Setting objectives, budgets, plans and other expectations establish criteria for control. Control itself exists to keep performance or a state of affairs within what is expected, allowed or accepted. Internal control structure is a plan determining how internal control consists of these elements.
There are a variety of definitions of internal control, as it affects the various constituencies of an organization in various ways and at different levels of aggregation. The most common are COSO, KonTraG in Germany, ICS in Switzerland etc.
Under the COSO Internal Control-Integrated Framework, internal control is more broadly defined as a process, effected by an entity's board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in multiple categories.
- Effectiveness and efficiency of operations
- Reliability of financial reporting
- Compliance with laws and regulations
"Increasingly firms are moving away from their fixation on “box-ticking” compliance and are working towards integrating ORM into everyday business activities. This has resulted in development of value-based ORM initiatives to justify the required budgets for comprehensive ORM and GRC systems."
Chartis Research, 2009