What are Internal Controls?

In plain English, internal controls are like good old common sense practices. In your personal life, you exercise good internal control principles when you:

  • make travel plans
  • store and lockup valuable personal belongings
  • keep copies of your tax returns
  • match credit card receipts to monthly statements
  • save for a rainy day or retirement
  • balance your checkbook

More formally, internal control is broadly defined as a process, affected by an entity's board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories:

  • Effectiveness and efficiency of operations
  • Reliability of financial reporting
  • Compliance with applicable laws and regulations

Internal controls are tools that help managers be effective and efficient while avoiding serious problems such as overspending, operational failures, and violations of law. Internal controls are the structure, policies, and procedures put in place to provide reasonable assurance that management meets its objectives and fulfills its responsibilities. Management meets its responsibilities for internal controls when:

  • Programs and functions achieve their intended results (effective)
  • Resource use is consistent with the agency mission (efficient)
  • Laws and regulations are followed (compliance)
  • Accurate and timely information is prepared (reliable reporting)

Effective internal control begins with written goals and objectives including:

  • Operational objectives
  • Financial reporting objectives
  • Compliance objectives

The principles of effective internal control should ensure that:

  • Internal controls benefit rather than encumber management.
  • Internal controls make sense within each organization’s unique operating environment.
  • Internal controls are not stand-alone practices. They are woven into day-to-day responsibilities of managers.
  • Internal structures and controls are cost effective.

After assessing risk, management should develop and implement internal controls to help provide reasonable assurance that policies are in place, which:

  • Provide accountability
  • Encourage sound management practices
  • Encourage proper resource management
  • Facilitate preparation for auditors

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) model is recognized throughout the world as a significant standard for discussing internal control. In addition to identifying three categories of control objectives, the COSO report addresses five interrelated components of internal control, including: establishing an appropriate control environment, assessing risk, implementing control activities, communicating information, and monitoring. Everyone in the work place has a role in making sure that internal controls are working. It is up to mangers to set them up and check that they are working, but unless every employee is aware of his/her responsibilities in the process, the internal control system will not be completely functional.