A comprehensive definition is given by the Committee of Sponsoring Organisations of the Treadway Commission (COSO Report):
"Internal control is a process, effected by an entity's board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories:
* Effectiveness and efficiency of operations.
* Reliability of financial reporting.
* Compliance with applicable laws and regulations."
Simply stated, internal controls are those procedures performed every day, for example, filling in a leave form and having it signed and approved by the line manager. These are procedures implemented in order to establish and enhance good business practices.
Internal control can help the University to:
- achieve its strategic objectives;
- prevent resource and asset losses;
- enhance reliable financial reporting;
- ensure compliance with legislation and regulations; and
- avoid impairment of the University's reputation and prevent a lengthy restoration process.
In short: internal control can help the University to achieve its objectives and simultaneously avoid hazards and risks along the way.
The responsibility of the internal auditor concerning internal control is to verify whether the internal control procedures are working effectively and efficiently and to make recommendations to management concerning any deficiencies in the system of internal control.
The responsibility of management on the other hand, is to establish and maintain an effective and efficient internal control system. It is management’s responsibility to update policies and procedures and to promote internal control in order to create awareness among employees that they are part of the internal control process and that they play a vital role in maintaining and improving the control environment.