This is a TEST. Image should match group

This is a TEST. Image should match group

Internal Controls

Internal control is a process designed to provide reasonable assurance regarding the achievement of the following objectives:

  • Effective and efficiency of operations
  • Reliability and integrity of financial and informational reporting
  • Compliance with applicable laws and regulations
  • Safeguarding of assets

Component of internal control are linked together forming a system which should react dynamically to changing conditions. Internal controls comprise the policies, plans, procedures and practices used to manage the organization and meet the organizations goals and objectives.


Control Environment: Is the foundation for all other components of internal control and provides the discipline and structure to the organization e.g., policies, procedures, guidelines, organization charts. Management is responsible for setting the overall control tone.  Employees must be competent and committed to following the policies and procedures and ethical standards and recognize that they will be held accountable.


Risk Assessment: Identifying the things that could go wrong and would have a significant impact. Identify and prioritize areas of potential risk, both internal and external, assess existing control activities and revise controls as needed.


Control Activities: A process or system of policies, procedures and practices that manage or reduce risk. Internals controls can be classified as preventative (pro-active, reduce the chance of occurrence) or dectective (identify a control breakdown or weakness after it has occurred).

Preventative controls:

  • written policies and procedures
  • segregation of duties
  • physical and technical safeguarding of assets
  • authorization and  approval
  • system and login passwords
  • signature authority

Dectective controls:

  • reconciliations
  • management or supervisory reviews,
  • audits
  • financial and budgetary review and analysis
  • monitoring of transactions

Due to inherent limitation (human error, staff size limitations) preventative control measures cannot ensure 100%, they are the first line of defense in minimizing risk. Internal Controls should be proactive, value-added, cost effective and address exposure to risk.

Management is responsible for developing an effective system of internal controls, which provides reasonable assurance; a balance between risk and business controls implemented.

All employees are responsible for following and applying those business practices.


Monitoring: Is it working? A process that assess the quality and effectiveness of the control system’s performance over time. Ongoing monitoring activities include various management and supervisory activities that evaluate and improve the design, execution and effectiveness of internal control. The use of spot checks of transactions or sampling can provide a reasonable level of assurance that the control is functioning as intended. Monitoring needs to be performed on a regular basis and in a timely manner. If you find a problem do a corrective action and continue monitoring.


Information: What you want others to know or be aware of e.g., written policies, procedures, guidelines, financial or operational reports, contracts, agreements, etc.


Communication: system to impart information throughout the organization and with Board of Trustees, NSF, other sponsors and the general public. Clear, concise, timely and provided when appropriate. Communication must flow up, down, across the organization as well as to outside members and sponsors.

Last updated by mcamp on September 2, 2015 - 3:56pm.
For questions regarding the content of this page, please contact the content editor.