Important Components of control systems
Internal control consists of the following five interrelated components:
1. CONTROL ENVIRONMENT
Control environment is the attitude toward internal control and maintained by the management and the employees of an organisation.
The organisation structure and accountability relationships are key factors in the control environment.
Elements of the Control Environment
Ethical Values and Integrity
Management’s Operating Style and Philosophy
Communication is the exchange of useful information between and among people and organisations to support decisions and coordinate activities.
Communication also takes place with outside parties such as customers, suppliers and regulators.
Elements of Communication
Sufficient but not excessive detail
Appropriate to user
Clear and open horizontal and vertical
3. ASSESSING AND MANAGING RISK
Risks are events that threaten the accomplishment of objectives.
Risk assessment is the process of identifying, evaluating and determining how to manage these events.
At every level within an organisation there are both internal and external risks.
Ideally, management should seek to prevent these risks.
However, sometimes management cannot prevent the risk from occurring.
In such cases, management should decide whether to accept the risk, reduce the risk to acceptable levels, or avoid the risk.
Assessing Risk (Ask the questions…)
What can go wrong?
What is the worst thing that could happen?
What is the worst thing that has happened?
Are there new goals and legislation?
Are there staffing changes?
Impact – Is generally beyond the organisation’s control in the short-to-medium term.
Likelihood – Is the main focus of an organisation’s internal control
What are the possible risks in your area of operations and what is the likely impact of each?
4. CONTROL ACTIVITIES
Control activities are tools - both manual and automated - that help prevent or reduce the risks.
Management should establish control activities to effectively and efficiently accomplish the organisation's objectives and mission.
Examples of Control Activities
Approval and Authorisation
Separation of Duties
Computer Systems Controls
o Input Controls
o Output Controls
Monitoring is the review of an organisation's activities and transactions to assess the quality of performance over time and to determine whether controls are effective.
For monitoring to be most effective, all employees need to understand the organisation's mission, objectives, and responsibilities and risk tolerance levels.
Major Areas for Monitoring
Risks and Opportunities