New IFAC Publication Provides Support for Professional Accountants Improving Internal Control

    Filter By


    IFAC in the News

    by Vincent Tophoff, Senior Technical Manager, IFAC

    Sep 11, 2012
    Article for Member Bodies


    PAIB Committee


    Find more news & events related to:
    risk management and internal control, PAIB

    Keep Updated
    Get the latest news delivered to your inbox.

    Get the latest updates delivered straight to your inbox

    New IFAC Publication Provides Support for Professional Accountants Improving Internal Control

    Evaluating and Improving Internal Control in Organizations

    The Professional Accountants in Business (PAIB) Committee of the International Federation of Accountants (IFAC) has issued new International Good Practice Guidance (IGPG), Evaluating and Improving Internal Control in Organizations, highlighting areas where the practical application of existing internal control standards and frameworks often fails in many organizations.

    This new guidance is important to a professional accountant in business who works with his/her organization to continuously evaluate and improve internal control, and ensure that internal control is an integrated part of the organization’s systems of governance and risk management.

    In this guidance, internal control is defined as “an integral part of an organization’s system of governance and ability to manage risk, which is understood, effected, and actively monitored by the governing body, management, and other personnel to take advantage of the opportunities and to counter the threats to achieving the organization’s objectives.” Better integrated internal control can save the organization time and money, and promote the creation and preservation of value.

    At the heart of the IGPG are nine key principles for evaluating and improving internal control systems (see Key Principles) complemented by guidance on how to implement them. Questions that the guidance is designed to help answer are:

    • What should be the scope of internal control?
    • Who should be responsible for internal control?
    • How should controls be selected, implemented, and applied?
    • How can internal control be better ingrained into the DNA of the organization?
    • How should the organization report on internal control performance?

    Evaluating and improving internal control are among the core competencies of many professional accountants in business. Therefore, professional accountants can play a leading role in ensuring that internal control forms an integral part of an organization’s governance system and risk management. With an integrated, organization-wide approach to risk management and internal control, professional accountants in business also encourage the practice that risks be viewed and treated in a more holistic way; that is, with improved internal control.

    The guidance concludes with a limited list of relevant resources from IFAC, its member bodies, and other relevant organizations. It can be downloaded free of charge from


    Key Principles of Evaluating and Improving Internal Control

    The principles below represent good practice for evaluating and improving systems for internal control.

    1. Internal control should be used to support the organization in achieving its objectives by managing its risks, while complying with rules, regulations, and organizational policies. The organization should therefore make internal control part of risk management and integrate both in its overall governance system.
    2. The organization should determine the various roles and responsibilities with respect to internal control, including the governing body, management at all levels, employees, and internal and external assurance providers, as well as coordinate the collaboration among participants.
    3. The governing body and management should foster an organizational culture that motivates members of the organization to act in line with risk management strategy and policies on internal control set by the governing body to achieve the organization’s objectives. The tone and action at the top are critical in this respect.
    4. The governing body and management should link achievement of the organization’s internal control objectives to individual performance objectives. Each person within the organization should be held accountable for the achievement of assigned internal control objectives.
    5. The governing body, management, and other participants in the organization’s governance system should be sufficiently competent to fulfill the internal control responsibilities associated with their roles.
    6. Controls should always be designed, implemented, and applied as a response to specific risks and their causes and consequences.
    7. Management should ensure that regular communication regarding the internal control system, as well as the outcomes, takes place at all levels within the organization to make sure that the internal control principles are fully understood and correctly applied by all.
    8. Both individual controls as well as the internal control system as a whole should be regularly monitored and evaluated. Identification of unacceptably high levels of risk, control failures, or events that are outside the limits for risk taking could be a sign that an individual control or the internal control system is ineffective and needs to be improved.
    9. The governing body, together with management, should periodically report to stakeholders the organization’s risk profile as well as the structure and factual performance of the organization’s internal control system.

    About International Good Practice Guidance

    International Good Practice Guidance (IGPG) issued by the PAIB Committee cover areas of international and strategic importance in which professional accountants in business are likely to engage. In issuing principles-based guidance, IFAC seeks to foster a common and consistent approach to those aspects of the work of professional accountants in business not covered by international standards. IFAC seeks to clearly identify principles that are generally accepted internationally and applicable to organizations of all sizes in commerce, industry, education, and the public and not-for-profit sectors. Previously issued IGPG are available on the IFAC website, including Preface to IFAC’s International Good Practice Guidance.

    About the PAIB Committee

    The PAIB Committee serves IFAC member bodies and professional accountants worldwide who work in commerce, industry, financial services, education, and the public and the not-for-profit sectors. Its aim is to promote and contribute to the value of professional accountants in business by increasing awareness of the important roles professional accountants play, supporting member bodies in enhancing the competence of their members, and facilitating the communication and sharing of good practices and ideas.

    About IFAC

    IFAC is the global organization for the accountancy profession dedicated to serving the public interest by strengthening the profession and contributing to the development of strong international economies. IFAC is comprised of 167 members and associates in 127 countries and jurisdictions, representing approximately 2.5 million accountants in public practice, education, government service, industry, and commerce.


    Copyright © July 2012 by the International Federation of Accountants (IFAC). All rights reserved. Contact for permission to reproduce, store, or transmit this document.


    Related Resources


Important Note: Please read our website Terms of Use.

ALL RIGHTS ARE RESERVED. You may not reproduce, store or transmit in any form or by any means, electronic or otherwise, including photocopying, recording, or storage in any type of reference or information retrieval system, nor may you translate, modify or create derivative works or adaptations based on the text of any file, or any part thereof, without the prior written permission of the International Federation of Accountants (IFAC). Please direct permission requests to See also Permissions Information.