Internal Control

Internal Controls are a critical piece of every organizations operation. Designed to provide reasonable assurance regarding the achievement of objectives, internal controls are the “checks and balances” put in place by an entity’s board of directors, management and other personnel. These “checks and balances” are incorporated into daily tasks and if properly designed and operating effectively, provide the board of directors and management reasonable assurance that the organization is operating efficiently and effectively, financial reports are reliable and the organization has complied with applicable laws and regulations.

This page is dedicated to the promotion of internal controls within Solano County.  The information below will provide a resource for management and other personnel in achieving their responsibility for designing and operating a strong system of controls.

The 5 Components of Internal Control

COSO developed a model for evaluating internal controls. This model has been adopted as the generally accepted framework for internal control and is widely recognized as the definitive standard against which organizations measure the effectiveness of their systems of internal control. 

COSO is the Committee of Sponsoring Organizations of the Treadway Commission and is dedicated to providing thought leadership through the development of comprehensive frameworks and guidance on internal control, enterprise risk management, and fraud deterrence designed to improve organizational performance and oversight and to reduce the extent of fraud in organizations.

A system of internal control has five components. An accountant must be aware of these components when designing an accounting system, as does anyone who audits
the system. The components of an internal control system are as follows:

  • Control environment - This is the attitude of management and their employees regarding the needs for internal controls. 
  • Risk assessment - This is the process of reviewing the business to see where the most critical risks lie, and then designing controls to address those risks.
  • Control activities - This is the use of accounting systems, information technology, and other resources to ensure that appropriate controls are put in place and operating properly.
  • Information and communication - Information about controls should be communicated to management in a timely manner, so that shortfalls can be addressed promptly.
  • Monitoring - This is the set of processes used by management to examine and assess whether its internal controls are functioning properly.

Segregation of Duties

Segregation of duties helps prevent fraud, waste, and abuse in the internal control system. Management should separate control activities related to authority, custody, and accounting of operations to achieve adequate segregation of duties.

Segregation of duties can address the risk of management override. Management override circumvents existing internal controls and increases fraud risk. Management addresses this risk through segregation of duties, but cannot absolutely prevent it because of the risk of collusion, where two or more employees act together to commit fraud.

If segregation of duties is not practical within an operational process because of limited personnel or other factors, management designs alternative control activities to address the risk of fraud, waste, or abuse in the operational process.