There are five components of an organization's internal control system.
-
CONTROL ENVIRONMENT: - This is the attitude of the organization's executive management and staff regarding
internal controls. A sound control environment is the foundation for all other components
of internal control, providing discipline and structure. The basic elements of the
control environment include -
- Integrity and ethical values
- Leadership philosophy and operating cycle
- The commitment to competence
- The manner in which management assigns authority and responsibility, organization
and development of its employees
-
RISK ASSESSMENT: - This involves management's identification of areas at most risk and implementation
of controls to detect errors or fraud that potentially result in material misstatements.
Examples include -
- Unrecorded revenue or expense transactions
- Ghost employees on payroll
- Payments to fictitious vendors
- Confirmation of inventory
-
CONTROL ACTIVITIES: - Control activities occur within the internal control system. Internal controls are
developed and implemented to prevent or to mitigate any risks identified. These are
actually the specific policies, procedures and processes that are designed to meet
the business objectives. There are a range of controls, which include -
- Segregation of duties
- Reconciliation
- Physical security of assets
- Electronic data security
-
INFORMATION AND COMMUNICATION: - This area focuses on the systems and reports that help ensure that management directives
to employees are carried out effectively.
-
MONITORING: - This involves assessing the quality and effectiveness of the organization's internal
control over time. Monitoring can be an internal or external activity by management,
employees or outside parties. Monitoring can involve the following -
- Assessing the design and operation of controls
- Assessing the compliance with policies and procedures
- Providing for implementation of corrective action plans