COSO Framework
Risk Assessment (4) - ✔️✔️6. the organization specifies objectives with sufficient
clarity to enable the identification and assessment of risks relating to objectives
7. identifies risks to the achievement of its objectives across the entity and analyzes
risks as a basis for determining how the risks should be managed
8. considers the potential for fraud in assessing risks to the achievement of objectives
9. the organization identifies and assess changes that could significantly impact the
system of internal control
Control Activities - ✔️✔️the actions established by policies and procedures to help
ensure that management directives to mitigate risks to the achievement of objectives
are carried out; they are performed at all levels of the entity and at various stages within
business processes, and over the technology environment
Monitoring of Controls - ✔️✔️Ongoing evaluations, separate evaluations or some
combination are used to ascertain whether each of the five components of internal
control, including controls to effect the principles within each component, are present
and functioning; findings are evaluated and deficiencies are communicated in a timely
manner with serious matters reported to senior management and the board
Control Environment (5) - ✔️✔️1.the organization demonstrates a commitment to
integrity and ethical values
2. the BOD demonstrates independence from management and exercises oversight of
the development and performance of internal control
3. management establishes structures, reporting lines, and appropriate authorities and
responsibilities in the pursuit of objectives
4. demonstrates a commitment to attract, develop, and retain competent individuals in
alignment with objectives
5. organization holds individuals accountable for their internal control responsibilities in
the pursuit of objectives
Control Environment - ✔️✔️the set of standards, processes, and structures that
provide the basis for carrying out internal control across the organization; the Board of
Directors and senior management establish the tone at the top regarding the
importance of internal control and expected standards of conduct
Entity's Risk Assessment Process - ✔️✔️involves a dynamic and iterative process for
identifying and analyzing risks to achieving the entity's objectives, thereby forming a
basis for determining how risks should be managed
Risk Assessment (4) - ✔️✔️6. the organization specifies objectives with sufficient
clarity to enable the identification and assessment of risks relating to objectives
7. identifies risks to the achievement of its objectives across the entity and analyzes
risks as a basis for determining how the risks should be managed
8. considers the potential for fraud in assessing risks to the achievement of objectives
9. the organization identifies and assess changes that could significantly impact the
system of internal control
Control Activities - ✔️✔️the actions established by policies and procedures to help
ensure that management directives to mitigate risks to the achievement of objectives
are carried out; they are performed at all levels of the entity and at various stages within
business processes, and over the technology environment
Monitoring of Controls - ✔️✔️Ongoing evaluations, separate evaluations or some
combination are used to ascertain whether each of the five components of internal
control, including controls to effect the principles within each component, are present
and functioning; findings are evaluated and deficiencies are communicated in a timely
manner with serious matters reported to senior management and the board
Control Environment (5) - ✔️✔️1.the organization demonstrates a commitment to
integrity and ethical values
2. the BOD demonstrates independence from management and exercises oversight of
the development and performance of internal control
3. management establishes structures, reporting lines, and appropriate authorities and
responsibilities in the pursuit of objectives
4. demonstrates a commitment to attract, develop, and retain competent individuals in
alignment with objectives
5. organization holds individuals accountable for their internal control responsibilities in
the pursuit of objectives
Control Environment - ✔️✔️the set of standards, processes, and structures that
provide the basis for carrying out internal control across the organization; the Board of
Directors and senior management establish the tone at the top regarding the
importance of internal control and expected standards of conduct
Entity's Risk Assessment Process - ✔️✔️involves a dynamic and iterative process for
identifying and analyzing risks to achieving the entity's objectives, thereby forming a
basis for determining how risks should be managed
