Professional Documents
Culture Documents
Consideration of Internal Control Questions
Consideration of Internal Control Questions
Kindly discuss your learning about the COSO internal control framework based on the lecture. *
10 points
The COSO Internal Control Framework focuses on five integrated components including the
Control Environment, Risk Assessment, Control Activities, Information & Communication, and
Monitoring Activities, which are not only applied on the top level management but all the
members of the organization such as the entity level, division level, operating unit, and function
unit. The COSO framework also classifies internal control objectives intro three groups namely
operations, reporting and compliance.
The Control Environment is the foundation of internal control, providing discipline and
structure that can be seen in the entity's and members' working environments. It refers to
management's and those in charge of governance's attitudes, awareness, and actions about the
entity's internal control and its significance. All other controls suffer in the absence of a good
control environment. Integrity and ethical values, management philosophy and opening style,
active participation of those charged with governance, commitment to competence, personnel
policies and procedures, and assignment of responsibility and authority or organizational
structure are all factors reflected in the control environment.
Every entity, regardless of size, structure, nature, or sector, faces risks at every level of their
organization. As a result, management must pay close attention to risks at all levels of the
organization and take the appropriate steps to control them. Risk Assessment involves the
organization’s analysis of the risks posed by internal and external changes, the ability to
establish objectives and determine their suitability for your business and the process for
weighing risks versus risk tolerances. All entities, regardless of size, structure, nature or
industry, encounter risks at all levels within their organizations.
Control activities are the policies and procedures that help ensure that management directives
are carried out. Control procedures relevant to financial statement audit are performance
reviews, information processing, physical controls and segregation of duties. Wherein in
performance reviews, an example would be a review the actual performance versus budgets,
forecasts and prior period performance, together with analyses of the relationships and
investigative and corrective actions. Information processing is done to check accuracy,
completeness, and authorization of transactions. Physical controls encompass the physical
security of assets, for example vaults, anti-theft sensor for clothes, password, and a CCTV
camera, whereas these can be classified into preventive, corrective and detective function of
controls. Lastly control activities would be the segregation of duties; as an external auditor, we
should be aware that various persons are in charge of asset handling, bookkeeping, and the
comparison or authorization of transactions.
Control Environment
Operations
Reporting
Compliance
Risk Assessment
Control Activities
Monitoring Activities
Entity Level
Division
Operating Unit
Function
The COSO Internal Control Framework focuses on the following integrated components such
as the Control Environment, Risk Assessment, Control Activities, Information & Communication,
and Monitoring Activities, which are applied to all members of the organization, including
entity, division, operating unit, and function unit. Internal control goals are divided into three
categories in the COSO framework including operations, reporting, and compliance.
The Control Environment is the foundation of internal control, providing discipline and
structure that can be seen in the entity's and members' working environments. It refers to
management's and those in charge of governance's attitudes, awareness, and actions about the
entity's internal control and its significance. All other controls suffer in the absence of a good
control environment. Integrity and ethical values, management philosophy and opening style,
active participation of those charged with governance, commitment to competence, personnel
policies and procedures, and assignment of responsibility and authority or organizational
structure are all factors reflected in the control environment.
Every company, regardless of size, nature, structure, or sector, faces risks at all stages of its
operations. As a result, management must keep a keen eye on risks at all levels of the
organization and take the appropriate actions to reduce them. The ability to create targets and
determine their feasibility for your business, as well as the technique for comparing risks with
risk tolerances, are all part of risk assessment. For information and communication, employers
must interact with workers and vice versa within a time period that allows them to carry out
their duties because effective internal control must give timely information and communication
that helps guarantee that exceptions are reported and acted on.
Control activities are the rules and processes that aid in the implementation of management
instructions. Performance evaluations, information processing, physical controls, and
segregation of duties are all control techniques pertinent to financial statement auditing. In
performance reviews, for example, a review of actual performance versus budgets, predictions,
and past period performance, as well as analysis of the relationships and investigative and
corrective activities, would be an example. The processing of information is done to ensure the
correctness, completeness, and authorization of transactions. Physical controls include the
physical protection of assets, such as vaults, anti-theft sensors for clothing, passwords, and
CCTV cameras, which can be categorized as preventive, corrective, or detective functions of
controls. And lastly for control activities would be the segregation of duties; as an external
auditor, we should be aware that various persons are in charge of asset handling, bookkeeping,
and the comparison or authorization of transactions.
Monitoring is the practice of evaluating the quality of internal performance over time. On-going
monitoring activities, separate evaluations, or a mix of the two are used to achieve this. On-
going monitoring includes regular operations such as bank reconciliation, whereas separate
evaluation is when internal audit functions are performed.
Discuss the relationship of the internal auditors and the external auditors. * 5 points
A healthy working relationship between the internal and external auditors, where information
is shared freely, is the best environment to create and provide the most value to the company
Internal auditor and external auditor have complementary functions within the assurance
framework and both are essential for the effective governance of an organization. However,
internal audit is distinct from external audit and both functions have their own value and
expertise. They perform very different roles but both need to be independent, objective,
properly resourced and to work according to their respective international standards.
Despite the need to preserve their independence and objectivity, internal and external audit
should maintain a close, constructive relationship. This is to ensure their work is coordinated
and there is an efficient use of resources.
Within the assurance framework, the roles of internal and external auditors are
complimentary, and both are necessary for a firm's good corporate governance. Internal
audit, on the other hand, is unique from external audit, and each role has its own value and
competence. They have quite distinct responsibilities to play, but they both need to be
independent, objective, well-resourced, and operate according to their respective
standards. However, the internal and external auditors should retain a healthy,
constructive relationship, despite the requirement to protect their independence and
objectivity. Internal and external auditors should make use of effective communication and
planning to become more involved at work, raise team morale, advance their careers, and
add more value to the organization or firm. This will guarantee that their work is well-
coordinated and that resources are used efficiently and effectively.
This will guarantee that their work is well-coordinated and that resources are used efficiently and
effectively.
Effective communication and planning of external and internal auditors ensure that audit
resources are allocated to the organization's most high-risk areas.
Internal and external auditors should both make use of the healthy interaction to become more
involved at work, raise team morale, advance their careers, and add more value to the
organization or firm. This will guarantee that their work is well-coordinated and that resources
are used efficiently and effectively.
Both internal and external auditors should take advantage of the harmonious relationship to make
them more engaged with work, elevate the team morale, improve career potential, and attain the
best interests of the organization they serve.