Design Principles of Control

07/07/2020 Off By fintralead

Principles of control- Every organization needs some principles of controls to measures as a means to protect assets and ensure that accounting records are reliable. Internal control provides a means of assurance that corporate objectives are being achieved.

Internal control

What’s Internal Control?

A process within an organization designed to provide reasonable assurance regarding the following primary objectives:

  • The reliability and integrity of information
  • Compliance with policies, plans, procedures, laws, and regulations
  • The safeguarding of assets
  • The economical and efficient use of resources
  • The accomplishment of established objectives and goals of operations or programs

Moreover, an effective internal controls framework provides assurance that significant weaknesses in the design or operation of internal processes that could adversely affect the organization’s ability to meet its objectives would be prevented or detected in a timely manner.

However, all internal controls need to be designed with some principles. All controls need to be fulfilled with most of the below-mentioned principles. For instance, in this article, we will see the 10 design principles of control.

10 design principles of control:-

Design principles of control
1. Risk

Furthermore, your risk description associated with the internal control should provide enough information about what could materialize if the control was not performed.

2. Objective

Similarly, there should always be a clear statement of why the control is in place and its purpose.

3. Inputs & Frequency

However, your control description should clearly specify where the inputs come from and what is the frequency for the performance of the control

4. Operation & Predictability

Does the control description document what the control operator actually does at each stage in performing the control and is this documented in such a way that it can be performed the same way each time the control is performed?

5. Activation

Does the control show a last updated date that is comparable to the version history information available for the control?

This shows if the control has changed during the course of the year.

6. Owner & Operator

Does the control have an identified control owner, and does the control description clearly articulate who is to perform the control if this is not the control owner?

7. Tolerance level & Estimations

Wherever applicable, does the control explain the tolerance levels that are set against the control whereby action will or will not be taken?

What is the level of predictability? Is there a need to consider the level of aggregation of the information being controlled?

If the control relies on an estimate or judgment how does the operator assess the assumptions used or judgments made?

8. Exceptions

Does the control explain the criteria for investigation of errors and exceptions and other outliers? This must include details of escalation routes if applicable close out the control loop?

How have differences/deviations been investigated and how has this been documented?

9. Information Source

Does the control as described rely on information from spreadsheets or system-generated reports in its operation?

If the information comes from a Spreadsheet is this on a spreadsheet register and has it been risk assessed?

If the information comes from a system-generated report, have details been captured about the official name of this report and from which system it comes?

10. Eidence

Does the control describe the nature and form of evidence that demonstrates the operator has performed the control and understands the purpose of the control?

How have differences/deviations been investigated and how has this been documented?

Does the control explain where this evidence is stored and how it can be accessed?

Follow me