Today we will continue with the COSO framework and we will be looking at Control Activities which is the third of the five (5) integrated components of COSO. Under this component, we will be looking at three (3) principles of the seventeen (17) COSO principles that relates to control activities.
Control Activities: Control activities are the actions established through policies and procedures that help ensure that management’s directives to mitigate risks to the achievement of objectives are carried out. Control activities are performed at all levels of the entity, at various stages within business processes, and over the technology environment. They may be preventive or detective in nature and may encompass a range of manual and automated activities such as authorizations and approvals, verifications, reconciliations, and business performance reviews. Segregation of duties is typically built into the selection and development of control activities. Where segregation of duties is not practical, management selects and develops alternative control activities.
For the Control Activities component,
1. The organization selects and develops control activities that contribute to the mitigation of risks to the achievement of objectives to acceptable levels.
2. The organization selects and develops general control activities over technology to support the achievement of objectives.
3. The organization deploys control activities through policies that establish what is expected and in procedures that put policies into action.
The Framework recommends certain approaches to the application of these principles. It should however be noted that these approaches are not exhaustive, therefore the entity can also take steps to achieve these principles where there are no relevant approaches recommended by the Framework.