What Are Internal Controls?
Internal controls are policies and procedures designed to provide reasonable assurance that an organization achieves its objectives in three categories: effectiveness and efficiency of operations, reliability of financial reporting, and compliance with applicable laws and regulations.
COSO Framework
The COSO framework identifies five interrelated components: (1) Control Environment — the tone at the top, ethics, oversight; (2) Risk Assessment — identifying and analyzing threats; (3) Control Activities — policies and procedures that address risks; (4) Information & Communication — capturing and sharing relevant data; (5) Monitoring Activities — ongoing evaluation of control effectiveness.
Reasonable Assurance
Internal controls provide REASONABLE assurance, NOT absolute assurance. Limitations include cost-benefit constraints, management override, human error, and collusion among employees.