Internal Control Systems As They Relate to Risk Management

Posted on October 12, 2017 By

Tyco, WorldCom, and Enron are usually examples companies that failed due to improper internal controls. Internal handle systems are useful to organizations simply because they identify and correct accounting scams or errors. However, internal settings are useless if risks related to an organization’s routine decisions aren’t monitored. Enterprise risk management (ERM) concentrates on risks to an organization’s procedures and ensures that controls are in location to eliminate, mitigate, or make up for those risks (Louwers, Ramsay, Sinason, & Strawser). Additionally, ERM recognizes and assesses risks to management’s objectives by evaluating internal handle components; control environment, risk evaluation, control procedures, monitoring, and details and communication.

Control Environment

An efficient control environment primarily defines company structure, commitment to competence, project of authority and responsibility, plus internal audit functions. Control conditions are important any type of risk approach since it establishes organizational tone, the foundation associated with organizational internal control, and its reaction to risk (Louwers et al).

Risk Assessment

Risk assessment is the procedure used to estimate the likelihood plus impact of risks on management’s objectives. Risk assessment generally consists of risk-response. After potential risks are usually identified, they become part of a good organization’s risk portfolio. Risk reaction is then used to assess correlations and total impact plus make changes to optimize the danger portfolio (McCarthy, Flynn, and Brownstein).

Control Procedure

Control procedures are activities taken by management to eliminate, reduce, and compensate for risks (Louwers ainsi que al. ). The most frequently utilized control procedures are performance testimonials, segregation of duties, physical handles, and information-processing controls. Performance testimonials gives management the opportunity to execute periodic evaluations of the organization’s goals and ensure they are being met. Segregation of duties separates tasks for example authorization to execute transactions, documenting transactions, and periodic reconciliation associated with existing assets to current quantities to reduce the risk of an personal creating and concealing errors, scams, and misstatements within the organization (Louwers et al. ). Organizations possess physical controls in place to avoid access to documents, inventory, plus specific areas by unauthorized people. Information-processing controls create audit paths and are in place to ensure monetary statement transactions are processed properly.


Monitoring is an ongoing assessment from the quality of an organization’s internal handles. Examples of monitoring controls might include analyzing customer or vendor payment complaints, supervising the accuracy associated with transaction processing, and comparing documented amounts to assets and financial obligations (Louwers et al. ). Monitoring activities are similar to control actions. Unlike control activities, monitoring routines are more in-depth because they include determining weaknesses in other controls. Although supervising includes management related tasks, review committees are generally assigned these jobs.

Information and Communication

Information and conversation are necessary for management to total an organization’s objectives. Information techniques are effective when they consistently provide well-timed, current, accurate, and accessible details related to an organization’s exterior sources. Communication is the means of communicating information to internal and external sources by means of report production and distribution (Louwers et al. ).


Insurance plus portfolio approaches are good tools simply because they give organizations the opportunity to arrange their investments within their tolerated danger range and save costs upon investments that are immaterial and related to their investment objectives. However, these approaches do not provide for regular and timely evaluations that guide up these approaches or make sure that the organization’s objectives are regularly met. To ensure all of a good organization’s objectives are met plus properly handled, implementation of a program that will complement an effective internal handle system and the insurance and profile approaches in necessary.

Cyber Security     , , , , ,