Launch offer — 25% off with code LAUNCH-25 See plans →
Try now → N
📚 Learn/ / Risk Assessment and Internal Control
Microlesson · 5-min read

Components of Internal Control – Monitoring and Control Activities

## Components of Internal Control

Internal control has five components. Two commonly tested in exams are Monitoring of Controls and Control Activities.

---

### Component 1: Monitoring of Controls

Definition: A process to assess the effectiveness of internal control performance over time.

Key features:

  • Assessing whether controls are operating as intended
  • Ensuring controls are modified as appropriate when conditions change
  • Enabling timely remedial action when control deficiencies are found

Exam trigger phrase: "Whether controls are operating as intended and modified for changes in conditions" → Monitoring of Controls

---

### Component 2: Control Activities

Definition: Policies and procedures that help ensure management directives are carried out.

Key feature — Segregation of Duties:

  • The person recording a transaction is different from the person authorising it
  • Prevents misstatements arising from concentration of responsibility in one person

Exam trigger phrase: "Segregation of duties / person recording ≠ person authorising" → Control Activities

---

### All Five Components (for context)

1. Control Environment

2. Entity's Risk Assessment Process

3. Information System and Communication

4. Control Activities ← segregation of duties

5. Monitoring of Controls ← ongoing effectiveness assessment

Worked example

### Example 1

Scenario (i): CA Amit checks whether controls in LMN Ltd. are operating as intended and whether they are modified for changes in conditions. Which component?

Answer: Monitoring of Controls — it is specifically about assessing whether controls remain effective over time and are adjusted when circumstances change.

### Example 2

Scenario (ii): CA Amit checks whether the person recording a transaction is different from the person authorising it. Which component?

Answer: Control Activities — segregation of duties is a core control activity that prevents misstatement by splitting incompatible functions between different individuals.

⚠️ Common exam mistakes

  • Mixing up Monitoring of Controls with the Risk Assessment component — monitoring evaluates whether existing controls work, while risk assessment identifies risks the entity faces.
  • Describing segregation of duties as part of the Control Environment instead of Control Activities.
  • Listing only two or three components when the question asks to 'explain all components of internal control' — all five must be covered.
Reference: — SA 315 – Identifying and Assessing the Risk of Material Misstatement through Understanding the Entity and its Environment
← Previous
Audit of Finance Lease Agreeme
Next →
Control Environment – Componen
Now that you've read this — what's next?
Move from understanding → mastery in 3 clicks. Each option below picks up from this lesson's topic.
🔥 Drill 5 Qs on this → ✍️ Adaptive practice →
Start 15-min diagnostic