Page 201 - COSO Guidance Book
P. 201

  Covers in detail risk oversight and the linkages between risk and performance to help allocate
               resources to support internal control in the achievement of the entity’s objectives.
              Emphasizes the need to consider internal control across the complexities in organizational structure
               resulting from different business models and the use of outsourced service providers, business
               partners, and other external partners.
              Aligns roles and responsibilities discussed in organizational structure with the information so that
               major roles are used consistently within the framework.



            Knowledge check


            1.  What does the framework do?

                   a.  Explains the linkages between the components of internal control to stress the foundational
                       aspect of the control environment.
                   b.  Condenses the discussion of governance roles in an entity due to the commonalities among
                       various entities.
                   c.  Deemphasizes the linkages between risk and performance to allocate resources to achieve
                       objectives.
                   d.  Notes that internal control need not include consideration of outsourced service providers and
                       other external parties.




            The control environment

            The framework notes that the control environment is the set of standards, processes, and structures that
            provide the basis for carrying out internal control across the organization. The board of directors (those
            charged with governance) and senior management establish the tone at the top regarding the
            importance of internal control including expected standards of conduct. Management reinforces
            expectations at the various levels of the organization. The control environment comprises the integrity
            and ethical values of the organization; the parameters enabling the board of directors (those charged
            with governance) to carry out its oversight responsibilities; the organizational structure and assignment
            of authority and responsibility; the process for attracting, developing, and retaining competent individuals;
            and the rigor around performance measures, incentives, and rewards to drive accountability for
            performance. The resulting control environment has a pervasive impact on the overall system of internal
            control.

            The control environment is the foundation for the other components of internal control. If there is a
            weakness in the control environment, then this weakness might negate the effectiveness of other
            components of an internal control system. For example, consider a hypothetical case of an entity that
            has management who lacks integrity and ethical values. It also does not have effective oversight of
            management by those charged with governance. If this is the case, then it might be irrelevant if an
            effective control activity (control activities are a component of internal control) is in place (such as
            depositing cash daily in the bank) because management can override this control.






            © 2020 Association of International Certified Professional Accountants. All rights reserved.    3-3
   196   197   198   199   200   201   202   203   204   205   206