INTERNAL CONTROL ASSESSMENTS
Internal control is the fundamental idea that underlies the entire financial and operational structure of the organization as indicated by IBM’s Chairman of the Board and Chief Financial Officer signing this statement. 

Internal control is a process designed to assure reasonable confidence regarding the following:

• Effectiveness and efficiency of operations
• Reliability of financial reporting
• Compliance with applicable laws and regulations

Internal control assessments evaluate these 5 interrelated elements of effectiveness: 

• Control environment.  Senior management sets the tone for vision, mission, quality, ethics, goals, and controls. Daily operational control defers to the people who know the process or a product – the process owners. 
• Risk assessment.  Risk management is the fundamental objective of all managers in the next few years.  The precondition to effective risk management is identified core processes, stabilized processes, capable processes, and control of process variation. 
• Control activities.  Control activities are the people, policies, suppliers and other factors that ensure that risks are identified, monitored, and mitigated throughout the project, product, or contract lifecycle.  Controls may include approvals, authorizations, validation, verification, reconciliation, and segregation of authorities.
• Information and communication.  No information and no communication – no control.  It’s that simple. 
• Monitoring.  Internal controls systems and processes must be monitored.  It’s not enough to have a process out of control or worse that it is noncompliant with a specification or standard.  Ongoing monitoring should ensure corrective and preventive actions.