Page 237 - COSO Guidance Book
P. 237

implementation of the segregation of duties control is not practical, then management selects and
            develops other control activities.

            Control activities serve as a mechanism for managing the achievement of an entity’s objectives and are
            very much a part of the processes by which an entity strives to achieve those objectives.

            Control activities can assist in the achievement of one or more of the entity’s operations, reporting, and
            compliance objectives. For example, an online retailer’s controls over its IT security influences the
            processing of accurate and valid consumer transactions, the safeguarding of consumers’ confidential
            credit card and other sensitive information, and the availability and security of its website. In this
            example, control activities are necessary to support the reporting (accurate and valid consumer
            transactions), compliance (safeguarding information in accordance with policies), and operations
            (availability of the website) objectives.

            The principles and associated points of focus for the control activities component of internal control are
            discussed in detail in the following material. Examples are provided to illustrate select points of focus in
            the discussion to follow.




            Knowledge check

            1.  The control activity of keeping high-value merchandise in a locked display cabinet at a retail store
               achieves which internal control objective?

                   a.  Reporting.
                   b.  Compliance.
                   c.  Operations.
                   d.  Profitability.



            Control activities principle 10: Selects and develops

            control activities

            The entity selects and develops control activities that assist in mitigating risks to the achievement of
            objectives to appropriate levels.

            The following six points of focus emphasize important characteristics relating to this principle:

              Point of focus — Integrates with risk assessment

               Control activities help ensure that risk responses that address and mitigate risks are carried out.
               Control activities are especially aligned with the risk assessment component of internal control.
               Management identifies and puts into operation actions needed to implement specific risk responses.
               Control activities are designed and placed into operation when the entity desires to reduce or share a
               particular risk. Control activities are those actions that help ensure that responses to assessed risks
               are performed correctly and within an appropriate time frame.



            © 2020 Association of International Certified Professional Accountants. All rights reserved.    5-3
   232   233   234   235   236   237   238   239   240   241   242