Skip to main content
Internal Auditor


Isaac Williams

925-682-8000 ext. 4206

district logo

About Internal Controls

Internal controls are an important part of any business as well as a district. An internal control system includes policies and procedures that management designs and implements to provide reasonable assurance that its objectives will be met. Such objectives include safeguarding district assets, promoting efficiency and providing reliable financial information and records.

Internal control systems are based on the principle of separation of duties. This separation makes it more difficult for theft or undetected errors. No one person should be in a position to control a transaction from initiation to completion and recording into the books.  Internal controls can be preventive, detective or corrective in nature:

Preventive controls are designed to discourage or pre-empt errors or irregularities from occurring. They are more cost-effective than detective controls. Credit checks, job descriptions, required authorization signatures, data entry checks and physical control over assets to prevent their improper use are all examples of preventive controls.

Detective controls are designed to search for and identify errors after they have occurred. They are more expensive than preventive controls, but still essential since they measure the effectiveness of preventive controls and are the only way to effectively control certain types of errors. Account reviews and reconciliations, observations of payroll distribution, periodic physical inventory counts, passwords, transaction edits and internal auditors are all examples of detective controls.

Corrective controls are designed to prevent the recurrence of errors. They begin when improper outcomes occur and are detected and focus the "spotlight" on the problem until management can solve the problem or correct the defect. Quality circle teams and budget variance reports are examples of corrective controls. You can evaluate controls in your department's operations by following the same process.


Control activities are those specific policies and procedures that help ensure management directives are implemented. They include a wide range of activities that occur throughout the organization, by supervisory and front-line personnel. This is not an all-inclusive list, but represent some examples of common control activities:

  • Segregation of Duties - Duties are divided, or segregated, among different people to reduce the risk of error or inappropriate actions. For instance, responsibilities for authorizing transactions, recording them, and handling the related asset are divided.
  • Physical Controls - Equipment, inventories, securities, cash and other assets are secured physically, and periodically counted and compared with amounts shown on control records. Access is restricted to those with authority to handle them.
  • Reconciliations - Comparisons are made between similar records maintained by different persons to verify transaction details.
  • Policies and Procedures - Established policies, procedures and even job descriptions provide guidance and training to ensure consistent performance at a required level of quality.
  • Transaction and Activity Reviews - Managers running functions or activities review performance reports. They may relate different sets of data - operating or financial - to one another, together with analyses of the relationships.
  • Information Processing Controls - A variety of controls are performed to check accuracy, completeness and authorization of transactions. Data entered are subject to edit checks or matching to approved control files. Numerical sequences of transactions are accounted for, and file totals are controlled and reconciled with prior balances and control accounts. Development of new systems and changes to existing ones are controlled, as is access to data, files and programs.


Recommendations for Developing an Internal Control System
  1. Designate the cash handling responsibilities to specific individual(s)
  2. Do not allow the person responsible for bookkeeping to handle cash. There must be segregation of duties.
  3. Use pre-numbered receipts for all cash collections.
  4. Carefully review all bank deposits before making the deposit.
  5. Promptly make deposits intact (no money held back for expenses)
  6. Secure cash in a safe, or cash register.
  7. If a cash register is used, establish policies for overages and shortages.
  8. Make all payments by checks except for small amounts to be paid by petty cash. Petty cash should be maintained on the impress method, requiring documentation to support all inflows and outflows of cash.
  9. Use proper documentation to support all disbursements.
  10. Keep all cash-related documents secured when not in use.
  11. Whenever possible, use outside documentation to compare against your records.
  12. Make a visible indication of reviews on documents reviewed. The control system should never exist on only paper, and employees should see evidence of its application.
  13. Set up the control system early to prevent problems, rather than as a reaction to loss.
  14. Provide the internal control system with ways to identify the source of errors to direct remedial errors.