Definitions Edit

Internal control is

[t]he method of safeguarding business assets, including verifying the accuracy and reliability of accounting data, promoting operational efficiency, and encouraging adherence to prescribed organizational policies and procedures.[1]
[a] process, affected by an organization's management or other personnel, designed to provide reasonable assurance regarding the achievement of objectives.[2]

Overview Edit

The five internal controls are:

access controls, which ensure that only authorized individuals can read, alter, or delete data; configuration management controls, which provide assurance that only authorized software programs are implemented; segregation of duties, which reduces the risk that one individual can independently perform inappropriate actions without detection; continuity of operations planning, which provides for the prevention of significant disruptions of computer-dependent operations; and an agencywide information security program (security management), which provides the framework for ensuring that risks are understood and that effective controls are selected and properly implemented.[3]

References Edit

  1. Auditing and Financial Management: Glossary of EDP Terminology, at 9.
  2. Playbook: Enterprise Risk Management for the U.S. Federal Government, at 105.
  3. Cybersecurity: Continued Attention Needed to Protect Our Nation's Critical Infrastructure and Federal Information Systems, at 9 n.15.

See also Edit