Internal control activities are designed to provide reasonable assurance that particular objectives are achieved, or related progress understood. The specific target used to determine whether a control is operating effectively is called the control objective. Control objectives fall under several detailed categories; in financial auditing, they relate to particular financial statement assertions, but broader frameworks are helpful to also capture operational and compliance aspects:
Existence (Validity): Only valid or authorized transactions are processed (i.e., no invalid transactions)
Occurrence (Cutoff): Transactions occurred during the correct period or were processed timely.
Completeness: All transactions are processed that should be (i.e., no omissions)
Validation: Transactions are calculated using an appropriate methodology or are computationally accurate.
Right & Obligations: Assets represent the rights of the company, and liabilities its obligations, as of a given date.
Presentation & Disclosure (Classification): Components of financial statements (or other reporting) are properly classified (by type or account) and described.
Reasonableness-transactions: or results appear reasonable relative to other data or trends.
For example, a control objective for an accounts payable function might be: “Payments are only made to authorized vendors for goods or services received.” This is a validity objective. A typical control procedure designed to achieve this objective is: “The accounts payable system compares the purchase order, receiving record, and vendor invoice prior to authorizing payment.”
Management is responsible for implementing appropriate controls that apply to transactions in their areas of responsibility. Internal auditors perform their audits to evaluate whether the controls are designed and implemented effectively to address the relevant objectives.