CHAPTER 1: DEFINITION
Internal Control is a process, effected by an entity’s board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: - Effectiveness and efficiency of operations
- Reliability or financial reporting
- Compliance with applicable laws and regulations.
Internal control is:
- A process; Internal control is not one event or circumstance, but a series of actions that permeate an entity’s activities. These actions are pervasive, and are inherent in the way management runs the business. Business processes are managed through the basic management processes of planning, executing and monitoring. They should be “built in” rather than “built on”. “Building in” controls can directly affect an entity’s ability to reach its goals, and supports businesses’ quality initiatives. - People; Internal control is effected by a board of directors, management and other personnel in an entity. Internal control affects people’s actions. These realities affect, and are affected by, internal control. - Reasonable assurance; Internal control, not matter how well designed and operated, can provide only reasonable assurance to management and the board of directors regarding achievement of an entity’s objectives. The likelihood of achievement is affected by limitations inherent in all internal control systems, such as human judgment. - Objectives; Every entity sets out on a mission, establishing objectives it wants to achieve and strategies for achieving them. Objectives fall into three categories: - Operations – relating to effective and efficient use of the entity’s resources - Financial reporting – relating to preparation of reliable published financial statements - Compliance – relating to the entity’s compliance with applicable laws and regulations
Internal control consists of five interrelated components:
- Control environment; The core of any business is people – their individual attributes, including integrity, ethical values and competence – and the environment in which they operate - Risk assessment; The entity must be aware of and deal with the risks it faces. It must set objectives, integrated with the sales, production, marketing, financial and other activities so that the organization is operating in concert. It also must establish mechanisms to identify, analyze and manage the related risks. - Control activities; Control policies and procedures must be established and executed to help ensure that the actions identified by management as necessary to address risks to achievement of the entity’s objectives are effectively carried out. - Information and communication; Surrounding these activities are information and communication systems. These enable the entity’s people to capture and exchange the information needed to conduct, manage and control its operations - Monitoring; The entire process must be monitored, and modifications made as necessary. In this way, the system can react dynamically, changing as conditions warrant.
There is a direct relationship between objectives, which are what an entity strives to achieve, and components, which represent what is needed to achieve the objectives. Internal control is relevant to an entire enterprise, or to any of its unit or activities.
Internal control can be judged effective in each of the three categories, respectively, if the board of directors and management have reasonable assurance that: - They understand the extent to which the entity’s operations objectives are being achieved. - Published financial statements are being prepared reliably. - Applicable laws and regulations are being complied with. While internal control is a process, its effectiveness is a state or condition of the process at a point in time.
Although all five...