Internal control is a process designed to provide reasonable assurance regarding the

achievement of objectives in the following categories:

· Effectiveness and efficiency of operations

· Reliability of financial reporting

· Compliance with applicable laws and regulations

Several key points should be made about this definition:

1. People at every level of an organization affect internal control. Internal control is, 

to some degree, everyone's responsibility.  Within the University of California,

administrative employees at the department-level are primarily responsible for

internal control in their departments.

2.  Effective internal control helps an organization achieve its operations, financial 

reporting, and compliance objectives. Effective internal control is a built-in part of 

the management process (i.e., plan, organize, direct, and control).  Internal control

keeps an organization on course toward its objectives and the achievement of its

mission, and minimizes surprises along the way.  Internal control promotes

effectiveness and efficiency of operations, reduces the risk of asset loss, and helps to 

ensure compliance with laws and regulations.  Internal control also ensures the

reliability of financial reporting (i.e., all transactions are recorded and that all recorded 

transactions are real, properly valued, recorded on a timely basis, properly classified, 

and correctly summarized and posted).

3. Internal control can provide only reasonable assurance - not absolute assurance -

regarding the achievement of an organization's objectives. Effective internal control 

helps an organization achieve its objectives; it does not ensure success.  There are 

several reasons why internal control cannot provide absolute assurance that objectives 

will be achieved: cost/benefit realities, collusion among employees, and external

events beyond an organization's control.