Internal control is an integral part of an organization’s governance system and ability to manage risk, which is understood, effected, and actively monitored by the governing body, management, and other personnel to take advantage of the opportunities and to counter the threats to achieving the organization’s objectives (IFAC 2012).
Arad & Philee (2013) define internal control as “the integration of the activities, plans, attitudes, policies, and efforts of the people of an organization working together to provide reasonable assurance that the organization will achieve its objectives and mission”. “Internal control is focused on achievement of the organization's mission. Therefore, it is vital that an organization have a clearly stated mission that is known and understood by everyone in the organization. Therefore, goals and objectives are much less likely to be met if internal control is poor” (Philee, 2009). Internal control is a crucial aspect of an organization’s governance system and ability to manage risk, and is fundamental to supporting the achievement of an organization’s objectives and creating, enhancing, and protecting stakeholder value. High-profile organizational failures typically lead to the imposition of additional rules and requirements, as well as to subsequent time-consuming and costly compliance efforts. However, this obscures the fact that the right kind of internal controls enabling an organization to capitalize on opportunities while offsetting the threats can actually save time and money, and promote the creation and preservation of value. (Philee 2009, IFAC 2012) According to IFAC (2012) Internal control is defined as a process, instituted by an entity's board of directors, management and other personnel, designed to provide reasonable assurance that the following objectives are being achieved: 1. Effectiveness and efficiency of operations
2. Reliability of financial reporting