Page 193 - COSO Guidance Book
P. 193

The control environment is the set of standards, processes, and structures that underpin internal control
            across the organization. It is the foundation for the other components of internal control. It sets the tone
            of the organization. It is pervasive. A weakness in the control environment might negate the effectiveness
            of the other components of internal control.

            The risk assessment process is concerned with the identification, analysis, and response to the risk of
            material misstatement in the financial statements. Risk assessment focuses on the objectives of the
            entity and the risks to achieving those objectives.
            Control activities are actions established by policies and procedures. Control activities help to carry out
            management’s directives that mitigate the risks to the predefined objectives of the entity. Control
            activities can be performed across all levels of the entity.

            Information and communication are crucial to successfully achieving an entity’s objectives. Information is
            necessary for the entity to carry out internal control responsibilities. Communication can be external or
            internal and provides the entity with the information it needs to enable its system of internal control.

            Monitoring activities are performed by numerous individuals. Management, the board of directors, and
            internal auditors exemplify those involved in the monitoring function. Management is responsible for
            monitoring controls, which have been identified and designed to prevent or detect material
            misstatements in the accounts and disclosures and related assertions contained in the financial
            statements.

            There is a sequential ordering of these components of internal control. The foundation of internal control,
            the control environment, is pervasive to all components of internal control. The risk assessment process
            requires that barriers to achieving the objective (for example, the goal of reliable financial reporting) be
            identified. Control activities help ensure that these risks will be prevented or detected and corrected in a
            timely manner. Information and communication allow communication to management and others who
            will take action on information concerning the internal control system. Finally, monitoring provides
            assurance that the internal control system will continue to operate as designed.




            Knowledge check


            1.  What is the control environment referred to in the framework?
                   a.  A set of standards, processes, and structures that provides the basis for carrying out internal
                       control.
                   b.  A process concerned with the identification, analysis, and response to risk.
                   c.  A process that helps to carry out the management directives to mitigate the risks to the
                       predefined objectives of the entity.
                   d.  An internal or external means used to provide the entity with the information it needs to
                       enable its system of internal control.








            © 2020 Association of International Certified Professional Accountants. All rights reserved.    2-5
   188   189   190   191   192   193   194   195   196   197   198