Internal Control

Internal Control is a process affected by an organization's governing board, management, administration, and personnel and is designed to provide reasonable assurance regarding the achievement of objectives in the following categories:

effectiveness and efficiency of operations;
reliability of financial reporting; and
compliance with applicable laws and regulations.

This definition reflects certain fundamental concepts:

Internal control is a process. It is a means to an end, not an end in itself.
Internal control is affected by people. It involves not only policy manuals and forms, but also people functioning at every level of the organization.
Internal control is geared to the achievement of objectives in several overlapping categories.
Internal control can be expected to provide only reasonable assurance to an organization's leaders regarding achievement of operational, financial reporting, and compliance objectives.^[1]

Internal controls are one of the most essential elements within any organization. Internal controls are put in place to enable organizations to achieve their goals and missions. Management is responsible for the design, implementation, and maintenance of all internal controls, with the Board responsible for the overall oversight of the control environment. Strong internal controls allow for organizations to achieve three main objectives. These three objectives are: accurate and reliable financial reporting, compliance with laws and regulations, and effectiveness and efficiency of the organizations operations. In order to achieve these objectives an internal control framework needs to be applied and followed throughout the organization. The five components of the internal control framework are control environment, risk assessment, control activities, information and communication, and monitoring.^[2]

Components of Internal Control^[3]
The framework of a good internal control system includes:

Control environment: A sound control environment is created by management through communication, attitude and example. This includes a focus on integrity, a commitment to investigating discrepancies, diligence in designing systems and assigning responsibilities.
Risk Assessment: This involves identifying the areas in which the greatest threat or risk of inaccuracies or loss exist. To be most efficient, the greatest risks should receive the greatest amount of effort and level of control. For example, dollar amount or the nature of the transaction (for instance, those that involve cash) might be an indication of the related risk.
Monitoring and Reviewing: The system of internal control should be periodically reviewed by management. By performing a periodic assessment, management assures that internal control activities have not become obsolete or lost due to turnover or other factors. They should also be enhanced to remain sufficient for the current state of risks.
Information and communication: The availability of information and a clear and evident plan for communicating responsibilities and expectations is paramount to a good internal control system.
Control activities: These are the activities that occur within an internal control system.

source: Reliability First

↑ What Does Internal Control Mean? Michigan Tech
↑ What is the Objective of Internal Controls? Cerini & associates
↑ The Framework for Internal Control University of Washington

[1] What Does Internal Control Mean? Michigan Tech

[2] What is the Objective of Internal Controls? Cerini & associates

[3] The Framework for Internal Control University of Washington

[1]

[2]

[3]