Developed by the Committee of Sponsoring Organizations of the Treadway Commission (COSO), five categories of internal control are used in combination to help the organization meet its needs. They make up the internal control structure of a board when they are combined.

In their book “The Best of Boards,” Marci Thomas and Kim Strom-Gottfried lay out the five categories, and what roles they play:

• Control Environment: This sets the tone from the top of the organization. This type of control includes integrity and ethical values, commitment to competence, and management’s philosophy and operating style. A board that combats fraud the best will have a strong control environment.
• Risk Assessment Process: This refers to the process the organization goes through to identify the risks that would prevent it from meeting its objectives. Examples of this could be internal factors such as lack of diversity of funding sources or turnover in key positions.
• Information Controls: These types of controls are necessary to initiate, authorize, process, record, and report transactions and events in financial statements and to communicate the results to management and employees.
• Communication Controls: Involves the quality of communications between multiple sources. These can be the board and management, the board and external and internal auditors, and management and donors. Two-way communication is essential to ensure transparency and accountability on a board.
• Monitoring: Occurs when management follows up to determine whether the nonprofit’s staff members are performing their duties as expected. Monitoring is one of the most important aspects of internal control.

Share this story

Story tools