Networking: A Beginner's Guide
An AP operator cannot release checks to vendors that have a "hold" status on
Uninvoiced receipts are reconciled every month.
Only authorized AP operators can access the AP functions in the accounting
The complexity of the business and the analysis by the people implementing the
internal control system will determine how many control objectives are put in place
for each process area. Even for a small public company, there may be 20 to 50 control
objectives for each business process. For a large enterprise, many more controls might
be in place.
Internal controls affect nearly every area of a business. Effective internal controls are
the responsibility of the managers of each process area ("process owners"), not the accounting or
internal audit department. A company's CEO and CFO are ultimately responsible for the adequacy
of the systems.
Key Procedures for an IT Internal Control System
An IT department's internal control system should minimally consist of various
controls that support, either directly or indirectly, the controls of the areas involved in
financial reporting. Accordingly, once the control objectives are known for the other
areas of the business, the IT department can, with the assistance of the accounting or
internal audit function, design these supporting controls. An IT department can also
implement internal controls that help the IT department to function more effectively,
and these can be included in the IT department's system of internal controls.
IT Department Narrative
One of the first documents that an IT department should write is a narrative that
overviews the IT department's operations. This document is updated periodically,
and it is used by the external and internal auditors to quickly understand the overall
structure and operations of the IT department.
The narrative should contain enough information to allow the readers to quickly
familiarize themselves with the IT department and to understand its overall system of
controls. Suggested contents include the following:
IT organization chart, including a breakdown of key responsibilities of the
How duties are segregated