Thursday, August 9, 2012

Internal Control Procedures or Activities SPAMSOAP for Risk Management

SPAMSOAP is the mnemonic used to remember control activities or procedures.


Segregation Of Duties

Duties or authorities should be should divided between employees in the way that no one individual or group of individuals have unfettered (unrestricted) control over an activity or transaction.

However, this control can be evaded by collusion (union) between employees. Therefore, it should be reviewed for possibility of collusion between employees in order to commit unethical and illegal act such as fraud.


Physical Control

Asset both tangible and intangible (copyright certificates, software etc.) asset should be safeguarded against misuse, damage, theft etc.


Arithmetical & Accounting

Financial and non-financial information for internal and external reporting purpose should be accurate and complete.

To ensure this, reconciliation (bank reconciliation), re-performance and re-calculation of monetary values for each material source document (invoices, GRN etc) should be done.

Reliability of information should be determined by comparing internal information with external information.



Management should exercise control to ensure that all internal control systems are working in a proper manner and they are followed by employees. It includes establishing information systems to gather relevant information for performance management and internal audit function to enable them to evaluate the effectiveness of internal control system.


It means monitoring and reviewing work of individual employees, functions and organization as whole.

It communicates employees that their performances are being observed, measured and they can be reward or penalised for their good or bad performance.



Communicating and coordinating activities across whole organization.

To accomplish this, role and responsibilities, reporting lines and organizational structure should be formally established and clearly communicated.


Authorization And Approval

It requires permission or signature of person(s) at an appropriate level in the organization.

It ensures that only activities and expenditures that are necessary for the achievement of organizational objectives are made.



Key employees should be retained and underperforming employees should be motivated and trained to achieve standard level of performance.

Clear and formal policies & procedures should be established for rewarding or penalising employees.