Control structures are necessary in business to ensure that procedures are followed and goals achieved. An individual control structure reflects policies and procedures for the specific organization and takes into account such factors as the financial health of the business, compliance with external regulations and company communication. Five basic control structures help organizations identify strengths as well as pinpoint areas for improvement.


The most important control structure in any business is the overall environment. In the internal control environment, decisions reflect the priorities that business owners and senior management give to each function within the company. Controls in a highly regulated industry will be tighter than in an industry that has minimal government intervention. Whether highly formal or relaxed, the environment of a business must be well planned and communicated within the company. Large companies make environmental decisions in multiple areas, such as legal, human resources and financial departments.


An important control structure is a periodic audit. Whether performed by a department within the organization or contracted to an outside vendor, audits ensure that employees are following company policies and that procedures are appropriately set in place and understood. Some business owners hire outside audit assistance to get an objective assessment of the company.


Each business must impart information to employees.Therefore, communication is a crucial element of control structure in any organization. Training classes and/or employee handbooks are effective ways to communicate control structure. A business must decide, based on regulations and the wishes of senior management, whether training will be formal or informal. For smaller companies, however, training classes might not be feasible or necessary.


Risk assessment is an essential control structure. Legal and financial risks to a company can be catastrophic. A business needs to determine potential situations in these areas and what actions will be taken if a case develops. Risk assessment includes a periodic audit of bookkeeping as well as compliance with all legal matters and industry regulations.

Control activities

Control activities ensure the policies and procedures that might impact financial and legal risks are understood and followed. These activities are mandated by senior management to guarantee that each facet of the organization is legally and financially protected and adheres to standards and regulations. Examples of control activities include yearly budgets from all departments or a legal checkpoint for client correspondence. Control activities will vary in scope and priority depending on the individual organization and the industry in which it participates.