Internal control
Internal control refers to the systematic regulation of information flow and authority within an organization, aiming to achieve its objectives efficiently. Predominantly used in auditing and accounting, internal control encompasses critical functions such as gathering employee feedback on strategic goals and ensuring the optimal use of organizational resources, including personnel and materials. Effective internal control not only enhances operational efficiency but also acts as a safeguard against fraud and mismanagement of resources. A well-structured internal control system discourages theft and inaccurate performance reporting by ensuring that all activities are closely monitored and any discrepancies are quickly identified.
The framework for internal control, established by the Committee of Sponsoring Organizations of the Treadway Commission (COSO), includes five key elements: the control environment, risk assessment, control activities, information and communication, and monitoring. Each element plays a specific role in reinforcing the internal control process. For instance, the control environment sets the organizational tone and emphasizes values such as honesty and integrity, while risk assessment identifies potential obstacles to achieving goals. Control activities address these risks, and the information and communication element facilitates effective sharing of relevant data. Finally, the monitoring component evaluates the effectiveness of the internal controls and solicits feedback to foster continuous improvement. Overall, internal control is vital for organizations to operate effectively and responsibly in diverse environments.
On this Page
Subject Terms
Internal control
Internal control is the regulation of the flow of information and authority. If it is successful, the objectives of the organizations are realized. The term is particularly prevalent in the fields of auditing and accounting and encompasses a number of functions in an organization, including getting feedback from employees on how strategic objectives are being achieved and ensuring that organizational resources such as people and materials are working in the most effective manner possible. When these functions are achieved, the organization will have successfully maximized its efficiency.
Overview
Internal control, also known as operational control, has been a key part of businesses and governments for centuries. Both governmental and nongovernmental organizations see the value in monitoring their internal processes so that they can have the data they need to do the best job possible and make any corrections that might be pertinent.
In addition to streamlining efficacy of operations, internal control also protects the money and valuable material resources of the organization by minimizing fraud. If tracking of resources is informal and unorganized, people within and outside the organization will see an opportunity to abscond with company cash or valuables. However, if the tracking is very tight and well organized, both employees and outsiders will know that they would not be able to get away with theft of company assets because the loss of those assets would quickly be noticed. Similarly, organized tracking of resources precludes any temptation for employees to alter records in order to make their job performance look better. In an organization with excellent internal control, employees know that any such alteration would be caught and penalized.
In 1992, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) published an integrated framework for qualitatively assessing internal control mechanisms. The framework divides internal control into five distinct elements: control environment, risk assessment, control activities, information and communication, and monitoring. Each element has a particular role to play in the process.
Control environment is the organizational structure and sensibility that defines how the people in the organization understand their individual roles. It includes the values that an organization embodies and seeks to cultivate in its members. If values such as honesty and integrity are effectively communicated to all members of the organization, this will increase people's confidence in the controls. Organization members who fully understand and appreciate their roles will be much more able to implement all of the other elements and communicate about their implementation to other organization members.
Control environment is complemented by risk assessment, which analyzes the various risks that may prevent the achievement of organizational objectives. Following risk assessment, an organization will implement control activities, which are the steps taken to address those risks.
Information and communication builds on this foundation by determining and clarifying how people can best communicate with one another and share information. This ensures that data gets to the people it needs to when it needs to. Aspects of information and communication include methods of communications, chains of command, and timetables for communicating.
Finally, monitoring oversees the results of the process, providing a way to gauge how successful each element of internal control has been. With the information gathered from monitoring, internal controls can be continually refined and rendered more efficacious. Typically, feedback is sought from all participants so that they can contribute to improvements and gain a sense of investment in the process.
Bibliography
Bedard, Jean C., and Lynford Graham. “Detection and Severity Classifications of Sarbanes-Oxley Section 404 Internal Control Deficiencies.” Accounting Review 86.3 (2011): 825–55. Print.
"The Control Environment of a Company." ACCA. Assn. of Chartered Certified Accountants, 24 Apr. 2015. Web. 27 July 2015.
Costello, Anna M., and Regina Wittenberg-Moerman. “The Impact of Financial Reporting Quality on Debt Contracting: Evidence from Internal Control Weakness Reports.” Journal of Accounting Research 49.1 (2011): 97–136. Print.
Gordon, Lawrence A., and Amanda L. Wilford. “An Analysis of Multiple Consecutive Years of Material Weaknesses in Internal Control.” Accounting Review 87.6 (2012): 2027–60. Print.
Kim, Jeong-Bon, Byron Y. Song, and Liandong Zhang. “Internal Control Weakness and Bank Loan Contracting: Evidence from SOX Section 404 Disclosures.” Accounting Review 86.4 (2011): 1157–88. Print.
Kinney, William R., Jr., and Marcy L. Shepardson. “Do Control Effectiveness Disclosures Require SOX 404(b) Internal Control Audits? A Natural Experiment with Small US Public Companies.” Journal of Accounting Research 49.2 (2011): 413–48. Print.
Petrovits, Christine, Catherine Shakespeare, and Aimee Shih. “The Causes and Consequences of Internal Control Problems in Nonprofit Organizations.” Accounting Review 86.1 (2011): 325–57. Print.
Rice, Sarah C., and David P. Weber. “How Effective Is Internal Control Reporting under SOX 404? Determinants of the (Non-)Disclosure of Existing Material Weaknesses.” Journal of Accounting Research 50.3 (2012): 811–43. Print.
Schwartz, Malcolm. “Do Not Audit Internal Control over Financial Reporting—Audit Internal Control!” EDPACS 48.4 (2013): 1–11. Print.