Introduction
Senior executives have long sought ways to better control the enterprises they run. Internal controls are put in place to keep the company on course toward profitability goals and achievement of its mission, and to minimize surprises along the way. Corporate governance has become a top priority for boards of directors, management, auditors, and stakeholders. How can Enterprise Risk Management (ERM) be integrated with internal controls and corporate governance to effectively minimize risk for an organization?
Internal Controls
Internal control is broadly defined as a process, effected by an entity's board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories:
• Effectiveness and efficiency of operations.
• Reliability of financial reporting.
• Compliance with applicable laws and regulations
Because internal control serves many important purposes, there are increasing calls for better internal control systems and report cards on them. Internal control is looked upon more and more as a solution to a variety of potential problems.
Internal control is, to some degree, the responsibility of everyone in an organization and therefore should be an explicit or implicit part of everyone's job description. Virtually all employees produce information used in the internal control system or take other actions needed to effect control. Also, all personnel should be responsible for communicating upward problems in operations, noncompliance with the code of conduct, or other policy violations or illegal actions (http://www.coso.org/publications/executive_summary_integrated_fram ...