Chapter 4

Internal Controls


We have referred to corporate governance and risk management; internal control forms the third component of this stool. Good governance is dependent on a management that understands the risks it faces and is able to keep control of the business. Brink's Modern Internal Auditing suggests that internal control is the most important and fundamental concept that an internal auditor must understand.1

Note that all references to IIA definitions, code of ethics, IIA attribute and performance standards, practice advisories and practice guides relate to the International Professional Practices Framework (IPPF) prepared by the Institute of Internal Auditors in 2009. This chapter covers the following areas:

4.1 Why Controls?

4.2 Control Framework – COSO

4.3 Control Framework – CoCo

4.4 Other Control Models

4.5 Links to Risk Management

4.6 Control Mechanisms

4.7 Importance of Procedures

4.8 Integrating Controls

4.9 The Fallacy of Perfection

4.10 The Complete Control Model

4.11 New Developments

Summary and Conclusions

We will build a model of control that is used to capture most of the key features of a sound system of internal control. Much is dependent on the control environment and there is a view that, if an organization can get this right, the rest will tend to follow. The trend towards risk management as the way forward for ensuring objectives are achieved does not mean that controls, as a fundamental aspect of risk management, are any less ...

Get The Essential Guide to Internal Auditing, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.