Internal control

From Citizendium
Revision as of 14:24, 12 September 2008 by imported>Matti Mattila (First version)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Internal control is a system for increasing likelihood that a goal-oriented process works as planned. It contributes to achievement of objectives and other expectations set to the process, including expectations about acceptable or allowed behavior [1].

History

Concept of internal control was earlier associated primary with finacial management. It consisted of control activities, also called controls, against frauds and other irregularities. Examples of controls are reviews, reconciliations, and segration of duties. Nowerdays it is generally agreed that internal control is most important for the business itself.

Frameworks and models

Frameworks and models have emerged to make it easy to examine internal control and communicate about it. According to them internal control has objectives derived from the business needs: ensuring achievement expectations regarding of operational effectiveness and efficiency, reporting, and compliance with laws, regualations and rules. Achievement of these objectives is supported by elements: behavior of employees and management, information needed in control, and various control activities.

Examples of internal control frameworks and models:

  • COBIT: Control Objectives for Information and related Technology (COBIT) by IT Governance Insitute (1996, 1998, 2000)
  • ECAR: ECAR model by Matti Mattila
  • CoCo: Guidance on Control by The Canadian Institute of Chartered Accountants (1995)
  • COSO IC: Internal control - integrated framework by Committee of Sponsorng Organizatons of the Tradway Commission (1992)

References

[1] Matti Mattila: Tehtävänä valvonta (1997)