How to Assess the Strengths & Weaknesses of Internal Company Controls | Bizfluent

How to Assess the Strengths & Weaknesses of Internal Company Controls

How to Assess the Strengths & Weaknesses of Internal Company Controls
Written By
Bert Markgraf
Bert Markgraf
Sep 1, 2013
2 minute read

The internal controls you put in place help ensure that employees carry out the work according to company policies and procedures. Control strengths include simplicity, wide acceptance and effectiveness in making sure the company achieves its objectives. Weaknesses may manifest themselves as inconsistent application, frequent discrepancies and a lack of acceptance by employees. Your assessment of internal company controls has to look for such weaknesses and make corresponding changes using the strong controls as a model.

Duties

An assessment of internal control effectiveness has to evaluate the required separation of duties. A controlled task having several elements must be executed by several different employees. For example, paying a bill involves approving the spending, issuing the check and keeping a record of the transaction. The task of paying the bill has a strong control if three employees are responsible for the three elements, but a weak control if one employee handles the work and reports on it. You can assess the strength of critical controls by checking for the separation of duties.

Reports

Internal controls are strong if management receives reports from different areas of activity and can compare key variables. For example, if you get regular reports from manufacturing that include quantity of items shipped, and from sales with total sales figures, total sales over a period of time have to equal total items shipped. If you receive employee expense reports with gas charged to company credit cards, and reports of company payments, the total amount paid for gas has to equal the total reported by employees. Weak controls are those where variables from reports can't be compared.

Authorization

A consistent structure of authorizations is an element of strong controls. When responsible employees sign off on each stage of a procedure, you can track problems to find out where the problem originated. For example, a new product may require an authorization to proceed with a design, several approvals during the design process, an authorization to send it to manufacturing and an authorization to ship it. If the product has frequent failures in one of the design elements, you can trace the responsibility back through the authorizations and fix the problem to prevent a repetition. A weak system of controls doesn't allow you to trace responsibility.

Advertisement

Security

Access controls, both physical and digital, form an important part of your internal company controls. An assessment has to identify which areas of your facilities, such as data centers and warehouses, must have restricted physical access. You can then evaluate how strong your controls are by looking at the physical barriers to access and the records of who accessed the controlled facilities. Your assessment can apply a similar procedure for digital access, identifying which networked computers and servers should have restricted access and the effectiveness of the controls. A strong control limits access to authorized personnel and records who gained access and the time and date. A weak control doesn't control access and doesn't record the information reliably.

Bert Markgraf

Bert Markgraf is a freelance writer with a strong science and engineering background. He started writing technical papers while working as an engineer in the 1980s. More recently, after starting his own business in IT, he helped organize…

Sponsored
Bizfluent Logo

Bizfluent equips entrepreneurs with the tools and tactics they need to build and grow their small businesses, from starting a first venture to refreshing an established one.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.