Effectiveness of Internal Controls

The most widely respected authority on internal controls is the Committee of Sponsoring Organizations (COSO).
COSO offers the following definition:
Internal control is a process, effected by an entity's board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories:

  • Effectiveness and efficiency of operations
  • Reliability of financial reporting
  • Compliance with applicable laws and regulations

The COSO web site provides extensive articles and other information about the importance of internal control.

Professional auditing standards require external auditors to report any major weaknesses or deficiencies in internal controls to the Audit Committee. Other questions that Audit Committee members may pose to the external auditor, include:

  • What expectations has management set for the design and adherence to sound internal controls?
  • Provide examples of major internal control cycles examined as part of the audit?
  • Were any significant changes in internal controls implemented in the past year?
  • Beyond major weaknesses or deficiencies, did you report other opportunities to management for improving internal controls? Why were these issues not considered to be major weaknesses or deficiencies?
  • How reliable are the information technology systems used to process accounting transactions?