Thursday, August 5, 2010

Five Components of Internal Control

• Control environment - The control environment provides the company with the discipline and structure required for all aspects of risk management and control. It includes integrity, ethical values, organizational culture, and competence of employees, management’s philosophy and operating style, assignment of authority.

• Risk assessment - The risk assessment process involves the identification, evaluation, and management of risks that are significant to the achievement of an organization’s objective. The forensic auditor should obtain an understanding of the significant fraud risks and identify the implications of any such risks for the organization.

• Information and communication - All organizations should have information systems that measure process results and compare them with objectives. They should also have communication practices to ensure that senior management promptly receives all such information, both positive and negative.

• Control activities - These are the policies and procedures established by management as a response to internal and external risks.

• Monitoring - Management’s monitoring procedures involve the assessment of actual performance and the comparison of actual and anticipated performance. The board must fully understand the business risk issues and key performance indicators that could affect the ability of the organization to achieve its purpose in the long term. Business risk and key performance indicators should be benchmarked against industry norms and best practice.

No comments:

Post a Comment