Thursday, May 7, 2015

Internal Control : Objectives & Components

Internal control is defined as follows:

"Internal control is a process, effected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance."

Objectives of Internal Control

The Framework provides for three categories of objectives, which allow organizations to focus on differing aspects of internal control:
  1. Operations Objectives—These pertain to effectiveness and efficiency of the entity’s operations, including operational and financial performance goals, and safeguarding assets against loss.
  2. Reporting Objectives—These pertain to internal and external financial and non-financial reporting and may encompass reliability, timeliness, transparency, or other terms as set forth by regulators, recognized standard setters, or the entity’s policies.
  3. Compliance Objectives—These pertain to adherence to laws and regulations to which the entity is subject. 

Components of Internal Control 

Internal control consists of five integrated components. 


1. Control Environment

The control environment is the set of standards, processes, and structures that provide the basis for carrying out internal control across the Software Development Companies. The board of directors and senior management establish the tone at the top regarding the importance of internal control including expected standards of conduct. Management reinforces expectations at the various levels of the organization. The control environment comprises the integrity and ethical values of the organization; the parameters enabling the board of directors to carry out its governance oversight responsibilities; the organizational structure and assignment of authority and responsibility; the process for attracting, developing, and retaining competent individuals; and the rigor around performance measures, incentives, and rewards to drive accountability for performance. The resulting control environment has a pervasive impact on the overall system of internal control. 

2. Risk Assessment

Every entity faces a variety of risks from external and internal sources. Risk is defined as the possibility that an event will occur and adversely affect the achievement of objectives. Risk assessment involves a dynamic and iterative process for identifying and assessing risks to the achievement of objectives. Risks to the achievement of these objectives from across the entity are considered relative to established risk tolerances. Thus, risk assessment forms the basis for determining how risks will be managed.

A precondition to risk assessment is the establishment of objectives, linked at different levels of the entity. Management specifies objectives within categories relating to operations, reporting, and compliance with sufficient clarity to be able to identify and analyze risks to those objectives. Management also considers the suitability of the objectives for the entity. Risk assessment also requires management to consider the impact of possible changes in the external environment and within its own business model that may render internal control ineffective.

3. Control Activities

Control activities are the actions established through policies and procedures that help ensure that management’s directives to mitigate risks to the achievement of objectives are carried out. Control activities are performed at all levels of the entity, at various stages within business processes, and over the technology environment. They may be preventive or detective in nature and may encompass a range of manual and automated activities such as authorizations and approvals, verifications, reconciliations, and business performance reviews. Segregation of duties is typically built into the selection and development of control activities. Where segregation of duties is not practical, management selects and develops alternative control activities.

4. Information and Communication

Information is necessary for the entity to carry out internal control responsibilities to support the achievement of its objectives. Management obtains or generates and uses relevant and quality information from both internal and external sources to support the functioning of other components of internal control. Communication is the continual, iterative process of providing, sharing, and obtaining necessary information. Internal communication is the means by which information is disseminated throughout the organization, flowing up, down, and across the entity. It enables personnel to receive a clear message from senior management that control responsibilities must be taken seriously. External communication is twofold: it enables inbound communication of relevant external information, and it provides information to external parties in response to requirements and expectations.

5. Monitoring Activities

Ongoing evaluations, separate evaluations, or some combination of the two are used to ascertain whether each of the five components of internal control, including controls to effect the principles within each component, is present and functioning. Ongoing evaluations, built into business processes at different levels of the entity, provide timely information. Separate evaluations, conducted periodically, will vary in scope and frequency depending on assessment of risks, effectiveness of ongoing evaluations, and other management considerations. Findings are evaluated against criteria established by regulators, recognized standard-setting bodies or management and the board of directors, and deficiencies are communicated to management and the board of directors as appropriate.

Relationship between Objectives and Components

A direct relationship exists between objectives, which are what an entity strives to achieve, components, which represent what is required to achieve the objectives, and the organizational structure of the entity (the operating units, legal entities, and other). The relationship in IT Companies can be depicted in the form of a cube. 

  • The three categories of objectives—operations, reporting, and compliance—are represented by the columns.
  • The five components are represented by the rows.
  • An entity’s organizational structure is represented by the third dimension.

COSO states that:

“There is synergy and linkage among these components, forming an integrated system that reacts dynamically to changing conditions. The internal control system is intertwined with the entity’s operating activities and exists for fundamental business reasons. Internal control is most effective when controls are built into the entity’s infrastructure and are a part of the essence of the enterprise. “Built in” controls support quality and empowerment initiatives, avoid unnecessary costs and enable quick response to changing conditions.”

81 comments:

  1. Amazing post which describes all the important points which are very useful to get ISO 27001 certification. Get more information about Information Security Management System for getting ISO 27001 certification blog.

    ReplyDelete
  2. Hi
    Nice post. Thank you for sharing such informative information with us.
    ISO 27001 – ISMS
    ISO 27001 – ISMS was created to help manage information security, define expectations to mitigate risks and prevent negative consequences.
    ISO 27001 – ISMS

    ReplyDelete

  3. hi,this is excellent information..we provide by very easy learning good information.


    iso 27001 certification

    ReplyDelete
  4. Thanks for your posting. Its amazing . ISO 27001

    ReplyDelete
  5. Thanks a million and please keep up the effective work.

    ISMS Certificate

    ReplyDelete
  6. hi,this is excellent information..we provide by very easy learning good information. ISO 27001

    ReplyDelete
  7. Very Nice. This blog is very useful to me. Now I have clarified my doubts on ISO 27001 Certification. Thanks for sharing the information.

    ReplyDelete
  8. Thank you so much for sharing this great blog. Very inspiring and helpful too.

    ISO 27001 Certification

    ReplyDelete
  9. Great reading and extremely comprehensive post. much covers everything

    ISO 27001 Certification Cost

    ReplyDelete
  10. Thank you so much for sharing this great blog. Very inspiring and helpful too.

    iso 27001 Certification Cost

    ReplyDelete
  11. Very Nice. This blog is very useful to me. Now I have clarified my doubts on iso 27001 Requirements. Thanks for sharing the information.

    ReplyDelete
  12. This post will be very useful to us....i like your blog and helpful to me....nice thoughts for your great work....

    ISO 27001 Lead Auditor Training

    ReplyDelete
  13. Nice Blog , This is what I exactly Looking for , Keep sharing more blog .

    Pelatihan ISO 27001

    ReplyDelete
  14. This post is really nice and informative. The explanation given is really comprehensive and informative..

    ISO 27001 LA Certification

    ReplyDelete
  15. I believe there are many more pleasurable opportunities ahead for individuals that looked at your site

    ISO 27000 Certification

    ReplyDelete
  16. Thanks for sharing, I will bookmark and be back again

    Sertifikat ISO 27001

    ReplyDelete
  17. My cousin recommended this blog and she was totally right keep up the fantastic work!

    ISO 27001 certification

    ReplyDelete
  18. This comment has been removed by the author.

    ReplyDelete
  19. Report Bugs Topic tells about the bug reports of this blogs....

    ISO 27001 Lead Auditor Course

    ReplyDelete
  20. This is really an awesome article. Thank you for sharing this.It is worth reading for everyone.

    ISO 22301 Certification

    ReplyDelete
  21. Great reading and extremely comprehensive post. much covers everything

    ISO 27001 Certification

    ReplyDelete
  22. Great post.I'm glad to see people are still interested of Article.Thank you for an interesting read........

    iso 27001 lead implementer

    ReplyDelete
  23. Thanks for the information. Hope devotes will be careful after reading this post.Regards

    ISO 27001 Certification

    ReplyDelete
  24. great article!!!!!This is very importent information for us.I like all content and information.I have read it.You know more about this please visit again.

    ISO 27001 Certification Argentina

    ReplyDelete
  25. Great post.I'm glad to see people are still interested of Article.Thank you for an interesting read.....

    ISO 27001 Certification Brazil

    ReplyDelete
  26. Awesome information and its well written to understand it.keep sharing your informative ideas.

    ISO 22301 Lead Auditor Course

    ReplyDelete
  27. Thanks for sharing this post, Its give such a meaningful concept. ISO 27001 lead auditor

    ReplyDelete
  28. Hi there! great post. Thanks for sharing some very interesting and informative content it is a big help to me as well, keep it up!!!
    ISO 27001 Training in Thailand

    ReplyDelete
  29. It is really very helpful for us and I have gathered some important information from this blog.

    ISO 27001 Certification

    ReplyDelete
  30. Thanks for sharing this post, its really good information i get through this blog. ISO 27001 Certification

    ReplyDelete
  31. Thanks a million and please keep up the effective work.
    ISO 27001 Certification

    ReplyDelete
  32. I believe there are many more pleasurable opportunities ahead for individuals that looked at your site

    ISO 27001 Certification Bangladesh

    ReplyDelete
  33. Great post.I'm glad to see people are still interested of Article.Thank you for an interesting read........

    iso 22301 internal training

    ReplyDelete
  34. Good day. I was impressed with your article. Keep it up . You can also visit my site if you have time. Thank you and Bless you always.


    iso 9001 certification

    ReplyDelete
  35. This comment has been removed by the author.

    ReplyDelete
  36. Thanks for sharing this great content. It is really informative and useful., You can also check this Similar site Details on ISO 27001 Certification

    ReplyDelete
  37. Very nice blog...... Hot Tot Hair Products seems to be very useful.... I would like to try them if i could buy them in Australia.... Nice work, keep it up.

    iso 22301 certification

    ReplyDelete
  38. Nice post. I learn something totally new and challenging on sites . It's always helpful to read content.
    ISO 27001 Certification

    ReplyDelete
  39. Thanks for all your information.Website is very nice and informative content.
    ISO 27001 certification philippines

    ReplyDelete
  40. It is really very helpful for us and I have gathered some important information from this blog.
    ISO 27001 hong kong

    ReplyDelete
  41. Thanks for sharing this great content. It is really informative and useful., You can also check this Similar site ISO 22301:2012 Lead Auditor Training

    ReplyDelete
  42. Good day. I was impressed with your article. Keep it up . You can also visit my site if you have time. Thank you and Bless you always.
    ISO 27001 certification

    ReplyDelete
  43. Nice post. I learn something totally new and challenging on sites . It's always helpful to read content.
    ISO 27001 certification hong kong

    ReplyDelete
  44. Thanks for sharing this great content. It is really informative and useful., You can also check this Similar site ISO 14001:2015 Lead Auditor Training

    ReplyDelete
  45. Good day. I was impressed with your article. Keep it up . You can also visit my site if you have time. Thank you and Bless you always.
    ISO 27001 hong kong

    ReplyDelete
  46. I would definitely thank the admin of this blog for sharing this information with us. Waiting for more updates from this blog admin.
    ISO 27001 certification vietnam

    ReplyDelete
  47. Really wonderful post and i think this is very important topic .... ISO 27001 Lead Auditor Course Qatar

    ReplyDelete
  48. I recently came across your blog and have been reading along. I thought I would leave my first comment.
    ISO 27001 certification vietnam

    ReplyDelete
  49. It is really very helpful for us and I have gathered some important information from this blog.
    iso 27001 certification vietnam

    ReplyDelete
  50. Is really useful information. Great article!
    Get more details @ ISO 27001 Certification Body in India

    ReplyDelete
  51. I would definitely thank the admin of this blog for sharing this information with us. Waiting for more updates from this blog admin.
    iso 27001 hong kong

    ReplyDelete
  52. This post is really nice and informative. The explanation given is really comprehensive and informative..
    iso 27001 lead auditor course bangladesh

    ReplyDelete
  53. Nice post. I learn something totally new and challenging on sites . It's always helpful to read content.
    iso 22301 lead auditor course

    ReplyDelete
  54. Nice post. I learn something totally new and challenging on sites . It's always helpful to read content.
    iso 27001 certification thailand

    ReplyDelete
  55. It is really very helpful for us and I have gathered some important information from this blog.
    iso 27001 certification thailand

    ReplyDelete
  56. i really appreciate this blog . I learned more and more in this blog.ISO LEAD AUDITOR COURSE

    ReplyDelete
  57. Awesome! Amazing list of blog thanks you so much for sharing this awesome piece I always love to read. this is really helpful to us
    sertifikat ce

    ReplyDelete