SOURCE: California State University - University Auditor Show
You may have heard the term "internal control(s)," but what exactly is it? Evaluating internal controls is one of internal auditing's primary responsibilities. The Institute of Internal Auditors (IIA) defines control and control processes as follows: A control is any action taken by management, the board, and other parties to manage risk and increase the likelihood that established objectives and goals will be achieved. Management plans, organizes, and directs the performance of sufficient actions to provide reasonable assurance that objectives and goals will be achieved. Control processes are the policies, procedures, and activities that are part of a control framework, designed to ensure that risks are contained within the risk tolerances established by the risk management process. Risk management is a process to identify, assess, manage, and control potential events or situations to provide reasonable assurance regarding the achievement of the organization's objectives. A broadly accepted definition of internal control comes from the Committee of Sponsoring Organizations (COSO)1 of the Treadway Commission's report entitled The Control-Integrated Framework (COSO Report) as follows: Internal control is a process, effected by an entity's board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objective in the effectiveness and efficiency of operations, reliability of financial reporting, and compliance with applicable laws and regulations. Key points about internal control include:
In the California State University (CSU) environment, internal controls serve the following purposes:
Generally, controls are of two types:
The COSO Report further defines five interrelated components of internal control:
Who is responsible for internal controls?The auditors, right? Wrong! Everyone plays a part in the CSU's internal control system. Ultimately, it is CSU management's responsibility to ensure that controls are in place. That responsibility is delegated to each area of operation, which must ensure that internal controls are established, properly documented, and maintained. Every employee has some responsibility for making this internal control system function. Therefore, all CSU employees need to be aware of the concept and purpose of internal controls. Internal audit's role is to assist management in their oversight and operating responsibilities through independent audits and consultations designed to evaluate and promote the systems of internal control. What is internal auditing?The IIA defines internal auditing as an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. The internal audit activity evaluates the adequacy and effectiveness of controls encompassing the organization's governance, operations, and information systems. Internal audit reviews include the reliability and integrity of financial and operational information, effectiveness and efficiency of operations, safeguarding of assets, and compliance with laws, regulations, and contracts. These reviews also ascertain the extent to which operating and program goals and objectives have been established and conform to those of the organization, as well as the extent to which results are consistent with established goals and objectives and whether operations and programs are being implemented or performed as intended. 1. COSO is a voluntary private sector organization dedicated to improving the quality of financial reporting through business ethics, effective internal controls, and corporate governance. Who is responsible for monitoring internal controls?Management is responsible for establishing internal controls. In order to maintain effective internal controls, management should: Maintain adequate policies and procedures; Communicate these policies and procedures; and.
What is monitoring of controls in internal control?Internal control monitoring involves organizations (and third parties) performing ongoing evaluations to determine whether internal controls are operating as intended. Monitoring activities also communicate any deficiencies to the relevant authorities promptly to enforce timely corrective action.
Who is responsible for establishing and maintaining a system to monitor the disposition of the internal audit results communicated to management?Whenever these issues are significant to the organization, they should be communicated to senior management and the board. The chief audit executive should establish and maintain a system to monitor the disposition of results communicated to management. 2500.
What is the primary role of internal controls?The primary purpose of internal controls is to help safeguard an organization and further its objectives. Internal controls function to minimize risks and protect assets, ensure accuracy of records, promote operational efficiency, and encourage adherence to policies, rules, regulations, and laws.
|