Definitions[]
Internal control is
“ | [t]he method of safeguarding business assets, including verifying the accuracy and reliability of accounting data, promoting operational efficiency, and encouraging adherence to prescribed organizational policies and procedures.[1] | ” |
“ | [a] process, affected by an organization's management or other personnel, designed to provide reasonable assurance regarding the achievement of objectives.[2] | ” |
Overview[]
The five internal controls are:
“ | access controls, which ensure that only authorized individuals can read, alter, or delete data; configuration management controls, which provide assurance that only authorized software programs are implemented; segregation of duties, which reduces the risk that one individual can independently perform inappropriate actions without detection; continuity of operations planning, which provides for the prevention of significant disruptions of computer-dependent operations; and an agencywide information security program (security management), which provides the framework for ensuring that risks are understood and that effective controls are selected and properly implemented.[3] | ” |