What are Internal Controls?

Purpose:

The COSO Framework is a depiction of one of the most widely recognized and applied risk management frameworks in the world. The COSO model was developed by the Committee of Sponsoring Organizations of the Treadway Commission.

Internal Controls are effectively broken up into five separate components in order to support the organization’s mission, strategies, and business objectives.

1. Control Environment

2. Risk Assessment

3. Existing Control Activities

4. Monitoring

5. Information and Communication

1. Control Environment

Sets the overall tone of the organization and is the foundation for all other components of internal control. Includes elements such as:

• Management’s integrity and ethical values

• Operating philosophy

• Organizational structure

• HR policies and practices

2. Risk Assessment

The identification and analysis of relevant risks to the achievement of objectives.
Areas, where risk may arise, are:

• Rapid expansion of operations

• Corporate restructuring

• Acquisitions

• Incorporation of new technology

3. Existing Control Activities

Are the policies and procedures that ensure management directives are carried out and risks are addressed?

Control Activities:

• Pre-numbering documents (your checkbook)

• Signed approval of transactions

• Checks and Balances

• Documentation (paper trail)

• Physical Controls (security)

4. Monitoring

The process assesses the quality of internal control performance over time.
Monitoring actions:

• Management: Establish & Maintain Internal Control

• Evaluation of Internal Control performance

• Internal Audit to Evaluate & Recommend Improvements

• Evaluation of Communications

5. Information and Communication

INFORMATION encompasses the accounting system as well as any other methods & records that:

• Identify and record all valid transactions

• Describe and allow proper classification

• Present transactions in financial statements

• Measure monetary value of transactions

COMMUNICATION involves providing an understanding of individual roles and responsibilities pertaining to internal control and financial reporting. Auditors look for:

• The methods used to communicate

• Communications between management and those with governance

• Communication between management and external parties

Segregation of Duties: Safeguarding Assets, is a form of Internal Controls.

Segregation of Duties is a key part of implemented internal controls over a company’s assets. Segregation of Duties Focuses on two parts:

1. Checks and Balances, oversight and review to catch errors

2. Prevent Fraud and Abuse by separating the responsibility of key functions of the transactions of money.

Learn more about segregation of duties by going to our article on – What is “Segregation of Duties”?

Source:
COSO Internal Controls- Integrated Framework Principles, © [2013] Committee of Sponsoring Organizations of the Treadway Commission (COSO). All rights reserved. Used with permission.