Internal control is a process put in place to minimize risk, ensure compliance with applicable laws and regulations, and to eliminate fraud and abuse.
The COSO Framework is a depiction of one of the most widely recognized and applied risk management frameworks in the world. The COSO model was developed by the Committee of Sponsoring Organizations of the Treadway Commission.
Internal Controls are effectively broken up into five separate components in order to support the organization’s mission, strategies and business objectives.
- Control Environment
- Risk Assessment
- Existing Control Activities
- Information and Communication
1. Control Environment
Sets the overall tone of the organization and is the foundation for all other components of internal control. Includes elements such as:
- Management’s integrity and ethical values
- Operating philosophy
- Organizational structure
- HR policies and practices
2. Risk Assessment
The identification and analysis of relevant risks to achievement of objectives.
Areas where risk may arise are:
- Rapid expansion of operations
- Corporate restructuring
- Incorporation of new technology
3. Existing Control Activities
Are the policies and procedures that ensure management directives are carried out and risks are addressed.
- Pre-numbering documents (your checkbook)
- Signed approval of transactions
- Checks and Balances
- Documentation (paper trail)
- Physical Controls (security)
The process that assesses the quality of internal control performance over time.
- Management: Establish & Maintain Internal Control
- Evaluation of Internal Control performance
- Internal Audit to Evaluate & Recommend Improvements
- Evaluation of Communications
5. Information and Communication
INFORMATION encompasses the accounting system as well as any other methods & records that:
- Identify and record all valid transactions
- Describe and allow proper classification
- Present transactions in financial statements
- Measure monetary value of transactions
COMMUNICATION involves providing an understanding of individual roles and responsibilities pertaining to internal control and financial reporting. Auditors look for:
- The methods used to communicate
- Communications between management and those with governance
- Communication between management and external parties
Segregation of Duties: Safeguarding Assets, is a form of Internal Controls.
Segregation of Duties is a key part of implemented internal controls over a company’s assets. Segregation of Duties Focuses on two parts:
- Checks and Balances, oversight and review to catch errors
- Prevent Fraud and Abuse by separating the responsibility of key functions of the transactions of money.
Learn more about segregation of duties by going to our article on – What is “Segregation of Duties”?
COSO Internal Controls- Integrated Framework Principles, ©  Committee of Sponsoring Organizations of the Treadway Commission (COSO). All rights reserved. Used with permission.
This publication is designed to provide information of federal tax and accounting laws and/or regulations. It is presented with the understanding that the author is not rendering legal or accounting services.
This text is not intended to address every situation that arises or provide specific, strategic tax and/or accounting planning advice. This text should not be used solely to answer tax and/or accounting questions and you should consult additional sources of information, as needed, to determine the solution to tax and/or accounting questions.
This text has been prepared with due diligence. However, the possibility of mechanical or human error does exist and the author accepts no responsibility or liability regarding this material and its use. This text is not intended or written by the practitioner to be used and cannot be used by a taxpayer or tax return preparer, for the purpose of avoiding penalties that may be imposed.