Launch offer — 25% off with code LAUNCH-25 See plans →
Try now → N
📚 Learn/ Paper 5 — Auditing & Ethics/ Core Audit Concepts
Microlesson · 5-min read

Components of Internal Control — Control Environment

## Components of Internal Control — Overview

IC consists of five interrelated components:

#Component
1Control Environment ← this lesson
2Entity's Risk Assessment Process
3Information System & Communication
4Control Activities
5Monitoring of Controls

---

## Component 1: Control Environment

The control environment is the foundation for all other components. It reflects the tone at the top.

### Auditor's Evaluation

The auditor evaluates whether:

1. Management has created and maintained a culture of honesty and ethical behaviour

2. The strengths in control environment elements collectively provide an appropriate foundation for the other components

### Seven Elements of the Control Environment

ElementWhat It Covers
Communication & enforcement of integrity and ethical valuesCode of conduct; tone at the top
Commitment to competenceHiring, training, and retaining capable staff
Participation by TCWGBoard/audit committee oversight and engagement
Management's philosophy and operating styleRisk appetite; attitude toward financial reporting
Organizational structureClear lines of authority and responsibility
Assignment of authority and responsibilityDelegation and accountability policies
Human resource policies and practicesRecruitment, appraisal, promotion, compensation

> Mnemonic: C-C-P-M-O-A-HCan Competent People Manage Our Audit Honestly?

Worked example

### Example 1

Weak control environment signal: During audit of Sunrise Ltd., the auditor finds the CEO has repeatedly approved expenses violating the travel policy without any consequence. This indicates weak enforcement of integrity and ethical values — one of the 7 elements. The auditor raises the overall assessed ROMM for the engagement, since a weak tone at the top pervades all IC components.

### Example 2

Strong control environment: An auditor notes that ABC Co. has: (a) a code of conduct signed annually by all employees, (b) an active audit committee that meets privately with external auditors quarterly, (c) a zero-tolerance fraud policy with documented enforcement cases. These indicators across multiple elements (ethics, TCWG participation, HR practices) suggest a strong control environment — potentially allowing the auditor to plan less extensive substantive procedures.

⚠️ Common exam mistakes

  • Treating control environment as just 'tone at the top' — there are 7 specific elements; HR policies, organizational structure, and TCWG participation are commonly missed in exam answers
  • Confusing the control environment (the foundation/culture component) with control activities (the policies and procedures component) — these are two separate components
  • Stating that a strong control environment eliminates the need for testing other components — the control environment only provides the foundation; the auditor must still understand and evaluate all five components
Reference:
← Previous
Components of Internal Control
Next →
Components of Internal Control
Now that you've read this — what's next?
Move from understanding → mastery in 3 clicks. Each option below picks up from this lesson's topic.
🔥 Drill 5 Qs on this → ✍️ Adaptive practice →
Start 15-min diagnostic