Internal control

From Citizendium
Revision as of 01:38, 13 September 2008 by imported>Matti Mattila (Furher editing of article started yesterday)
Jump to navigation Jump to search

Internal control is a system, built within any goal-oriented process, for increasing likelihood that the process works as planned. It contributes to achievement of objectives and other expectations set to the process, including expectations about acceptable or allowed behavior [1].

The concept of internal control has been strongly associated with financial management. It is board's task, as part of corporate governance, to ensure the integrity of the corporation’s accounting and financial reporting systems and that appropriate systems of control are in place [2].

Frameworks

Frameworks, also called models, have emerged to make it easy to examine and analyse internal control and to communicate about it. These frameworks describe the purpose and structure of internal control. They identify internal control objectives, which are derived from general business needs. Objectives typically address such things as (1) achievement of expectations as regards operational effectiveness and efficiency, (2) reporting, (3) and compliance with laws, regulations and standards. Control objectives are aspired after using elements that can be put in three categories: (1) behavior of management and other staff, (2) information needed for control, (3) and control arragements. Examples of the latter are reviews, reconciliations, computer assisted checks, and segration of duties.

Examples of internal control frameworks and models are

  • COBIT: Control Objectives for Information and related Technology (COBIT) by IT Governance Insitute (1996, 1998, 2000)
  • ECAR: ECAR model by Matti Mattila
  • CoCo: Guidance on Control by The Canadian Institute of Chartered Accountants (1995)
  • COSO IC: Internal control - integrated framework by Committee of Sponsorng Organizatons of the Tradway Commission (1992)

Creation of internal control system

Internal control is created in planning, organizing and directing of a process. Direction gives the objectives which to derive control objectives from. Builders of a process plan how the process should proceed. They identify usual cases of disturbance, and prepare the process for them with controls and other internal control elements. It is impossible to make a process protected against all risks, e.g. against collution by several workers or management override of controls. Thus there are inherently limitations to internal control [4].

Monotoring and assessing internal control

It is the top managent's resposibility to monitor coverage and effectiveness of internal control. An organization can hire internal auditors or buy internal audit services for audit of internal control. External auditors also assess internal control on the areas relevant to their assigment.

References

[1] Matti Mattila: Tehtävänä valvonta (1997); ISBN 978-952-92-3090-7, page 7

[2] OECD Principles of Corporate Governance, page 62

[3] Committee of Sponsorng Organizatons of the Tradway Commission: Internal control - integrated framework; Excetuve summary by (1992), page 14

[4] Matti Mattila: Tehtävänä valvonta (1997); ISBN 978-952-92-3090-7, page 7