Components of the internal control environment








            1.Control Environment

            This is the attitude of management and their employees regarding the need for internal controls. If the controls
            are taken seriously, this greatly enhances the robustness of the system of internal control.

            2.Risk Assessment

            This is the process of reviewing the business to see where the most critical risks lie, and then designing controls to
            address those risks. This assessment must be conducted on a regular basis, to take into account any new risks
            introduced by changes in the business.

            3.Control Activities
            This is the use of accounting systems, information technology, and other resources to ensure that appropriate
            controls are put in place and operating properly. For example, there may be accounting systems in place to
            periodically conduct inventory audits and fixed asset audits. In addition, there may be off-site backups to minimize
            the risk of lost data.
            4.Information systems

            Information about controls should be communicated to management in a timely manner, so that shortfalls can be
            addressed promptly. The amount of information communicated should be appropriate to the needs of the
            recipient.
            5.Monitoring

            This is the set of processes used by management to examine and assess whether its internal controls are
            functioning properly. Ideally, management should be able to spot control failures and make adjustments to
            improve the control environment.