About Contact Careers News
Office of Internal Audit
The Internal Control System

There are five components of an organization's internal control system.

  • CONTROL ENVIRONMENT: - This is the attitude of the organization's executive management and staff regarding internal controls. A sound control environment is the foundation for all other components of internal control, providing discipline and structure. The basic elements of the control environment include -
  1. Integrity and ethical values
  2. Leadership philosophy and operating cycle
  3. The commitment to competence
  4. The manner in which management assigns authority and responsibility, organization and development of its employees
  • RISK ASSESSMENT: - This involves management's identification of areas at most risk and implementation of controls to detect errors or fraud that potentially result in material misstatements. Examples include -
  1. Unrecorded revenue or expense transactions
  2. Ghost employees on payroll
  3. Payments to fictitious vendors
  4. Confirmation of inventory
  • CONTROL ACTIVITIES: - Control activities occur within the internal control system. Internal controls are developed and implemented to prevent or to mitigate any risks identified. These are actually the specific policies, procedures and processes that are designed to meet the business objectives. There are a range of controls, which include -
  1. Segregation of duties
  2. Reconciliation
  3. Physical security of assets
  4. Electronic data security
  • INFORMATION AND COMMUNICATION: - This area focuses on the systems and reports that help ensure that management directives to employees are carried out effectively.
  • MONITORING: - This involves assessing the quality and effectiveness of the organization's internal control over time. Monitoring can be an internal or external activity by management, employees or outside parties. Monitoring can involve the following -
  1. Assessing the design and operation of controls
  2. Assessing the compliance with policies and procedures
  3. Providing for implementation of corrective action plans
The Institute of Internal Auditors
Association of College University Auditors
Association of Certified Fraud Examiners
Cybersecurity & Infrastructure Security Agency