## Components of Internal Control
There are 5 components:
| # | Component | Short Role |
|---|---|---|
| 1 | Control Environment | Sets the tone and foundation |
| 2 | Entity's Risk Assessment Process | How entity identifies and manages risk |
| 3 | Information System (Accounting) | How transactions are captured and reported |
| 4 | Control Activities | Policies & procedures that ensure directives are carried out |
| 5 | Monitoring of Controls | Ongoing assessment of control quality |
Memory Aid: CE-RAP-IS-CA-MC or simply think of controls as a complete cycle: Environment → Risk → Information → Activities → Monitoring.
---
## Component 1: Control Environment
### What It Is
The Control Environment sets the tone of the organization and influences the control consciousness of its people. It is the foundation for all other internal control components.
### Auditor's Duty
The auditor must:
- Understand the control environment
- Evaluate whether management has created and maintained a culture of honesty and ethical behaviour
### 7 Elements of Control Environment
1. Communication & Enforcement of Integrity and Ethical Values
- Entity must have proper policies to enforce integrity and communicate values
- Critical principle: Effectiveness of controls cannot rise above the integrity and ethical values of those who created and monitor them
2. Commitment to Competence
- Management considers the competence level required for specific jobs
- How competence is translated into required skills and knowledge
3. Participation by TCWG
Key attributes to assess:
- Independence from management
- Experience of TCWG members
- Extent of their involvement
- Scrutiny of key activities
4. Management's Philosophy and Operating Style
- Management's attitude and actions toward financial reporting
- Approach to selecting accounting policies and accounting estimates
5. Organisational Structure
- Considering key areas of authority and responsibility
- Establishing appropriate lines of reporting
- Depends on size and nature of activities of the entity
6. Human Resources Policies and Procedures
Relating to: Recruitment → Orientation → Training → Evaluation → Promotion → Compensation
7. Assignment of Authority and Responsibility
- How authority and responsibility for operational activities are assigned
- How reporting relationships and authorization hierarchies are established
Memory Aid for 7 elements: CCMPOH-A
C-Communication, C-Competence, M-Management style, P-Participation by TCWG, O-Org structure, H-HR policies, A-Authority assignment
---
### Critical Exam Notes on Control Environment
| Statement | True/False |
|---|---|
| Satisfactory control environment is a positive factor when assessing ROMM | True |
| Control environment provides 100% protection against fraud | False — not absolute |
| Deficiency in control environment undermines effectiveness of other controls | True |
| Control environment by itself can prevent or detect material misstatement | False — it only influences auditor's evaluation |
| A good control environment may influence assessment of other controls and ROMM | True |