21
potential and
minimize
the risk of fraud, error, and loss. Hence, it is important to
understand the basic concept of IC, its objectives, the different types of IC that can
be applied by organizations, and the
COSO’s Internal Control-Integrated
Framework, which is applicable to help companies develop good IC systems.
2.4.1 Definition of IC
According
to Arens,
Elder,
and
Beasley
(2003, p.
270),
IC
can
be
identified
as
policies
and procedures designed to provide
management
with reasonable
assurance that the company achieves its objectives and goals. Meanwhile,
Romney and Steinbart (2006, p. 783) acknowledge it as controls within a
business
organization
that ensure
information
is
processed correctly.
Furthermore, CPA Australia (2007, p. 6) recognize IC as methods or procedures
adopted
in
a
business
to safeguard its
assets,
ensure
financial
information
is
accurate
and
reliable,
ensure compliance
with all financial
and
operational
requirements, and generally assist in achieving the business’s objectives.
The IC permeates
a
business operating
activities
and
acts an an
integral
part
of
basic
management
activities,
thus
it
is
referred
as
a
process.
It
implies
reasonable,
rather
than
absolute,
assurance,
given
that complete
assurance
is
extremely difficult and expensive to achieve. In addition, IC systems have
inherent
limitations such
as
their
vulnerability
towards simple
errors and
mistakes,
faulty
judgments
and
decision-making,
management override, or
employees’ conspiracy.
 |