EN | 中文  

Specialist Accounting & Risk Management

Internal Controls

It is fundamental for a business to have efficient and robust internal control systems in place to ensure effective corporate governance. Growth in the business invites more sophisticated demands and may necessitate the need to update systems and processes in order to address associated business risk factors caused by inadequate internal controls.

The COSO Framework

The five major components of Internal Controls according to COSO Framework are Control Environment, Risk Assessment, Control Activities, Communication and Monitoring. All 17 principles under the five major components are required to be included and functioning effectively in a company’s internal control structure. Each company must address each principle specifically and have a rationalization formally documented if one of the principles is deemed not applicable. The 17 principles consist of the following concepts:

Control Environment

  • Commitment to integrity, ethical values, and behavior of key executives
  • The company maintains appropriate corporate governance and oversight
  • The company creates an appropriate organizational structure and ensures assignment of authority and responsibility
  • Management demonstrates a commitment to competence
  • Accountability is established and enforced

Risk Assessment

  • Appropriate entity-level objectives have been established and communicated
  • A risk assessment process allowing for the identification and analysis of risk has been established
  • Fraud risk is assessed.
  • Established processes exist to identify and analyze internal and external significant changes which may affect the entity

Control Activities

  •  Control activities are designed and developed
    •    General controls over information technology are designed and developed
    •    Policies and procedures set out the control activities


  •  Information systems provide management with relevant external and internal information, and that information is provided to the right people.
    •    Adequate internal communication systems
    •    Appropriate external communication systems


  •  Periodic evaluations of internal control are made.
    •    Management analyzes and communicates known deficiencies and responds appropriately to risks related to those deficiencies.

How can LehmanBrown support with Internal Control Services?

LehmanBrown’s advisory takes a hands-on role in helping to establish or strengthen internal controls. We ensure that assets are safeguarded, bolster the reliability and integrity of financial information, create, build upon and maintain compliance, promote efficient and effective operations, and provide a mechanism for management to monitor the achievement of operational goals and objectives. We achieve this through:

  • Creating a framework of internal control based on a controlled environment (through communication, attitude and examples)
  • Risk assessment (by identifying the areas in which the greatest threat or risk of inaccuracies or loss exist.)
  • Monitoring and reviewing (By performing a periodic assessment, management assures that internal control activities have not become obsolete or lost due to turnover or other factors)
  • Information and communication (clear communication and information is paramount to a good internal control system)

For more information on LehmanBrown’s China Internal Control Services, please contact us at enquiries@lehmanbrown.com


Contact Us