Menu
- 10 Marks
Question
An effective internal control system is a prerequisite for addressing risks and providing reasonable assurance that the assets of an organization are safeguarded. It also contributes to the achievement of an organization’s control objectives. In line with this, the Committee of Sponsoring Organizations (COSO) of the Treadway Commission recommended five integrated internal control components to appraise internal control systems.
Required:
Explain the FIVE (5) components of the Integrated Framework of Internal Control System recommended by COSO. (10 marks)
Answer
Component 1: Control Environment
The control environment describes a set of standards, processes, and structures that provide the basis for carrying out internal control across the organization. Key areas of interest to PEFA are:
- The personal and professional integrity and ethical values of management and staff, including a supportive attitude toward internal control consistently throughout the organization.
- Commitment to competence.
- The “tone at the top” (i.e., management’s philosophy and operating style).
- Organizational structure.
- Human resource policies and practice.
Component 2: Risk Assessment
The risk assessment forms the basis for determining how risks will be managed. A risk is defined as the possibility that an event will occur and adversely affect the achievement of organizational objectives. Key areas include:
- Risk identification.
- Risk assessment (significance and likelihood).
- Risk evaluation.
- Risk appetite assessment.
- Responses to risk (transfer, tolerance, treatment, or termination).
Component 3: Control Activities
Control activities are actions (generally described in policies, procedures, and standards) that help management mitigate risks to ensure the achievement of objectives. Control activities may be preventive or detective in nature and may be performed at all levels of the organization. Key areas include:
- Authorization and approval procedures.
- Segregation of duties (authorizing, processing, recording, reviewing).
- Controls over access to resources and records.
- Verifications.
- Reconciliations.
- Reviews of operating performance.
- Reviews of operations, processes, and activities.
- Supervision (assigning, reviewing, and approving, guidance, and training).
Component 4: Information and Communication System
Information is obtained or generated by management from both internal and external sources to support internal control components. Communication based on internal and external sources is used to disseminate important information throughout and outside of the organization, as needed to respond to and support meeting requirements and expectations. The internal communication of information throughout an organization also allows senior management to demonstrate to employees that control activities should be taken seriously.
Component 5: Monitoring
Monitoring activities are periodic or ongoing evaluations to verify that each of the five components of internal control, including the controls that affect the principles within each component, are present and functioning. Key areas include:
- Ongoing monitoring.
- Evaluations.
- Management responses.
- Tags: COSO, Internal Control, Public Sector, Risk Management
- Level: Level 2
- Uploader: Theophilus