NOTICE: Special Offer!

Buy the Premium package NOW (incl. Online classroom + Revision course) and we will extend your subscription until 12th December 2020!

Syllabus F. Organisational Control And Audit F1. Management And Internal Control Systems

F1acde. Important Components of control systems

Important Components of control systems

Internal control consists of the following five interrelated components:


Control environment is the attitude toward internal control and maintained by the management and the employees of an organisation. 

The organisation structure and accountability relationships are key factors in the control environment.

Elements of the Control Environment

  • Ethical Values and Integrity

  • Management’s Operating Style and Philosophy

  • Competence

  • Morale

  • Supportive Attitude

  • Mission

  • Structure


Communication is the exchange of useful information between and among people and organisations to support decisions and coordinate activities. 

Communication also takes place with outside parties such as customers, suppliers and regulators.

Elements of Communication

  • Timeliness

  • Sufficient but not excessive detail

  • Appropriate to user

  • Clear and open horizontal and vertical


Risks are events that threaten the accomplishment of objectives. 

Risk assessment is the process of identifying, evaluating and determining how to manage these events. 

At every level within an organisation there are both internal and external risks.

Ideally, management should seek to prevent these risks. 
However, sometimes management cannot prevent the risk from occurring. 

In such cases, management should decide whether to accept the risk, reduce the risk to acceptable levels, or avoid the risk.

Assessing Risk (Ask the questions…)

  • What can go wrong?

  • What is the worst thing that could happen?

  • What is the worst thing that has happened?

  • Are there new goals and legislation?

  • Are there staffing changes?

Impact – Is generally beyond the organisation’s control in the short-to-medium term.

Likelihood – Is the main focus of an organisation’s internal control

What are the possible risks in your area of operations and what is the likely impact of each?


Control activities are tools - both manual and automated - that help prevent or reduce the risks.

Management should establish control activities to effectively and efficiently accomplish the organisation's objectives and mission.

Examples of Control Activities

  • Documentation

  • Approval and Authorisation

  • Verification

  • Supervision

  • Separation of Duties

  • Safeguarding Assets

  • Reporting

  • Computer Systems Controls
            o Backup
            o Input Controls
            o Output Controls


Monitoring is the review of an organisation's activities and transactions to assess the quality of performance over time and to determine whether controls are effective. 

For monitoring to be most effective, all employees need to understand the organisation's mission, objectives, and responsibilities and risk tolerance levels.

Major Areas for Monitoring

  • Control Activities

  • Mission

  • Control Environment

  • Communication

  • Risks and Opportunities

  • Results