Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

Share this Page URL
Help

Part six Risk assurance and reporting > 31 Evaluation of the control environmen... - Pg. 333

333 31 evaluation of the control environment nature of internal control The system of internal control within an organization is an important component in the successful management of its risks. Internal control is concerned with the meth- ods, processes and checks that are in place to ensure that a business or organization meets its objectives. There are alternative definitions of internal control and some of the key definitions are set out in Table 31.1. Internal controls can be considered to be the actions taken by management to plan, organize and direct the performance of sufficient actions to provide reasonable assurance that objectives will be achieved. The phrase `control environment' is preferred by internal auditors. ISO 31000 refers to the `risk management context'. COSO refers to the `internal environment'. In all cases, the intention is to refer to the level of maturity of the organization with regard to internal control activities. When referring to internal control activities, it is important to have a single definition within the organization. Table 31.1 sets out some of the best known definitions of internal control. Guide 73 defines control as a measure that is modifying risk. It also states that controls include any process, policy, device, practice or other action that modifies risk. Guide 73 also makes the important point that controls may not always exert the intended or assumed modifying effect. Internal control incorporates the organ- izational and hierarchical structure, as well as planning and objective setting. The scope of internal control extends to evaluation of controls designed to support the organization in achieving objectives and executing strategy, but it also applies to the control of actions to ensure that the organization does not miss business opportunities. When designing effective internal controls, the organization should look at the arrangements in place to achieve the following: maintenance of reliable systems; timely preparation of reliable information; safeguarding of assets; optimum use of resources; preventing and detecting fraud and error.