the control environment
397
Features of the control environment
There are significant differences between COSO and CoCo, as well as several key 
similarities. CoCo has a broader approach to the control environment than is set
out in COSO. To give two examples of the broader approach in CoCo, it recognizes 
that controls are required in the setting of objectives, strategic planning and correc-
tive actions; it also recognizes that the control environment of an organization is 
important when making decisions.
When undertaking an evaluation of the control environment using the structure 
of CoCo, a company may discover that good scores were obtained for the pur-
pose, commitment and capability of the organization. However, the score for the 
monitoring and learning component may not be good enough. This information
TAbLE 
33.2
Components of the CoCo framework
Purpose
Objectives should be established and communicated.
Significant internal and external risks should be identified and assessed.
Policies should be established, communicated and practised.
Plans should be established and communicated.
Plans should include measurable performance targets and indicators.
Commitment
Shared ethical values should be established, communicated and practised.
HR policies should be consistent with ethical values.
Authority, responsibility and accountability should be clearly defined.
Mutual trust should be fostered to support the flow of information.
Capability
People should have the necessary knowledge, skills and tools.
Communication processes should support the values of the organization.
Sufficient and relevant information should be identified and communicated.
Decisions and actions within the organization should be co-ordinated.
Control activities should be designed as an integral part of the organization.

Download 3.45 Mb.

Do'stlaringiz bilan baham: