Internal control is
|“||[t]he method of safeguarding business assets, including verifying the accuracy and reliability of accounting data, promoting operational efficiency, and encouraging adherence to prescribed organizational policies and procedures.||”|
|“||[a] process, affected by an organization's management or other personnel, designed to provide reasonable assurance regarding the achievement of objectives.||”|
The five internal controls are:
|“||access controls, which ensure that only authorized individuals can read, alter, or delete data; configuration management controls, which provide assurance that only authorized software programs are implemented; segregation of duties, which reduces the risk that one individual can independently perform inappropriate actions without detection; continuity of operations planning, which provides for the prevention of significant disruptions of computer-dependent operations; and an agencywide information security program (security management), which provides the framework for ensuring that risks are understood and that effective controls are selected and properly implemented.||”|
- ↑ Auditing and Financial Management: Glossary of EDP Terminology, at 9.
- ↑ Playbook: Enterprise Risk Management for the U.S. Federal Government, at 105.
- ↑ Cybersecurity: Continued Attention Needed to Protect Our Nation's Critical Infrastructure and Federal Information Systems, at 9 n.15.