According to Louwers, Ramsay, Sinason, and Strawser (2007) the five components to internal controls include control environment, risk assessment, control activities, monitoring, and information and communication. Control environment involves the tone of the organization and includes “the integrity, ethical values, and competence of the company's people” (Louwers, Ramsay, Sinason, & Strawser, 2007). Risk assessment involves a thorough assessment which “identify(s) risks, estimate their significance and likelihood, and consider how to manage the risks” (Louwers, Ramsay, Sinason, & Strawser, 2007). Control activities involve specific actions which help ensure that management’s goals and projections are met. Monitoring involves the continuous assessment of internal controls. Information and communication relates to the efficiency and reliability of information and communication regarding how the information is presented and communicated to users.
Internal controls protect the financial information and operations of a business. The development and implementation of these controls are typically the responsibility of the business owners. Internal or external audits may be used to gauge the efficiency of internal controls. This audit generally takes place following a standard process of risk measurement regarding the business operations and financial information. The measurement data is most effectively determined by using an internal control checklist.
Phase One: Understand and Document the Client’s Internal Control
Obtaining an Understanding
Control Environment Evaluation