Internal control: Difference between revisions

From Citizendium
Jump to navigation Jump to search
imported>Matti Mattila
m (Minor text transfers)
mNo edit summary
 
(14 intermediate revisions by 4 users not shown)
Line 1: Line 1:
'''Internal control''' is a system, built within any goal-oriented process, for increasing likelihood that the process works as planned. It contributes to achievement of objectives and other expectations set to the process, including expectations about acceptable or allowed behavior [1]. The concept of internal control has been strongly associated with financial management.  
{{subpages}}
{{TOC|right}}
'''Internal control''' is a system, built within any goal-oriented process, for increasing likelihood that the process works as planned. It contributes to achievement of objectives and other expectations set to the process, including expectations about acceptable or allowed behavior<small><sup>1</sup></small>. The concept of internal control has been strongly associated with financial management, especially with the [[Sarbanes-Oxley Act]].  


==Frameworks==
==Frameworks==
Frameworks, also called models, have emerged to make it easy to examine and analyse internal control and to communicate about it. These frameworks describe the purpose and structure of internal control. They identify internal control objectives, which are derived from general business needs. Objectives typically address such things as (1) achievement of expectations as regards operational effectiveness and efficiency, (2) reporting, (3) and compliance with laws, regulations and standards. Control objectives are aspired after using elements that can be put in three categories: (1) behavior of management and other staff, (2) information needed for control, (3) and control arragements. Examples of the latter are reviews, reconciliations, computer assisted checks, and segration of duties.  
Frameworks, also called models, have emerged to make it easy to understand and analyse internal control and to communicate about it. These frameworks describe the purpose and structure of internal control, including control objectives and control elements.  


Examples of internal control frameworks and models are
Control objectives are derived from general business objectives. They can address such things as achievement of expectations as regards operational effectiveness and efficiency; reporting; and compliance with laws, regulations and standards.  
* [http://www.www.isaca.org/cobit COBIT]: Control Objectives for Information and related Technology (COBIT) by IT Governance Insitute (1996, 1998, 2000)
* [http://www.saunalahti.fi/mmla/e01.html ECAR]: ECAR model by Matti Mattila
* CoCo: Guidance on Control by The Canadian Institute of Chartered Accountants (1995)
* [http://www.coso.org COSO IC]: Internal control - integrated framework by Committee of Sponsorng Organizatons of the Tradway Commission (1992)


==Creation of internal control system==
Control elements are the means by which control objectives are aspired after. The elements can be put in three broad categories:
Internal control is created in planning, organizing and directing of a process. Direction gives the objectives which to derive control objectives from. Builders of a process plan how the process should proceed. They identify usual cases of disturbance, and prepare the process for them with controls and other internal control elements. It is impossible to make a process protected against all risks, e.g. against collution by several workers or management override of controls. Thus there are inherently limitations to internal control [2].  
# behavior of management and other staff. This can be affected e.g. with code of ethics; accountability; communication; rewards and sanctions; and example by managers.  
# information needed for control: in particular departures from standards and budgets, and other anomalies, as well as information by systems to prevent errors.
# control arrangements - such as authorization of a transaction, review of work done, reconciliation, computer assisted check, passwords, and segregation of duties.  


==Monotoring and assessing internal control==
==Creation of internal control==
It is board's task, as part of corporate governance, to ensure the integrity of the corporation’s accounting and financial reporting systems and that appropriate systems of control are in place [3]. An organization can hire internal auditors or buy internal audit services for audit of internal control.  Internal control is also assessed and audited by external auditors on areas relevant to their assigment.  
Internal control is created in planning, organizing and directing of a process. Direction gives the objectives which to derive control objectives from. Builders of a process plan how the process should proceed. They identify usual cases of disturbance, and prepare the process for them with controls and other internal control elements. It is not possible to protect process against all risks, e.g. against collusion by several workers or management override of controls. Thus there are inherently limitations to internal control <small><sup>2</sup></small>.
 
==Monitoring and assessing internal control==
It is a task of the board of directors, or other such body or person, as part of corporate governance, to ensure the internal control works as intended. The internal structure of the company shall be reviewed continuously by the board to ensure that there are clear lines of accountability for management throughout the organisation<small><sup>3</sup></small>. An organization can hire internal auditors or buy internal audit services to audit of internal control.  Internal control is also assessed and audited by external auditors on areas relevant to their assignment.


==References==
==References==
[1] Matti Mattila: Tehtävänä valvonta (1997); ISBN 978-952-92-3090-7, page 7
<sup>1</sup> Matti Mattila: Tehtävänä valvonta (1997); ISBN 978-952-92-3090-7, page 7
 
<sup>2</sup> Matti Mattila: Tehtävänä valvonta (1997); ISBN 978-952-92-3090-7, page 7
 
<sup>3</sup> [http://www.oecd.org/dataoecd/32/18/31557724.pdf OECD Principles of Corporate Governance], page 62
 
==See also==
IT Governance Institute: [http://www.isaca.org/cobit Control Objectives for Information and related Technology] (2007)
 
Matti Mattila: [http://www.saunalahti.fi/mmla/e01.html ECAR model] (2007)


[2] Matti Mattila: Tehtävänä valvonta (1997); ISBN 978-952-92-3090-7, page 7
The Canadian Institute of Chartered Accountants: Guidance on Control (1995)


[3] [http://www.oecd.org/dataoecd/32/18/31557724.pdf OECD Principles of Corporate Governance], page 62
The Committee of Sponsoring Organizatons of the Tradway Commission [http://www.coso.org Internal control - integrated framework] (1992)[[Category:Suggestion Bot Tag]]

Latest revision as of 16:01, 1 September 2024

This article is developing and not approved.
Main Article
Discussion
Related Articles  [?]
Bibliography  [?]
External Links  [?]
Citable Version  [?]
 
This editable Main Article is under development and subject to a disclaimer.

Internal control is a system, built within any goal-oriented process, for increasing likelihood that the process works as planned. It contributes to achievement of objectives and other expectations set to the process, including expectations about acceptable or allowed behavior1. The concept of internal control has been strongly associated with financial management, especially with the Sarbanes-Oxley Act.

Frameworks

Frameworks, also called models, have emerged to make it easy to understand and analyse internal control and to communicate about it. These frameworks describe the purpose and structure of internal control, including control objectives and control elements.

Control objectives are derived from general business objectives. They can address such things as achievement of expectations as regards operational effectiveness and efficiency; reporting; and compliance with laws, regulations and standards.

Control elements are the means by which control objectives are aspired after. The elements can be put in three broad categories:

  1. behavior of management and other staff. This can be affected e.g. with code of ethics; accountability; communication; rewards and sanctions; and example by managers.
  2. information needed for control: in particular departures from standards and budgets, and other anomalies, as well as information by systems to prevent errors.
  3. control arrangements - such as authorization of a transaction, review of work done, reconciliation, computer assisted check, passwords, and segregation of duties.

Creation of internal control

Internal control is created in planning, organizing and directing of a process. Direction gives the objectives which to derive control objectives from. Builders of a process plan how the process should proceed. They identify usual cases of disturbance, and prepare the process for them with controls and other internal control elements. It is not possible to protect process against all risks, e.g. against collusion by several workers or management override of controls. Thus there are inherently limitations to internal control 2.

Monitoring and assessing internal control

It is a task of the board of directors, or other such body or person, as part of corporate governance, to ensure the internal control works as intended. The internal structure of the company shall be reviewed continuously by the board to ensure that there are clear lines of accountability for management throughout the organisation3. An organization can hire internal auditors or buy internal audit services to audit of internal control. Internal control is also assessed and audited by external auditors on areas relevant to their assignment.

References

1 Matti Mattila: Tehtävänä valvonta (1997); ISBN 978-952-92-3090-7, page 7

2 Matti Mattila: Tehtävänä valvonta (1997); ISBN 978-952-92-3090-7, page 7

3 OECD Principles of Corporate Governance, page 62

See also

IT Governance Institute: Control Objectives for Information and related Technology (2007)

Matti Mattila: ECAR model (2007)

The Canadian Institute of Chartered Accountants: Guidance on Control (1995)

The Committee of Sponsoring Organizatons of the Tradway Commission Internal control - integrated framework (1992)