Components of Internal Controls
- The control environment sets the tone for the organization. Factors such as integrity, ethical values, competency, management philosophy, and operating style form the foundation for other components of internal control, and for providing discipline and structure.
- Risk assessment represents the identification of circumstances which may impede the organization’s ability to achieve its business objectives, and the procedures in place that mitigate the identified risks.
- Control activities are undertaken by the organization to ensure compliance with sound business practices, including the development of policies and procedures, the review and approval of transactions, the segregation of duties, and account reconciliation. Control activities should be documented including follow-up activities.
- Information and communication comprise the transmittal of quality data to the right people at the appropriate time to ensure employees have adequate information to effectively discharge their responsibilities. Effective communication must also occur in a broader sense throughout the organization.
- Monitoring activities assure that processes are working as intended and actions are taken to address problems with the quality of performance. This includes regular monitoring, management and supervisory activities.