Internal control is broadly defined as a process, effected by an entity’s board of directors, management,
            and other personnel, designed to provide reasonable assurance regarding the achievement of objectives
            in the following categories:

            1.  Effectiveness and efficiency of operations
            2.  Reliability of financial reporting
                                                              15
            3.  Compliance with applicable laws and regulations
            Internal control is divided into five elements, across the COSO three-way definition, and across the
            business units or activities of the entity (see exhibit 3-5).

            The control environment element is the set of control activities, structures, and standards that
            establishes the tone for internal control across the organization. Control environment includes the
            following factors:


              Communication
              Enforcement of integrity and ethical values (for example, ethics or fraud policy)
              Competency of employees
              Management philosophy and style
              Assigning authority and responsibility
              Organizational structure
              Professional development of employees
              BoD involvement

            The control environment is associated with the element of ITGC by the same name. The COSO details of
            this element potentially can be used to develop audit procedures or benchmarks for the CITP in
            evaluating controls at the entity level.

































            15
              See www.coso.org/Pages/erm.aspx, accessed August 15, 2019.

            © 2019 Association of International Certified Professional Accountants. All rights reserved.    3-22