Literature Review on Internal Control System
Internal control can be described as any action taken by an organization to help enhance the likelihood that the objectives of the organization will be achieved. The definition of internal control has evolved over recent years as different internal control models have been developed. This article will describe these models, present the definitions of internal control they provide, and indicate the components of internal control. Various parties responsible for and affected by internal control will also be discussed.
THE COSO MODEL
In the United States many organizations have adopted the internal control concepts presented in the report of the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Published in 1992, the COSO report defines internal control as: a process, effected by an entity's board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: * effectiveness and efficiency of operations, * reliability of financial reporting, and * compliance with applicable laws and regulations.
COSO describes internal control as consisting of five essential components. These components, which are subdivided into seventeen factors, include: 1. The control environment 2. Risk assessment 3. Control activities 4. Information and communication 5. Monitoring
The COSO model is depicted as a pyramid, with control environment forming a base for control activities, risk assessment, and monitoring. Information and communication link the different levels of the pyramid. As the base of the pyramid, the control environment is arguably the most important component because it sets the tone for the organization. Factors of the control environment include employees' integrity, the organization's commitment to competence, management's philosophy and operating style, and the attention and direction of the board of directors and its audit committee.
THE COSO MODEL
In the United States many organizations have adopted the internal control concepts presented in the report of the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Published in 1992, the COSO report defines internal control as: a process, effected by an entity's board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: * effectiveness and efficiency of operations, * reliability of financial reporting, and * compliance with applicable laws and regulations.
COSO describes internal control as consisting of five essential components. These components, which are subdivided into seventeen factors, include: 1. The control environment 2. Risk assessment 3. Control activities 4. Information and communication 5. Monitoring
The COSO model is depicted as a pyramid, with control environment forming a base for control activities, risk assessment, and monitoring. Information and communication link the different levels of the pyramid. As the base of the pyramid, the control environment is arguably the most important component because it sets the tone for the organization. Factors of the control environment include employees' integrity, the organization's commitment to competence, management's philosophy and operating style, and the attention and direction of the board of directors and its audit committee.
Bibliography: Bishop, W. G., III. (1991). "Internal Control—What 's That?" Internal Auditor June: 117-123. Canadian Institute of Chartered Accountants. (1995). Guidance on Control. Toronto, Ontario, Canada: Author. Colbert, J. L., and Bowen, P. L. (1996). "A Comparison of Internal Controls: CobiT, SAC, COSO and SAS 55/78." IS Audit and Control Journal 4:26-35. Committee of Sponsoring Organizations of the Treadway Committee (COSO). (1992). Internal Control— Integrated Framework, Executive Summary. www.coso.org. Galloway, D. J. (1994). "Control Models in Perspective." Internal Auditor December: 46-52. Information Systems Audit and Control Foundation. (1995). CobiT: Control Objectives and Information Related Technology. Rolling Meadows, IL: Author. Institute of Internal Auditors Research Foundation. (1994). Systems Auditability and Control. Altamonte Springs, FL: Author. Price Waterhouse. (1993). Improving Audit Committee Performance: What Works Best. Altamonte Springs, FL: Institute of Internal Auditors Research Foundation. Roth, J. (1997). Control Model Implementation: Best Practices. Altamonte Springs, FL: Institute of Internal Auditors Research Foundation. Simmons, M. R. (1997). "COSO Based Auditing." Internal Auditor December: 68-73.