical (e.g., information) resources available when required? Are they put to unauthorized use?|
|Control goals of the information process|
|Ensure input validity (IV)||Input validity: A control goal that requires that input data be appropriately approved and represent actual economic events and objects||Are all of the cash receipts to be input into our computer supported by actual customer payments?|
|Ensure input completeness (IC)||Input completeness: A control goal that requires that every valid event or object be captured and entered into a system||Are all valid customer payments captured on a remittance advice (RA) and entered into our computer?|
|Ensure input accuracy (IA)||Input accuracy: A control goal that requires that events be correctly captured and entered into a system||Is the correct payment amount and customer number transcribed onto the RA? Is the correct payment amount and customer number keyed into our computer? Is the customer number missing from the RA?|
|Ensure update completeness||Update completeness: A control goal that requires that all events entered into a computer are reflected in their respective master data||Have all input cash receipts been recorded in our accounts receivable master data?|
|Ensure update accuracy||Update accuracy: A control goal that requires that data entered into a computer are reflected correctly in their respective master data||Are all input cash receipts correctly recorded in our accounts receivable master data?|