Please enable JavaScript.
Coggle requires JavaScript to display documents.
The five components of internal control - Coggle Diagram
The five components of internal control
Control Environment
Key Elements:
Human Resource Policies & Procedures: Includes hiring practices, training, and performance evaluations.
Organizational Structure: Defines clear lines of authority, responsibility, and accountability.
Board of Directors & Audit Committee: Provides oversight and supports control efforts.
Management’s Philosophy & Operating Style: Reflects attitudes and actions toward risk and controls.
Commitment to Competence: Ensures the organization hires and retains skilled employees.
Integrity & Ethical Values: Promotes honesty, fairness, and adherence to ethical standards.
Definition: Foundation for all other components; sets the organization’s culture regarding control.
Risk Assessment
Definition: Process of identifying, analyzing, and managing risks to achieving objectives.
Steps:
Setting Objectives: Define what the organization wants to accomplish.
Identifying Risks: Look at both internal and external risks that could impact objectives.
Analyzing Risks: Assess each risk’s likelihood and impact on the organization.
Risk Response: Decide on actions to mitigate, transfer, accept, or avoid each identified risk.
Control Activities
Definition: Actions that help mitigate risks and ensure directives are executed.
Types of Control Activities:
Authorization & Approval: Ensure only authorized individuals make decisions.
Verification & Reconciliation: Cross-check data and reconcile accounts regularly.
Segregation of Duties: Divide tasks to prevent errors and fraud (e.g., separate roles for authorization, custody, and recording).
Physical Controls: Secure assets physically (e.g., safes, locks, restricted access).
Performance Reviews: Regularly review performance against targets to identify discrepancies.
Information & Communication
Definition: Process of collecting, processing, and sharing information necessary for control.
Key Areas:
Internal Communication: Ensure staff understands their roles, responsibilities, and the importance of controls.
External Communication: Share necessary information with stakeholders (e.g., customers, regulators).
Information Systems: Use technology to capture and report relevant data accurately and timely.
Monitoring
Definition: Ongoing evaluation of the internal control system to ensure it works effectively.
Types of Monitoring:
Ongoing Monitoring: Day-to-day supervision and reviews by management.
Separate Evaluations: Periodic audits or assessments, such as internal audits, to check controls.
Follow-up on Deficiencies: Address any identified control weaknesses promptly, including corrective actions.