What are Internal Controls?

Internal control is a process put in place to minimize risk, ensure compliance with applicable laws and regulations, and to eliminate fraud and abuse.
what are internal controls featured image ProAdvisor CPA


The COSO Framework is a depiction of one of the most widely recognized and applied risk management frameworks in the world. The COSO model was developed by the Committee of Sponsoring Organizations of the Treadway Commission.

Internal Controls are effectively broken up into five separate components in order to support the organization’s mission, strategies, and business objectives.

  1. Control Environment

  2. Risk Assessment

  3. Existing Control Activities

  4. Monitoring

  5. Information and Communication


1. Control Environment

Sets the overall tone of the organization and is the foundation for all other components of internal control. Includes elements such as:

  • Management’s integrity and ethical values

  • Operating philosophy

  • Organizational structure

  • HR policies and practices


2. Risk Assessment

The identification and analysis of relevant risks to the achievement of objectives.
Areas, where risk may arise, are:

  • Rapid expansion of operations

  • Corporate restructuring

  • Acquisitions

  • Incorporation of new technology


3. Existing Control Activities

Are the policies and procedures that ensure management directives are carried out and risks are addressed?

Control Activities:

  • Pre-numbering documents (your checkbook)

  • Signed approval of transactions

  • Checks and Balances

  • Documentation (paper trail)

  • Physical Controls (security)


4. Monitoring

The process assesses the quality of internal control performance over time.
Monitoring actions:

  • Management: Establish & Maintain Internal Control

  • Evaluation of Internal Control performance

  • Internal Audit to Evaluate & Recommend Improvements

  • Evaluation of Communications


5. Information and Communication

INFORMATION encompasses the accounting system as well as any other methods & records that:

  • Identify and record all valid transactions

  • Describe and allow proper classification

  • Present transactions in financial statements

  • Measure monetary value of transactions

COMMUNICATION involves providing an understanding of individual roles and responsibilities pertaining to internal control and financial reporting. Auditors look for:

  • The methods used to communicate

  • Communications between management and those with governance

  • Communication between management and external parties


Segregation of Duties: Safeguarding Assets, is a form of Internal Controls.

Segregation of Duties is a key part of implemented internal controls over a company’s assets. Segregation of Duties Focuses on two parts:

  1. Checks and Balances, oversight and review to catch errors

  2. Prevent Fraud and Abuse by separating the responsibility of key functions of the transactions of money.

Learn more about segregation of duties by going to our article on – What is “Segregation of Duties”?


COSO Internal Controls- Integrated Framework Principles, © [2013] Committee of Sponsoring Organizations of the Treadway Commission (COSO). All rights reserved. Used with permission.

This publication is designed to provide information on federal tax and accounting laws and/or regulations. It is presented with the understanding that the author is not rendering legal or accounting services.

This text is not intended to address every situation that arises or provide specific, strategic tax and/or accounting planning advice. This text should not be used solely to answer tax and/or accounting questions and you should consult additional sources of information, as needed, to determine the solution to tax and/or accounting questions.

This text has been prepared with due diligence. However, the possibility of mechanical or human error does exist and the author accepts no responsibility or liability regarding this material and its use. This text is not intended or written by the practitioner to be used and cannot be used by a taxpayer or tax return preparer, for the purpose of avoiding penalties that may be imposed.

Call To Action (Bookkeeping)

Don't forget to share this post!

Related Articles






Copyright 2023 © ProAdvisor CPA
All Rights Reserved

Privacy PolicyTerms and Conditions

ProAdvisor CPA is an active, registered, & licensed Certified Public Accounting firm that abides by the strict regulations of the State Board of Accountancy.