Internal control
Internal control is a system for increasing likelihood that a goal-oriented process works as planned. It contributes to achievement of objectives and other expectations set to the process, including expectations about acceptable or allowed behavior [1].
Concept of internal control has been associated primary with financial management. Nowerdays it is generally agreed that internal control is most important for the business itself.
Frameworks
Frameworks, also called models, have emerged to make it easy to examine internal control and to communicate about it. According to these frameworks internal control has objectives derived from business needs: ensuring achievement of expectations as regards operational effectiveness and efficiency, reporting, and compliance with laws, regulations and rules. These objectives are aspired after with elements that can be put in three categories: behavior of employees and management, information needed for control, and various control activities.
Examples of internal control frameworks and models are
- COBIT: Control Objectives for Information and related Technology (COBIT) by IT Governance Insitute (1996, 1998, 2000)
- ECAR: ECAR model by Matti Mattila
- CoCo: Guidance on Control by The Canadian Institute of Chartered Accountants (1995)
- COSO IC: Internal control - integrated framework by Committee of Sponsorng Organizatons of the Tradway Commission (1992)
References
[1] Matti Mattila: Tehtävänä valvonta (1997)