likelihood of the threat. Overview of Control Concepts Internal controls are the processes implemented to provide reasonable assurance that the following control objectives are achieved Safeguard assets—prevent or detect their unauthorized acquisition, use, or disposition Maintain records insufficient detail to report company assets accurately and fairly Provide accurate and reliable information Prepare financial reports in accordance with established criteria Promote and improve operational efficiency Encourage adherence to prescribed managerial policies Comply with applicable laws and regulations. Internal control is a process because it permeates an organization’s operating activities and is an integral part of management activities. Internal control provides reasonable assurance—complete assurance is difficult to achieve and prohibitively expensive. In addition, internal control systems have inherent limitations, such as susceptibility to simple errors and mistakes, faulty judgments and decision making, management overrides, and collusion. Developing an internal control system requires a thorough understanding of information technology (IT) capabilities and risks, as well as how to use IT to achieve an organization’s control objectives. Accountants and systems developers help management achieve their control objectives by (1) designing effective control systems that take a proactive approach to eliminating system threats and that detect, correct, and recover from threats when they occur and (2) making it easier to build controls into a system at the initial design stage than to add them after the fact. Internal controls perform three important functions: