4.

2 CONTROL ENVIRONMENT PRINCIPLE 1: INTEGRITY AND ETHICAL VALUES

The first principle of the COSO control environment calls for an enterprise to demonstrate a
commitment to integrity and ethical values . Enterprise history and culture often play a major role in
forming this internal control environment .

4.3 CONTROL ENVIRONMENT PRINCIPLE 2: ROLE OF THE BOARD OF DIRECTORS

The control environment is very much infl uenced by the actions of an enterprise’s board of directors
and its audit committee, with the principle “Ensure that the board exercises oversight responsibility.”
The following board of directors’ activities may assist management in determining whether this COSO
control environment principle is present and functioning.

 Establish oversight responsibilities.

 Apply relevant expertise.
 Operate independently.
 Provide oversight for the system of internal controls.

4.4 CONTROL ENVIRONMENT PRINCIPLE 3: AUTHORITY AND RESPONSIBILITY NEEDS

Management should establish, with appropriate board oversight, structures, reporting lines, and
appropriate authorities and responsibilities in the pursuit of its internal control objectives. There should
be an organizational structure in place to plan, execute, control, and periodically assess the activities of
the overall enterprise. This control environment goal is to provide for clear accountability and
information fl ows within and across the overall enterprise and all of its subunits.

4.5 CONTROL ENVIRONMENT PRINCIPLE 4: COMMITMENT TO A COMPETENT WORKFORCE

The enterprise should demonstrate a commitment to attract, develop, and retain competent individuals
in alignment with its objectives. This COSO control environment principle calls for policies and measures
that qualify stakeholders to carry out their assigned responsibilities, and it requires relevant skills and
expertise.

4.6 CONTROL ENVIRONMENT PRINCIPLE 5: HOLDING PEOPLE ACCOUNTABLE

Management and the board of directors should establish the mechanisms to communicate and hold
individuals accountable for the performance of internal control responsibilities across the organization
and implement corrective action as necessary.

4.7 RISK ASSESSMENT PRINCIPLE 6: SPECIFYING APPROPRIATE OBJECTIVES

Risk assessment, a key element in the COSO internal control framework , is defi ned here as the
possibility that an event may occur that will adversely affect the achievement of some enterprise
objective.

4.8 RISK ASSESSMENT PRINCIPLE 7: IDENTIFYING AND ANALYZING RISKS

Enterprise management with the support of internal audit should endeavor to identify all possible
internal control risks that may impact an enterprise, ranging from the larger or more signifi cant risks
down to the less major risks associated with individual projects or smaller business units.
4.9 RISK ASSESSMENT PRINCIPLE 8: EVALUATING FRAUD RISKS

A fraud risk assessment is a process that an enterprise should utilize to determine its exposure to
internal and external fraud. The assessment should review operations and controls, including policies
and procedures, to determine where gaps exist that could allow a person or group of persons to carry
out a fraud against the enterprise.

4.10 RISK ASSESSMENT PRINCIPLE 9: IDENTIFYING CHANGES AFFECTING INTERNAL CONTROLS

Risk assessment principles are of little value if an enterprise goes through an extensive analysis to
identify risks but then does essentially nothing to take action to mitigate the identifi ed risks. This really
calls for a risk response plan with the fi nal principle for COSO internal controls risk assessment.

4.11 CONTROL ACTIVITIES PRINCIPLE 10: SELECTING CONTROL ACTIVITIES THAT MITIGATE RISKS

This important COSO control activity principle states that, as part of its overall internal controls
environment, an enterprise should select and develop control activities that contribute to the mitigation
of internal control risks to the achievement of their objectives to acceptable levels.

Question

Which one is not the following board of directors’ activities may assist management in determining
whether this COSO control environment principle is present and functioning?

a) Establish oversight responsibilities.

b) Apply relevant expertise.
c) Operate dependently.
d) Provide oversight for the system of internal controls.

Indrawan Wijaya

041711333229