Internal Control- Integrated Framework, issued September 1992, by
the Committee of Sponsoring Organizations of the Treadway
Commission (COSO) defines internal control as:
“A process, effected by an entity’s board of directors, management
and other personnel, designed to provide reasonable assurance
regarding the achievement of objectives in the following categories:
Effectiveness and efficiency of operations.
Reliability of financial reporting.
Compliance with applicable laws and regulations.
This definition was later supplemented to include not only
reasonable expectation that a management report will not cover only
contract to help ensure that transactions involving the entity’s assets
are properly reflected in the financial statements, but also controls
to help prevent or timely detect unauthorized acquisition, use or
disposition of the underlying assets. Accordingly, for purposes of
public management reporting, the following definition is provided:
Internal control over safeguarding of assets against
unauthorized acquisition, use or disposition is a process,
effected by an entity’s board of directors, management, and
other personnel, designed to provide reasonable assurance
regarding prevention or timely detection of unauthorized
acquisition, use or disposition of the entity’s assets that could
have a material effect on the financial statements.
A related definition of effectiveness is as follows:
Such internal control can be judged effective if the board of
directors and management have reasonable assurance that
unauthorized acquisition, use or disposition of the entity’s
assets that could have been a material effect on the financial
statements is being prevented or detected on a timely basis.
Internal control is not one event or circumstance, but a series of
actions that are inherent in the way management runs the entity.
Internal control is a part of the process of management and is
integrated with them. It should not be viewed as a necessary burden
imposed by regulators or overzealous bureaucrats.
Internal controls are most effective when they are built into the
entity’s infrastructure and as a part of the essence of the enterprise.
They should be “built in” rather than “built on”.
Internal control is affected by people. People establish the entity’s
objectives and put control mechanisms in place. People must know
their responsibilities and limits of authority.
There are limitations inherent in all internal control systems. No
matter how well designed and operated, internal control can provide
only reasonable assurance to management and the board of directors
regarding achievement of an entity’s objectives. Such can be caused
by the realities that human judgment can be faulty, and persons
responsible for establishing internal controls need to consider their
relative costs and benefits, and breakdowns can occur because of
A good system of internal control contains the following features:
1. No person should have complete control over all phases of
any significant transactions.
2. The flow of work should be from one employee to another
so that the work of the second, without duplicating that of
the first, provides a check upon it.
3. Record keeping should be separated from operations or the
handling and custody of assets such as:
a. The function of receiving cash should be
centralized in one person, who should not be
concerned in any way with certifying invoices,
acting as imprest fund cashier, reconciling bank
accounts, approving disbursements, or signing
checks. In this connection, the person who certifies
vouchers, or disburses cash should have oversight by
a person who does none of the previous.
b. At as early a point as possible in mail handling,
preferably at the point where the envelopes are
opened immediately upon receipt, all checks and
negotiable instruments should be stamped with a
restrictive endorsement (such as “DEPOSIT ONLY”),
all cash items should be recorded in duplicate, and
a copy of the receipt delivered to the person
responsible for making bank reconciliations.
c. Periodic examination and count or other review of
cash balances should be made by employees who do
not handle or record cash or sign checks.
4. Physical and mechanical facilities should be used to the
fullest extent possible to insure security and accuracy, such
as using security vaults or safe-cabinets and check-writing
5. Responsibilities should be clearly established and then
accounted for as closely as possible.
6. Other control devices pertaining to cash include:
a. All cash receipts shall be deposited timely and
b. Collections and all other funds held within an
office whether pending regular deposit or in imprest
funds, shall be, where possible, restrictively
endorsed and kept under complete control and
proper safeguards, preferably in a fire resistant
combination safe or safe cabinet.
c. Uncollectible items, such as returned checks, and
the related documents shall not be handled by the
person making up deposits or by the person
handling accounts receivable.
d. Persons preparing payrolls, should not be the person
who records payroll records.
e. Bank statements should be reconciled promptly by
employees who do not handle or record cash or
prepare or sign checks.
f. The number of bank accounts and inter-bank
transfers and inter-fund transfers should be kept to