Are there standard definition of internal controls?
Internal controls (IC) definition is provided by COSO Integrated Framework. It is generally acknowledged that the COSO framework is a suitable framework for purposes of evaluating controls.
There are other acceptable control frameworks outside United States that are recognized.
IC is a process effected by an entity’s board of directors, management and other personnel.
It should provide reasonable assurance regarding the achievement of objectives in the following categories:
• Effectiveness and efficiency of operations
• Reliability of financial reporting
• Compliance with applicable laws and regulations
• IC is a process. It is a means to an end, not an end in itself.
• IC is effected by people. It is not merely policy manuals and forms, but people at every level of an organization.
• IC can be expected to provide only reasonable assurance, not absolute assurance, to an entity’s management and board.
IC is geared to the achievement of objectives in one or more separate but overlapping categories. IC consists of five interrelated components.
These are derived from the way management runs a business and are integrated with the management process. Although the components apply to all entities, small and midsized companies may implement them differently than large ones (smaller companies’ controls may be less formal and structured). The components are:
Control Environment :Sets the tone of an organization, influencing the control consciousness of its people. This is the foundation for all other components of IC, providing discipline and structure.
Risk Assessment :– This component is the entity’s identification and analysis of relevant risks to theachievement of its objectives, forming a basis for determining how the risks should be managed.
Control Activities:– Includes the policies and procedures that help ensure management directives are carried out.
Information and Communication: This component consists of processes and systems that support the identification, capture and exchange of information in a form and time frame that enable people to carry out their responsibilities.
Monitoring: Consists of the processes that assess the quality of internal control performance over time.
Internal controls should be put by management in every business unit to minimize risks