Internal control is a system of integrated elements—people, structure, processes, and procedures—acting together to provide reasonable assurance that an organization achieves its business process goals. The design and operation of the internal control system is the responsibility of top management and therefore should:
- Reflect management’s careful assessment of risks.
- Be based on management’s evaluation of costs versus benefits.
- Be built on management’s strong sense of business ethics and personal integrity.
Before discussing two key elements of the definition, which we call control goals and control plans, let’s pause to examine the underpinnings of the system—namely, its ethical foundation. As you read this section, consider the events that unfolded at Enron.