Page 202 - COSO Guidance Book
P. 202

Paragraph .A78 of AU-C section 315 notes that the control environment within smaller entities is likely to
            differ from that in larger entities. For example, those charged with governance in smaller entities may not
            include an independent or outside member, and the role of governance may be undertaken directly by the
            owner-manager when no other owners exist. The nature of the control environment also may influence
            the significance of other controls or their absence. For example, the active involvement of an owner-
            manager may mitigate certain risks arising from a lack of segregation of duties in a small entity; however,
            it may increase other risks (for example, the risk of override of controls). In addition, audit evidence for
            elements of the control environment in smaller entities may not be available in documentary form, in
            particular when communication between management and other personnel may be informal, yet
            effective. For example, smaller entities might not have a written code of conduct but, instead, develop a
            culture that emphasizes the importance of integrity and ethical behavior through oral communication
            and by management example. Consequently, the attitudes, awareness, and actions of management or
            the owner-manager are of particular importance to the auditor’s understanding of a smaller entity’s
                                3
            control environment.
            The framework’s principles and associated points of focus for the control environment component of
            internal control are discussed in detail in the following material. Examples have been provided to
            illustrate select points of focus in the discussion to follow.




            Control environment principle 1: Demonstrates commitment to

            integrity and ethical values

            The first principle of the control environment: “The organization demonstrates a commitment to integrity
            and ethical values.”

            The framework provides the following four points of focus that relate to the integrity and ethical values
            principle:

              Point of focus — Sets the tone at the top

               The board of directors and management at all levels of the entity demonstrate through their
               directives, actions, and behavior the importance of integrity and ethical values to support the
               functioning of the system of internal control.

               The framework states that the tone at the top and throughout the organization is fundamental to the
               functioning of an internal control system. Without a strong tone at the top to support a strong culture
               of internal control, awareness of risk can be undermined, responses to risks may be inappropriate,
               control activities may be ill-defined or not followed, information and communication may falter, and
               feedback from monitoring activities may not be heard or acted on. Therefore, tone can be either an
               impetus or an obstacle to internal control.

               The framework states that tone is affected by the operating style and personal conduct of
               management and the board of directors, which send a message to the rest of the organization.


            3
              Op. cit., AU-C section 315.

            © 2020 Association of International Certified Professional Accountants. All rights reserved.    3-4
   197   198   199   200   201   202   203   204   205   206   207