COSO – Control Environment
Control Environment is the set of standards, processes, and structures that provide the basis for carrying out internal control across the organization. The board of directors and senior management establish the tone at the top regarding the importance of internal control including expected standards of conduct.
The COSO Framework covers three (3) categories of objectives which include the Operating, Reporting and Compliance Objectives of an entity. This implies that the Framework was developed to address the effectiveness and efficiency of the entity’s operations, the financial and non-financial reporting’s reliability, timeliness, transparency or other terms as set forth by regulators, recognized standard setters or the entity’s policies, and the entity’s adherence to the laws and regulations it is subject to. I stated in the first part of this publication last week that the Framework consists of five (5) integrated components. These components assist the organization in achieving the aforementioned objectives. These five (5) components have a total of seventeen (17) principles that represent the fundamental concepts of the components to which they are associated. The principles are represent the hit point of what each component addresses.
In this part, we will look at the “Control environment” and the corresponding principles that address it.
Control Environment is the set of standards, processes, and structures that provide the basis for carrying out internal control across the organization. The board of directors and senior management establish the tone at the top regarding the importance of internal control including expected standards of conduct. Management reinforces expectations at the various levels of the organization. The control environment comprises the integrity and ethical values of the organization; the parameters enabling the board of directors to carry out its governance oversight responsibilities; the organizational structure and assignment of authority and responsibility; the process for attracting, developing, and retaining competent individuals; and the rigor around performance measures, incentives, and rewards to drive accountability for performance. The resulting control environment has a pervasive impact on the overall system of internal control.
Of all 17 principles, the Control Environment component has five (5) principles relating to it:
- The organization demonstrates a commitment to integrity and ethical values.
- The board of directors demonstrates independence from management and exercises oversight of the development and performance of internal control.
- Management establishes, with board oversight, structures, reporting lines, and appropriate authorities and responsibilities in the pursuit of objectives.
- The organization demonstrates a commitment to attract, develop, and retain competent individuals in alignment with objectives.
- The organization holds individuals accountable for their internal control responsibilities in the pursuit of objectives.
These principles in turn have approaches which serve as guides in accomplishing them. The approaches, although defined, are not meant to restrict entities application as they can introduce approaches of their own especially when not specifically addressed by the Framework.