The goal: a "reasonable" level of assurance
Internal controls help management have a "reasonable" level of assurance that the organization will be able to achieve its goals. But, you may ask, why not strive for an "absolute" level of assurance?
Answer: Because attaining an absolute level of assurance is not always reasonable, given the following factors:
- It can be cost-prohibitive. There should be an optimal level of controls for an acceptable level of risk.
- Management can bypass or override the internal controls, reducing the assurance they can provide.
- Employees may collude with each other, rendering some controls less effective.
- Human error may occur.
Reasonable assurance can be achieved by effectively balancing risks and controls. Internal controls should be proactive, value-added and cost-effective, and they should make good business sense.
Risks and controls that are out of balance can cause problems such as the following:
|
Excessive Risks |
Excessive Controls |
|
Loss of Assets |
Donors or Grants: Increased Bureaucracy |
|
Poor Business Decisions |
Reduced Productivity |
|
Noncompliance |
Increased Complexity |
|
Increased Regulations |
Increased Cycle Time |
|
Public Scandals |
Increase of Non-value–adding Activities |