Internal control is a process, effected by the entity’s board of directors, management, and other personnel designed to provide reasonable assurance regarding the achievement of objectives in the categories of (1) reliability of financial reporting, (2) effectiveness and efficiency of operations, and (3) compliance with applicable laws and regulations.
1. The Control Environment – sets the tone organization by influencing the control consciousness of people. Control environment factors include integrity and ethical values; commitment to competence; board of directors or audit committee; management’s philosophy and operating style; organizational structure; assignment of authority and responsibility; and human resource policies and practices.
2. Risk Assessment – is management’s process for identifying, analyzing, and responding to risks. Risks in a company can arise from internal risk factors, such as changes in personnel, new information systems, new products, etc. and external risk factors, such as economic conditions, competition, etc.
3. Control Activities – are policies and procedures that help ensure that management directives are carried out. Typical controls performance reviews (reviews of actual current performance versus budgets, forecasts, and prior period performance). It involve the use of both operating and financial data.
4. Information and Communication – To be effective, the information and communications system must accomplish the goals for transactions such as identify and record all valid transactions, describe the transactions on a timely basis, measure the value of the transactions properly, record transactions in the proper time period, properly present and disclose transactions and communicate responsibilities to employees.
5. Monitoring – Monitoring of controls is a process used to asses the quality of internal control performance over time. Monitoring may be achieved by performing ongoing activities or by separate evaluations.
The control environment – is considered the foundation of internal controls established by an organization.
Application controls consists of three types of controls: input controls, processing controls, and output controls.