Accounting Procedures Handbook

4 INTERNAL CONTROL The Framework assists management, boards of directors, external stakeholders, and others interacting with the entity in their respective duties regarding internal control without being overly prescriptive. It does so by providing both understanding of what constitutes a system of internal control and insight into when internal control is being applied effectively. Internal control is not a serial process but a dynamic and integrated process. The Framework applies to all entities: large, mid-size, small, for-profit and not-for- profit, and government bodies. The Framework provides for three categories of objectives, which allow organizations to focus on differing aspects of internal control: • Operations Objectives—These pertain to effectiveness and efficiency of the entity’s operations, including operational and financial performance goals, and safeguarding assets against loss. • Reporting Objectives—These pertain to internal and external financial and non-financial reporting and may encompass reliability, timeliness, transparency, or other terms as set forth by regulators, recognized standard setters, or the entity’s policies. • Compliance Objectives—These pertain to adherence to laws and regulations to which the entity is subject. III. COMPONENTS OF INTERNAL CONTROL The five major components of an effective internal control framework include: • Control Environment • Risk Assessment • Control Activities • Information and Communication • Monitoring A brief overview of each of these components (as outlined in the COSO Internal Control – Integrated Framework Executive Summary) follows. A. Control Environment The control environment is the set of standards, processes, and structures that provide the basis for carrying out internal control across the organization. The board of directors and senior management establish the tone at the top regarding the importance of internal control including expected standards of conduct. Management reinforces expectations at the various levels of the organization. The control environment comprises the integrity and ethical values of the organization; the parameters enabling the board of directors to carry out its governance oversight responsibilities; the organizational structure and assignment of authority and responsibility; the process for attracting, developing, and retaining competent individuals; and the rigor around performance measures, incentives, and rewards to drive accountability for performance. The resulting control environment has a pervasive impact on the overall system of internal control.