The article deals with one element of the company’s internal control system: the control procedures.
The author improved the pattern of the control procedures by grouping all the procedures according to the parameters of the control object, type and time. Four levels have been distinguished: 1) operative control; 2) supervision; 3) management control; and 4) internal audit procedures. Operative control procedures have decisive influence on the whole internal control system. According to the targets, the procedures of this level are divided into two groups: I) overall and 2) specific control procedures.
Analysis of the works of Lithuanian and foreign scientists led to revised classification of the control procedures. A new category was added to the said control procedures: ensuring satisfactory qualification of the staff, since the achievement of the goals set by the company mainly depends on the staff. Moreover, the “protection of property and records” has been expanded to the “resource protection”.
The general control procedures are divided into four groups: 1) relevant separation of the staff functions; 2) approval of the operations; 3) documentation; 4) resource protection. It has been established that:
• Separation of functions is especially difficult in small companies, since those do not employ sufficient number of persons to enable even allocation of individual control functions. In small and medium enterprises the following should be separated: 1) property protection; 2) approval of operation; 3) accounting. Where an employee is given incompatible functions, his performance should be controlled more strictly.
• Scientific works on audit and control to not give sufficient thought to this problem. Moreover, only traditional property protection means are employed. The article deals with the system of company resource protection. A special emphasis is put on the data protection when using the Internet, since currently a vast majority of computers connected to the Internet in our country are completely unprotected. The paper comes up with the major groups of risks emerging while using the Internet 1) disclosure of confidential information; 2) loss of data; 3) financial losses; 4) network overload; 5) deterioration of the company image. It offers means which are essential for reducing the aforementioned risk types.
• When a company employs insufficiently qualified staff, it faces possible errors which would make a negative effect on the company business, thus control of the staff is essential. The paper points out the control types which are required in this field: 1) relevant monitoring and supervision of the staff activities; 2) Assessment of the staff performance through certification carried out from time to time; 3) staff training.