COSO Framework

It is gears to the achievement of strategies

It is a process consisting of ongoing tasks and activities

It is effected by policies and procedures

It is able to provide absolute assurance

Components, objectives, entity structure

Components, objective, reporting lines

Principles, objectives, sub-objectives

Principles, objectives, entity structure

Risk Assessment

Information and communication

Monitoring activities

Control environment

Management of the entity retains responsibility for those controls

Service provider possesses responsibility for those controls

Management and the service provider share responsibility for those controls

Management need not consider those controls in the context of the entity's overall system of internal control

Inability of management to override internal control

Inability of parties to circumvent controls through collusion

Reality that human judgment in decision making can be subject to a bias

Existence of internal events within the organization's control

Monitoring activities

Control activities

Risk assessment

Information and communication

Board of Directors (BOD)

Internal audit department

External auditor

Senior management

A wide span of control by senior management

Direct interaction with personnel

Need for formal mechanisms to communicate info relevant to operating performance

Cost of establishing an internal audit function relative to the entity's economic resources