Skip To Content
Register for CMA Research access.
If already registered, login.
Forgot your password?
Return to Login
Internal control mechanisms are the set of tools, authorizations, procedures, and standards designed within a system that regulate processes to provide management, the board of directors, and others with reasonable assurance that the goals and objectives important to the organization will be met.
Internal control mechanisms encompass the suite of policies, processes, culture, tasks, and other aspects of an organization that support the effective achievement of its objectives. They facilitate the efficiency of operations and compliance with applicable laws and regulations, contribute to effective risk management, and strengthen an organization’s capacity to respond appropriately to business opportunities and threats.
The board of directors is ultimately responsible for ensuring that such a system of control mechanisms is properly established and maintained. As part of this responsibility, the board should regularly review the system of internal controls at a high level, to determine that it works as expected and remains appropriate.
Internal control mechanisms aim to provide a suite of tools to systematically ensure that organizational effectiveness is achieved on an ongoing basis. This does not occur in a vacuum and requires the active involvement of both management and its governance structures.
A core control mechanism is monitoring, often done with the assistance of information technology and always based on reporting by team leaders, functional management teams such as risk management, security and finance, compliance teams, internal audit, external audit, board committees, and senior management, including the president and the chief executive officer. Examples of useful internal control reports to be monitored are varied and include the following:
• reports for management on the operations and financial condition;
• performance reports on risk management and other control systems;
• reviews and reports on any significant non-compliance with controls, the organization’s code of
conduct, or laws and regulations;
• internal and external auditors’ opinions on the adequacy of controls for the organization as a whole
and for individual business activities, and follow-ups on their recommendations for improvements;
• views and observations of investors, regulators, industry analysts, and even stakeholders, activists,
media, and social media sources about the organization.
© 2013 Chartered Professional Accountants of Canada (CPA Canada). All rights reserved.
®/TM Registered Trade-Marks/Trade-Marks are owned by Chartered Professional Accountants of Canada (CPA Canada).