Internal Controls

Control Environment: This is also sometimes referred to as the “tone at the top”. The control environment refers to the attitude of management regarding internal controls. It is important that management establishes a strong ethical environment and displays ethical behavior. Internal control is more successful when management abides by the system and makes it known that internal controls are important.

​

Risk Assessment: Risk assessment refers to the evaluation of risks within the company. Management must determine what the riskiest areas are so that they can design an effective system of internal controls. Internal controls should be applied more heavily to riskier areas.

​

Control Activities: Control activities refer to the controls set by management. These are the actual internal controls that are designed and implemented. They should be designed in consideration of the likely areas of fraud and the riskiest areas as determined by management.

​

Information and Communication: Information and communication refer to the process of informing lower-level employees about the controls and how to effectively use them. Internal controls are pointless if all employees cannot effectively abide by them. Proper training and literature regarding internal controls should be provided to employees.

​

Monitoring Activities: It is important that internal controls are continuously monitored by management for any weaknesses or ineffectiveness. Management should determine whether areas of risk have changed or whether the controls are being effectively used by all employees to ensure that fraud does not occur. Controls should be modified if they are not effective.