Internal control

From Citizendium
Revision as of 14:44, 12 September 2008 by imported>Matti Mattila (Rearrangement of text)
Jump to navigation Jump to search


Internal control is a system for increasing likelihood that a goal-oriented process works as planned. It contributes to achievement of objectives and other expectations set to the process, including expectations about acceptable or allowed behavior [1].

Concept of internal control was earlier associated primary with financial management, as a precaution for frauds and other irregularities. Nowerdays it is generally agreed that internal control is needed because of the needs of the business itself.

Frameworks

Frameworks, also called models, have emerged to make it easy to examine internal control and to communicate about it. According to these frameworks internal control has objectives derived from business needs: ensuring achievement of expectations as regards operational effectiveness and efficiency, reporting, and compliance with laws, regulations and rules. These objectives are aspired after with elements that can be put in three categories: behavior of employees and management, information needed for control, and various control activities. Examples of the latter are reviews, reconciliations, computer assisted checks, and segration of duties.

Examples of internal control frameworks and models are

  • COBIT: Control Objectives for Information and related Technology (COBIT) by IT Governance Insitute (1996, 1998, 2000)
  • ECAR: ECAR model by Matti Mattila
  • CoCo: Guidance on Control by The Canadian Institute of Chartered Accountants (1995)
  • COSO IC: Internal control - integrated framework by Committee of Sponsorng Organizatons of the Tradway Commission (1992)

References

[1] Matti Mattila: Tehtävänä valvonta (1997)