Components of an Internal Control Structure
Committee of Sponsoring Organizations (COSO) identifies five interrelated internal control structure components as follows:
1. Control Environment
The control environment sets the tone of an organization, influencing the control consciousness of its people. It is the foundation for all other components of internal control, providing discipline and structure.
Numerous factors comprise the control environment in an entity, among which are the following:
· Integrity and ethical values
· Commitment to competence
· Board of directors and audit committee
· Management philosophy and operating style
· Organizational structure
· Assignment of authority and responsibility
· Human resource policies and practices
2. Risk Assessment
Risk assessment for financial reporting purposes in an entity’s identification, analysis, and management of risks relevant to the preparation of financial statements that are fairly presented in conformity with generally accepted accounting principles.
Management’s risk assessment should include special consideration of the risks that can arise from changed circumstances, such as new areas of business or transactions, changes in accounting-standards, new laws or regulations, the rapid growth of the entity, and changes in personnel involved in the information processing and reporting functions.
3. Information and Communication
The information system relevant to financial reporting, objectives, which includes the accounting system, consists of the methods and records established to identify, assemble, analyze, classify, record, and report entity transactions and to maintain accountability for the related assets and liabilities.
Communication involves providing a clear understanding of individual roles and responsibilities about the internal control structure over financial reporting.
4. Control Activities
Control activities are those policies and procedures that help ensure that management directives are carried out.
They help ensure that necessary actions are taken to address risks to the achievement of the entity’s objectives. Control activities have various objectives and are applied at various organizational and functional levels.
Control activities relevant to a financial statement audit may be categorized in many different ways. One way is as follows:
· Information processing controls
· General controls
· Application controls
· Proper authorization
· Documents and records
· Independent checks
· Segregation of duties
· Physical controls
· Performance reviews
5. Monitoring
Monitoring is the process that assesses the quality of the internal control structure’s performance over time.
It involves assessment by appropriate personnel of the design and operation of controls on a suitably timely basis to determine that the ICS is operating as intended and that it is modified as appropriate for changes in conditions.