Components of Internal Control:
o The control environment: sets the tone of an organization, influencing the control consciousness of its people. It is the foundation for effective internal control, providing discipline and structure. The control environment includes the attitudes, awareness, policies, and actions of management and the board of directors concerning the entity's internal control and its importance in the entity.
o The entity's risk assessment process: How management identifies risks relevant to the preparation of financial statements that are fairly presented in conformity with GAAP, estimates their significance, assesses the likelihood of their occurrence, and decides upon actions to manage them.
o The information system and related business processes relevant to financial reporting and communication: includes the accounting system, consists of the procedures, whether automated or manual, and records established to initiate, record, process, and report entity transactions and to maintain accountability for the related assets, liabilities, and equity. Communication involves providing an understanding of individual roles and responsibilities pertaining to internal control over financial reporting.
o Control activities: policies and procedures that help ensure that management directives are carried out, for example, that necessary actions are taken to address risks to achievement of the entity's objectives. Control activities, whether automated or manual, have various objectives and are applied at various organizational and functional levels.
o Monitoring of controls: A process to assess the quality of internal control performance over time. It involves assessing the design and operation of controls on a timely basis and taking necessary corrective actions.