What are the factors of a control environment?
Show
Before discussing internal control environment let’s briefly review the definition of internal control. COSO (The Committee of Sponsoring Organizations of the Treadway Commission) defines internal control as a process, effected by an entity’s board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives. More simply, internal control is:
We perform internal controls in our daily lives. For example, you lock the door when leaving the house to ensure the house is safe; you keep the important documents in a locked drawer; and you review the bills before paying to ensure you are not overcharged. Like your personal life, an organization performs internal controls routinely. For example, employees input their passwords before logging in the company system; employees submit day-off request to the supervisor for approval; and the Accounting Manager reviews bank account reconciliations. The 5 Components of Internal ControlBased on the COSO framework, internal control consists of five integrated components:
Of the five components, control environment provides the foundational basis for carrying out internal controls in an organization, because control environment sets the tone of an organization and it is the foundation for all other components of internal control, providing discipline and structure. The board of directors and management establish the control environment through policies, procedures, processes, standards and structures providing the basis for carrying out internal controls in an organization. It is important to understand an organization’s control environment. As an employee, you can understand the working environment and management philosophy through understanding of the control environment. Auditors can set out their responsibilities, identify the areas where special audit consideration may be necessary and assess the risks of misstatement in the financial statements. As an investor, understanding of control environment can help you to evaluate the risks of investing an organization. How to Evaluate an Organization's Control EnvironmentBut how do you evaluate an organization’s control environment? You first need to understand what factors are included in internal control environment. The internal control environment includes five factors.
An organization’s control environment comprises the five factors above and each of them requires careful consideration and evaluation. To help readers to obtain a better understanding of the control environment evaluation, we have prepared a Tone at the Top Evaluation Checklist for download. The checklist is fairly comprehensive and should help any organization to evaluate the “Tone at the Top.” Download Tone at the Top Evaluation Checklist Emma Zhang is an experienced audit professional, with more than six years of internal audit & Sarbanes Oxley (SOX) compliance focusing on operations, accounting, internal controls and process improvement. Competencies include operational auditing, accounting, management consulting, Sarbanes Oxley (SOX) compliance, audit planning and risk assessments, operational/financial planning and analysis, and data analysis. Emma is a resourceful, creative thinker and analytical problem solver with demonstrated ability to independently manage tasks from planning through execution in dynamic, fast-paced, and time-sensitive environments. Emma is a CPA with a CFE certificate. Emma is also a Blackline Certified Implementation Professional and helps clients to implement Blackline system. What are the five control environment principles?The five components of COSO – control environment, risk assessment, information and communication, monitoring activities, and existing control activities – are often referred to by the acronym C.R.I.M.E.
What are the 7 factors to consider in the assessment of controls?Integrity and Ethical Values.. Commitment to Competence.. Management's Philosophy and Operating Style.. Organizational Structure.. Assignment of Authority and Responsibility.. Human Resource Policies and Practices.. What factors should an auditor consider when evaluating the control environment?Control environment factors include the following:. Integrity and ethical values.. Commitment to competence.. Board of directors or audit committee participation.. Management's philosophy and operating style.. Organizational structure.. Assignment of authority and responsibility.. Human resource policies and practices.. What is an effective control environment?An effective control environment is defined as follows: An environment in which competent people understand their responsibilities, the limits of their authority, and are knowledgeable, mindful and committed to doing what is right and doing it the right way.
|