AIA is publishing a series of articles designed to take a quick look at key topics in accountancy, management and finance. Bookmark this page to update your knowledge when you can grab a spare five minutes. If you would like to suggest subjects for future articles, please contact us.


One of the most fundamental requirements of good corporate governance is the maintenance of a satisfactory system of internal controls.

Internal control consists of 5 components:

(a) The control environment

(b) The entity’s risk assessment process

(c) The information system, including the related business processes, relevant to financial reporting, and communication

(d) Control activities

(e) Monitoring of controls.

The management, and those responsible for governance, are obliged to ensure that the company has satisfactory risk assessment processes and an adequate information system incorporating sufficient control activities to ensure that the resultant financial statements present the results fairly (show a true and fair view) and safeguard the assets of the entity.

However, they have an even more important responsibility to ensure that the proper environment is created within the entity to ensure that the controls are properly respected including (and, indeed, especially) by those at the top of the organisation. A poor ‘tone at the top’ (control environment) will undermine even the most elaborate control systems. For example, top management should be seen to go through the same processes as other staff members in relation to claiming a reimbursement of expenses.

Those charged with governance also need to ensure that there is proper monitoring of the controls. This could be described as a system of ‘controls over the controls’ and usually requires the function of internal audit. Thus, it is often said that internal audit is part of internal control. Internal auditors will routinely confirm that, for example, prescribed key tests of controls (sometimes called compliance tests) are carried out as required. An example might be periodic confirmations carried out by the office of Internal Audit that all cash receipts are lodged to the bank on a daily basis.