To those of us in the audit profession it seems intuitively obvious what internal controls are and the reason for having them. Unfortunately in many organizations internal auditors spend a great deal of time and effort explaining to others (including management) what constitutes internal controls, who is responsible for establishing controls and who evaluates those controls to determine if they are adequate and working as designed. This page should answer those questions and provide guidance on what can be done to communicate to management, boards and senior executives the concept of internal control.
In plain English, internal controls are like good old common sense practices. In your personal life, you exercise good internal control principles when you:
More formally, internal control is broadly defined as a process, affected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories:
Internal controls are tools that help managers be effective and efficient while avoiding serious problems such as overspending, operational failures, and violations of law. Internal controls are the structure, policies, and procedures put in place to provide reasonable assurance that management meets its objectives and fulfills its responsibilities. Management meets its responsibilities for internal controls when:
Effective internal control begins with written goals and objectives including:
The principles of effective internal control should ensure that: