top of page
  • Writer's pictureCCS

Internal Control Components: Monitoring

Updated: Dec 31, 2022

Monitoring assesses the effectiveness of the internal control’s performance over time.

The objective is to ensure that the controls are working properly and, if not, to take necessary corrective actions.

Monitoring provides feedback to management on whether the internal control system they have designed to mitigate risks is:

  • Effective in addressing the stated control objectives;

  • Properly implemented and understood by employees;

  • Being used and complied with daily; and

  • In need of modification or improvement to reflect changes in conditions.

Management accomplishes the monitoring of controls through ongoing activities, separate evaluations (including the use of an internal audit function), or a combination of these two.

Ongoing monitoring activities in smaller entities are informal and are usually built into the normal recurring activities of an entity.

This includes regular management and supervisory activities and reviewing exception reports that the information system may produce.

Where management is closely involved in operations, they will often identify significant variances from expectations and inaccuracies in financial data and take corrective action to modify or improve the control.

Periodic monitoring (separate evaluations of specific areas within the entity, such as those performed by an internal audit function in a larger company) is not common in smaller entities.

However, periodic evaluations of critical processes could be conducted by qualified employees not directly involved in those processes or by hiring an external and suitably qualified person.

Management’s monitoring activities may also include the use of information from external parties that indicates problems or highlights areas needing improvement. Examples of this could include:-

  • Complaints from customers;

  • Comments from governing bodies such as franchisors, financial institutions, and regulators; and

  • Communications relating to internal control from external auditors and consultants.

Sources of Information Used for Monitoring

The entity’s information system will produce much of the information used in monitoring.

Management may tend to assume that this information is accurate.

If this information is not accurate, there is a risk that management could reach incorrect conclusions and make poor decisions.

Accordingly, when the auditor is evaluating the monitoring of controls, an understanding is required of:-

  • The sources of the information related to the entity’s monitoring activities; and

  • The basis upon which management considers the information sufficiently reliable for the purpose.




  • 有效地实现了既定的控制目标。

  • 正确执行并被员工理解。

  • 每天都在使用和遵守;以及

  • 是否需要修改或改进以反映情况的变化。








  • 来自客户的投诉。

  • 来自管理机构的评论,如特许经营商、金融机构和监管机构;以及

  • 来自外部审计师和顾问的与内部控制有关的通信。






  • 与该实体的监控活动有关的信息来源;以及

  • 管理层认为该信息对于该目的来说足够可靠的依据。

Our website's articles, templates, and material are solely for you to look over. Although we make every effort to keep the information up to date and accurate, we make no representations or warranties of any kind, either express or implied, regarding the website or the information, articles, templates, or related graphics that are contained on the website in terms of its completeness, accuracy, reliability, suitability, or availability. Therefore, any reliance on such information is strictly at your own risk.

Keep in touch with us so that you can receive timely updates |


1. Website ✍️ 2. Telegram ✍️ 3. Facebook ✍

74 views0 comments

Recent Posts

See All


bottom of page