TIP: Internal control consists of all the related methods and measures adopted within an organization to safeguard its assets, enhance the reliability of its accounting records, increase efficiency of operations, and ensure compliance with laws and regulations. Internal control systems have five primary components as listed below:
- A control environment. It is the responsibility of top management to make it clear that the organization values integrity and that unethical activity will not be tolerated. This component is often referred to as the “tone at the top”
- Risk assessment. Companies must identify and analyze the various factors that create risk for the business and must determine how to manage these risks.
- Control activities. To reduce the occurrence of fraud, management must design policies and procedures to address the specific risks faced by the company.
- Information and communication. The internal control system must capture and communicate all pertinent information both down and up the organization, as well as communicate information to appropriate external parties.
- Monitoring. Internal control systems must be monitored periodically for their adequacy. Significant deficiencies need to be reported to top management and/or the board of directors.