Assessable Unit

Identifiable segments or functions of an organization with a defined purpose that aid in the accomplishment of its mission.  Assessable units are not usually the functional sub-units found on an organization chart, but are segments of them. An assessable unit should be large enough to allow managers to evaluate a significant portion of the activity being examined, but not so large that managers cannot perform a meaningful evaluation without extensive time and effort.

Control Activities

Control activities are tools – both manual and automated – that help identify, prevent or reduce the risks that can impede accomplishment of the organization’s objectives.

Control Environment

The attitude toward internal control and control consciousness established and maintained by the management and employee of an organization.  It is a product of management’s governance, that is, its philosophy style and supportive attitude, as well as the competence ethical values, integrity and morale of the people of the organization.

Detective Controls

Controls designed to detect errors and irregularities which have already occurred and to assure their prompt attention.  Detective controls supply the means with which to correct data errors, modify controls or recover assets.

Internal Audit

An independent appraisal activity supported by management to review an organization’s operations as a means of assuring conformance with management policies and the effectiveness of internal control systems.  An internal audit tests the reliability of the internal control system, identifies material weaknesses, and includes recommendations to improve those controls to promote adherence to prescribed policies and procedures.

Internal Controls

The steps taken by an organization to provide reasonable assurance that the organization functions in an efficient and appropriate manner consistent with its policy objectives, applicable laws, regulations and related policies and procedures.  The methods used to successfully organize and manage daily operations.  Internal controls are an integral part of the operating procedures management uses to achieve its objectives and prevent undesirable results.

Internal Control Review

An ongoing and in-depth review activity to evaluate the adequacy of internal controls and to identify internal control weaknesses and the actions needed to correct these weaknesses. An internal control review may include narratives, questionnaires, and flowcharts to document the risks and control activities.

Mission

The reason and organization exists.  It provides a sense of direction and purpose to all members of the organization, regardless of their position, and provides guidance when making critical decisions.

Preventative Controls

Controls designed to keep errors or irregularities from occurring in the first place.  They are built into internal control systems and require a major effort in the initial design and implementation stages.  Once in place, these controls do not require significant ongoing investment.

Vulnerability (risk) Assessment

The methodology followed by management to determine the relative susceptibility of programs, functions, or organizational entities to conscious or unintended abuse, or misuse through misappropriation of assets, accounting or reporting errors, or reduced operational efficiency. Risk analysis is another term for this type of activity.