The purpose of internal controls



Internal controls are a relevant part of any business. In order for an organization to meet its obligations and be a success it is imperative that it implements controls in an attempt to safeguard its assets, its employee and its continual existence. This paper explains the reasons why internal controls needs to be implemented, present a framework which describes its components and identify entities which foresees that procedures are followed and maintained. Controlling What Happens

Robins defend territories as pairs during the breeding season and as individuals during the winter. When dogs find bones, they bury it in a safe place and constantly make sure they are safe at all times. What these animal have in common is their desire to protect their assets and possessions. One of the most important acts a manager can do is to safeguard assets. The main purpose of internal controls is to help the organization to achieve its objectives and to make sure that the business operates as efficiently and as professionally as possible.

Lady using a tablet
Lady using a tablet


Essay Writers

Lady Using Tablet

Get your grade
or your money back

using our Essay Writing Service!

Essay Writing Service

In order to understand internal controls, it is imperative that one knows what they are, the definition of internal controls, the categories, the components of internal controls as well as the entities that foresee that internal control procedures are followed and maintained.

According to “SEC Proposes Rules on Internal Controls, Ethics Codes and Financial Experts on Audit Committees,” the American Institute of Certified Public Accountants defines internal controls as “controls that pertain to the preparation of financial statements for external purposes that are fairly presented in conformity with generally accepted accounting principles as addressed by the Codification of Auditing Standards Section 319 or any superseding definition or other literature that is issued or adopted by the Public Company Accounting Oversight Board” ( Haynes and Boone, LLP, 2002). They play a vital role and cannot be omitted from a business. This is because they ensure that employees as well as employers are providing reasonable assertions. In other words, they check the employees and employers actions and thoughts in a way which are meant to promote and better the business by preventing them from doing things their own way, or from robbing the business. They are established by management and they must make sure it is effective.

According to R. L. Hurt, the significance of controls cannot be stressed enough, “In the importance of internal controls managers, stockholders, employees, and other organizational stakeholders want a company to operate as effectively and efficiently as possible, to have financial statements that are reliable, and to make sure their assets are safe” (Hurt, 2008, p.53). They are basically a plan of organization within a business which co-ordinates with all the methods used in the business to safeguard its assets. It further promotes productivity and aids management to hold on to rules and policies of the organization.

Internal controls can be classified into two; preventive and detective. The main purpose of preventive controls is to detect errors within or dampen the chances of fraud. According to “Internal Control Concept and Framework,” preventive control activities “aim to deter the instance of errors or fraud” (University Of Washington, 2009). This is the most effective control because it checks against fraud, scams and errors before they occur. It is important to note that before it can become effective, it will be necessary to have a strong risk detection system within the organization. Detective controls identify errors or fraudulent activities after they take place. In other words, “Detective control activities identify undesirable "occurrences" after the fact” (University Of Washington, 2009). This method can cause problems if the after effect was significant, such as Enron and WorldCom. In such occasions, the most common detective control is reconciliation.

In an attempt to help businesses and organization improve their internal control systems, the Committee of Sponsoring Organizations of the Treadway Commissions, otherwise known as COSO was formed. COSO is a voluntary private-sector organization and was established in 1985 and consists of a select committee which includes the American Accounting Association, American Institute of Certified Public Accountants, Financial Executives International, Institute of Management Accountants and The Institute of Internal Auditors (The Committee of Sponsoring Organizations of the Treadway Commissions).

Lady using a tablet
Lady using a tablet


Writing Services

Lady Using Tablet

Always on Time

Marked to Standard

Order Now

The main purpose of COSO is to identify actions or activities which influence fraudulent practices in businesses and to identify way of minimizing their occurrences. According to the American Accounting Association, “COSO's Mission is to provide thought leadership on enterprise risk management, internal control and fraud deterrence designed to improve organizational performance and governance and to reduce the extent of fraud in organizations”(American Accounting Association, 2008, p. 3). In 1992, COSO established an internal control framework which consists of five components and are meant to be integrated within the management process to ensure success. These components consist of control environment, risk assessment, control activities, information and communication and finally monitoring.

Control Environment deals with the controllers and leaders of the business or company. In other words, this component talks mainly with management. The whole purpose is to make managers aware that internal controls begin in top management and thus cannot be effective without them playing an integral role in it. According to Lightle, Castellano and Cutting in their article, “Assessing the Control Environment,” they state that, “Of the five, the control environment may be the most critical, as well as the most difficult to manage and evaluate effectively” (Lightle, Castellano, Cutting, 2007, p. 52). They further state that “An effective control environment supports and strengthens the other control elements whereas a weak control environment undermines the other elements, rendering them useless” (p. 51). This environment emphasizes that if controls are not taken seriously by management, employees will also not take it serious. This is the reason why control environment is the backbone of the rest of the controls and without it, implementing ethical values and integrity in employees will be difficult.

Risk assessment deals with the processes used to identifying organizational risks and threats within an organization and finding cost effective controls to deal with them. According to AICPA, risk assessment is “the identification and analysis of relevant risks to achieve the objectives that form the basis to determine how risks should be managed” (American Institute of Certified Public Accountants, 2005). An effective way to make this work is to consider both internal and external aspect of the business before it can be successful to its highest capacity. According to Sarbanes-Oxley, an “effective risk assessment requires; definition of the objectives, determination of the compatibility of the objectives, identification of risks to achieving the objectives, determination of risks associated with change, judgment as to which risks are critical and determination of actions to mitigate risks starting with the critical ones” (Walz, 2008).

The third internal control framework of COSO is control activities. This component deals with the actions or actual controls executed in response to the information acquired from an effective risk assessment. They are the actual policies and procedures such as authorizations and approvals which aid management in making sure that organizational objectives are achievable.

Information and communication is another important part of business which cannot be overlooked. This is because the process and what information is passed on can cause a lot of problems within the organization. It is imperative that the information flows is as accurate in the organization as possible in a way that ensures the right message is sent to the right person with the right encoding and the receiver has no problem in deciphering it. Effective information and communication helps in minimizing control risks and is directed mainly to employees to be responsible and careful in how they deal with sending and receiving information. In summary, the information and communication component aims in improving or maintaining quality and efficiency in communication within the organization. Unfortunately, some businesses are too big to accommodate any significant control process. According to “Effective Internal Control Systems Are Key to Ensuring Compliance”, “Information and communication are the identification, capture, and exchange of information in a form and time frame that enable people to carry out their responsibilities” (Gundling, 2003).

Monitoring is the final component of the COSO framework. It deals mainly with the evaluation and assessment of the organization's system of controls. It basically looks as the operations of an organization over a period of time to evaluate whether their objectives are being accomplished. So in effect, it is imperative that management assesses their internal control system to make sure that they are acquiescent to the organization's standard of controlling risks. According to “COSO Document Covers Internal Control Monitoring”, “COSO Document Covers Internal Control Monitoring,” he states that effective monitoring occurs by “establishing a foundation for monitoring, designing and executing monitoring procedures that are prioritized based on risk and reporting the results of monitoring to the appropriate level” (McCollum, 2008). A good way to ensure monitoring is used in its most effective way is to ensure that there are people who are qualified or have gone through training in that field and can ensure that the process it taken the tight way. This is because if management does not fully comprehend its importance the whole process could fall apart. One important aspect of monitoring is that the process should be taken serious and that risks discovered during that period should be directed to the relevant staff for corrective measures.

Lady using a tablet
Lady using a tablet

This Essay is

a Student's Work

Lady Using Tablet

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

Examples of our work

Because of the extreme impact of the scandals that Enron and WoldCom brought into the business field, there have been entities which have been placed into the business field to prevent these fraudulent activities from occurring, one of these is the Sarbanes Oxley Act of 2002. According to” Making compliance effective,” the act “was passed by Congress and signed into law by President Bush in large part because of the spectacular failures of Enron, WorldCom and other public companies” (Engle, 2009).

Understanding the importance of internal controls can be difficult to comprehend. However the consequences of not adhering them are tougher to deal with. This can be seen by the utter chaos Enron and WorldCom have caused. Without controls goals and assets will be lost and operations will be terminated prematurely. Without internal controls, soon there will be no business.


Haynes and Boone, LLP, (2002). SEC Proposes Rules on Internal Controls, Ethics Codes and Financial Experts on Audit Committees. World Services Group, Retrieved from

Hurt, R. L. (2008). Accounting Information Systems: Basic Concepts & Current Issues. New York: McGraw-Hill.

University Of Washington, (2009, July 16). Internal Control Concept and Framework. Retrieved from

The Committee of Sponsoring Organizations of the Treadway Commissions, Initials. (n.d.). About Us. Retrieved from

American Accounting Association, (2008, April, 1). Mission and operating policies. Committee of Sponsoring Organizations, Retrieved 09/07/2009, from

Lightle, S., Castellano, J., & Cutting, B. (2007, December). Assessing the control environment. Internal Auditor, 64(6), 51-56. Retrieved 09/07/2009, from Business Source Complete database.

American Institute of Certified Public Accountants (2005). Internal control: a tool for the audit committee. Retrieved 09/07/2009, from American Institute of Certified Public Accountants Web site:

Walz, John (2008, April 11). Retrieved 09/07/2009, from Table Comparing COSO and ISO 9001 Web site:

Gundling, Richard L. (2003, October). Effective internal control systems are key to ensuring compliance. Journal of Health Care Compliance, 2, Retrieved 09/07/2009, from

McCollum, T (2008, August). COSO Document Covers Internal Control Monitoring. Internal Auditor, [65(4)], [13-14, 2].

Engle, Paul. (2009). Making compliance effective. Industrial Engineer: IE, 41(8), Retrieved from