Western Illinois University: Macomb Campus
Web Tools and Search Bar
What are Internal Controls?
Internal control as defined by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) is a process, affected by an entity's board of directors (trustees), management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories:
- Effectiveness and efficiency of operations
- Reliability of financial reporting
- Compliance with applicable laws and regulations
They include a wide range of activities that occur throughout the organization, by supervisory and front-line personnel. Typically, management is responsible for developing an appropriate system of internal controls, but every employee is responsible for following and applying those practices.
Examples of Internal Controls
Segregation of Duties
When work duties are divided or segregated among different people to reduce the risk of error or inappropriate actions.
When equipment, inventories, securities, cash and other assets are secured physically, periodically counted, and compared with amounts shown on control records. Access is restricted to those with authority to handle them.
Comparisons are made between similar records maintained by different people to verify transaction details are accurate and that all transactions are properly recorded.
Policies and Procedures
Established policies, procedures, and documentation that provide guidance and training to ensure consistent performance at a required level of quality.
Transaction and Activity Reviews
Management reviews of transaction, operating, and summary reports help to monitor performance against goals and objectives, spot problems, identify trends, etc.
Information Processing Controls
When data is processed, a variety of internal controls are performed to check the accuracy, completeness and authorization of transactions. Data entered is subject to edit checks or matching to approved control files. Numerical sequences of transactions are accounted for, and file totals are controlled and reconciled with prior balances and control accounts. Development of new systems and changes to existing ones are controlled, as is access to data, files and programs.