Provide yourself with essential knowledge

Importance of Internal Control in Audits of Small and Medium Entities


Importance of Internal Control in Audits of Small and Medium Entities (SMEs)


Internal control is closely linked to the organization and administration of business entities, whatever their size or condition.  In this sense, the organization consists of logically and coherently diagramming the transactional flows of the entity, based on the general layout, objectives and control parameters that will shape the structure of the company and on which the other component parts will depend (materials and humans). The administration endeavors to manage the reality of daily events, through the management, supervision and control of all the operations within the entity in an effort to meet the pre-established objectives in the creation of the company. The control is the set of policies and procedures used to determine the veracity normality and consistency of statements, and of the acts performed directly by executives or other employees of the entity. These include automatic controls contained in information processing systems.

Other definitions indicate that internal control is:

1.  The administrative function that consists of ensuring the measurement and correction of efficiency towards the objectives set; 

2.  The set of activities that are undertaken to measure and examine the results obtained in any specified period, to evaluate them and to decide the corrective measures that are necessary, objective improvements and successful strategies. 

 Consequently, internal control in an entity is the set of procedures or actions established by the administration to maintain an activity within the predefined limits of operation.  From the point of view of auditing standards, the administration is responsible for the design, implementation and maintenance of an internal control relevant to the preparation and fair presentation of financial statements that are exempt from significant misstatements, whether due to fraud or error.

 Internal control is part of a normal and recurrent audit of a company, large or small. Generally, in large entities with high volumes of transactions and information there is an internal control department, a permanent audit department on payroll, or accounting, expediting and similar personnel in charge of verifying key indices and, based on these reviews, effect more efficient balance and control within their operations.

 If the situation of SMEs is different due to lack of resources because they are entities with few employees or documentation, or because the owners do not see the importance of internal control due to focusing on increased revenues and decreased expenses to improve their bottom line.  For these reasons, owners of small entities see the subject of accounting records as a necessary evil and often outsource such services to reduce costs, with the consequence that controls on operations are reduced or negligible.  Such actions are undertaken with the risk that the information issued to external users about the finances and conduct of the entity is inadequate and can create misleading results.

We can demonstrate, as external auditors, how useful it is for employers to maintain adequate contemporaneous control over operations.  When performing our work as external auditors we make viable recommendations that avoid the payment of tax, labor, fines or other forms of financial overhead including audits or recurrent employee problems and, above all, adopt adequate safeguards of assets.  The SME entrepreneurs’ concept then changes to make the external audit an indispensable ally for the control of their operations and improvement of their contribution margins.  Good Internal control recommendations are most valued by clients and key to generating new consultancies.

Internal control has become a fundamental component required for the existence, survival and growth of any business organization.  Its concept revolves around the basic objectives of efficiency and security in the use and protection of the entity’s assets.

A letter to the administration communicating observed control deficiencies and containing our recommendations based thereon is relevant for every company audit. Most assuredly for SMEs as well, since they help to improve operational efficiency and promote greater effectiveness of controls within the limited available options. They have the resources and data that increase client confidence in the audit team to ensure success beyond mere solvency, without the auditor losing the independence necessary to achieve the obvious goal of objectivity.

 Our experience with SMEs has confirmed what we claim of a thriving client base.  That is the best marketing in a complicated region, where 90% of target clients are SMEs.

 Marcela Cid, Partner Auren Chile