Page 428 - Encyclopedia of Business and Finance
P. 428
eobf_I 7/5/06 3:04 PM Page 405
Internal Control Systems
The policies, procedures, practices, and organiza- believes is effective. The statement may also provide spe-
tional structures are designed to provide reason- cific details about the organization’s internal control sys-
able assurance that business objectives will be tem.
achieved and that undesired events will be pre- Internal control must be evaluated in order to provide
vented or detected and corrected.
management with some assurance regarding its effective-
While the specific definition of internal control dif- ness. Internal control evaluation involves everything man-
fers across the various models, a number of concepts are agement does to control the organization in the effort to
very similar across these models. In particular, the models achieve its objectives. Internal control would be judged as
emphasize that internal control is not only policies and effective if its components are present and function effec-
procedures to help an organization accomplish its objec- tively for operations, financial reporting, and compliance.
tives but also a process or system affected by people. In The board of directors and its audit committee have
these models, people are perceived to be central to ade- responsibility for making sure the internal control system
quate internal control. within the organization is adequate. This responsibility
includes determining the extent to which internal controls
These models also stress the concept of reasonable
assurance as it relates to internal control. Internal control are evaluated. Two parties involved in the evaluation of
systems cannot guarantee that an organization will meet internal control are the organization’s internal auditors
and their external auditors.
its objectives. Instead, internal control can only be
expected to provide reasonable assurance that a company’s Internal auditors’ responsibilities typically include
objectives will be met. The effectiveness of internal con- ensuring the adequacy of the system of internal control,
trols depends on the competency and dependability of the the reliability of data, and the efficient use of the organi-
organization’s people. Limitations of internal control zation’s resources. Internal auditors identify control prob-
include faulty human judgment, misunderstanding of lems and develop solutions for improving and
instructions, errors, management override of controls, and strengthening internal controls. Internal auditors are con-
collusion. Further, because of cost-benefit considerations, cerned with the entire range of an organization’s internal
not all possible controls will be implemented. Because of controls, including operational, financial, and compliance
these inherent limitations, internal controls cannot guar- controls.
antee that an organization will meet its objectives. Internal control will also be evaluated by the external
auditors. External auditors assess the effectiveness of inter-
nal control within an organization to plan the financial
PARTIES RESPONSIBLE FOR AND
statement audit. In contrast to internal auditors, external
AFFECTED BY INTERNAL
auditors focus primarily on controls that affect financial
CONTROL
reporting. External auditors have a responsibility to report
While all of an organization’s people are an integral part of internal control weaknesses (as well as reportable condi-
internal control, certain parties merit special mention. tions about internal control) to the audit committee of the
These include management, the board of directors board of directors.
(including the audit committee), internal auditors, and
external auditors. SEE ALSO Accounting; Auditing
The primary responsibility for the development and
maintenance of internal control rests with an organiza- BIBLIOGRAPHY
tion’s management. With increased significance placed on Bishop, W. G., III (1991, June). “Internal Control—What’s
the control environment, the focus of internal control has That?” Internal Auditor, 117-123.
changed from policies and procedures to an overriding Canadian Institute of Chartered Accountants (1995). Guidance
philosophy and operating style within the organization. on Control. Toronto, Ontario, Canada.
Emphasis on these intangible aspects highlights the Colbert, J. L., and Bowen, P. L. (1996). “A Comparison of Inter-
importance of top management’s involvement in the nal Controls: COBIT, SAC, COSO and SAS 55/78.” IS Audit
and Control Journal, 4, 26-35.
internal control system. If internal control is not a prior-
Committee of Sponsoring Organizations of the Treadway Com-
ity for management, then it will not be one for people
mittee (COSO) (1992). Internal Control—Integrated Frame-
within the organization either.
work, Executive Summary. www.coso.org.
As an indication of management’s responsibility, top Galloway, D. J. (1994, December). “Control Models in Perspec-
management at a publicly owned organization will tive.” Internal Auditor, 46-52.
include in the organization’s annual financial report to the Improving Audit Committee Performance: What Works Best (1993).
shareholders a statement indicating that management has Altamonte Springs, FL: Institute of Internal Auditors,
established a system of internal control that management Research Foundation.
ENCYCLOPEDIA OF BUSINESS AND FINANCE, SECOND EDITION 405
