Top Navigation

Side Navigation

What are Internal Controls?

Internal control as defined by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) is a process, affected by an entity's board of directors (trustees), management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories:

  • Effectiveness and efficiency of operations
  • Reliability of financial reporting
  • Compliance with applicable laws and regulations

They include a wide range of activities that occur throughout the organization, by supervisory and front-line personnel.   Typically, management is responsible for developing an appropriate system of internal controls, but every employee is responsible for following and applying those practices.

Examples of Internal Controls

Segregation of Duties

When work duties are divided or segregated among different people to reduce the risk of error or inappropriate actions.

Physical Controls

When equipment, inventories, securities, cash and other assets are secured physically, periodically counted, and compared with amounts shown on control records. Access is restricted to those with authority to handle them.


Comparisons are made between similar records maintained by different people to verify transaction details are accurate and that all transactions are properly recorded.

Policies and Procedures

Established policies, procedures, and documentation that provide guidance and training to ensure consistent performance at a required level of quality.

Transaction and Activity Reviews

Management reviews of transaction, operating, and summary reports help to monitor performance against goals and objectives, spot problems, identify trends, etc.

Information Processing Controls

When data is processed, a variety of internal controls are performed to check the accuracy, completeness and authorization of transactions. Data entered is subject to edit checks or matching to approved control files. Numerical sequences of transactions are accounted for, and file totals are controlled and reconciled with prior balances and control accounts. Development of new systems and changes to existing ones are controlled, as is access to data, files and programs.