Contact Us



An Organization’s Internal Control Environment

What are Internal Controls?

The preparation of reliable financial information is a key responsibility held by every company’s management and thus the accuracy of that information is imperative. Internal Controls over Financial Reporting (“ICFR”) refers to the controls specifically designed to mitigate the risks that may arise in relation to financial reporting processes. To attain accuracy and instil confidence in a company’s financial information, it becomes vital for every process within the finance function to encompass robust internal controls.

The 5 Components of Internal Controls

Control Environment comprises of a company’s core values, policies and procedures, and the overall organizational structure. “Tone at the Top” is also a key component of the company’s control environment, demonstrating management’s commitment to the company’s core values and ethics. Risks may arise in a company where the control environment is perceived as being weak.

Risk assessment is a vital tool used to identify risks at several levels of the organization or within a specific process. Further, the risk assessment identifies the established internal controls for each risk and assesses the adequacy of each.

Control activities are developed by management to assist in the deterrence of the risks identified within the risk assessment. These activities include the implementation of and the adherence to internal policies and procedures.

Information and communication is imperative for any organization to assess and ultimately support its internal controls. Maintaining and communicating accurate information enables management to execute in a timely and informed manner.

Monitoring relates to the ongoing assessment of the organization’s internal controls to ensure that deviations to the internal control components are identified and addresses.

Types of Internal Controls

Preventative controls are proactive and attempt to deter or mitigate fraud risk, including the misappropriation of assets. Examples of preventative controls includes segregation of duties, system access controls and appropriate approvals and delegation of authority for specific transactions.

Detective controls are designed to identify errors or irregularities after the transaction has occurred. Once the preventative controls are in place, detective controls are essential since they determine whether the preventative controls are operating effectively. Examples of detective controls include bank reconciliations, physical inventory counts, monthly account reconciliations and internal audits.

Corrective controls are implemented in the event that errors and/or irregularities have been identified. Corrective controls include updating policies and procedures and taking disciplinary action to ensure the corrective measures are being enforced going forward.

The key functions in finance where companies should consider implementing controls include:

  • Cash collections and handling
  • Accounts payables
  • Accounts receivables
  • Inventory and cost management
  • Payroll
  • Asset management
  • Journal entry and financial statement review
GG Observations

While most business owners focus mainly on a company’s efficiency and profitability, it becomes just as crucial to understand the internal controls related to underlying processes that contribute to the efficiency and profitability. Established internal systems should be in place to ensure that the organization’s processes function effectively through a robust internal control system. Our team of professionals can assist you in assessing your current internal control environment and providing recommendations on where to strengthen your controls.

Share This Post



Alessandra Leggio

CPA, CA, CPA (Florida), CAMS, CFE, CFI

Related Publications