[1] The control environment is the set of standards, processes, and structures that provide the basis for carrying out internal control across the organization. The board of directors and senior management establish the tone at the top regarding the importance of internal control including expected standards of conduct. Management reinforces expectations at the various levels of the organization. The control environment comprises the integrity and ethical values of the organization; the parameters enabling the board of directors to carry out its governance oversight responsibilities; the organizational structure and assignment of authority and responsibility; the process for attracting, developing, and retaining competent individuals; and the rigor around performance measures, incentives, and rewards to drive accountability for performance. The resulting control environment has a pervasive impact on the overall system of internal control.
1 Committee of Sponsoring Organizations of the Treadway Commission (COSO), Internal Control – Integrated Framework (Executive Summary, May 2013) , pg. 4.
Principles
1. Demonstrate a commitment to integrity and ethical values
2. Implement oversight responsibility
3. Establish structure, reporting lines, authority, and responsibility
4. Demonstrate commitment to development and competence
5. Enforcing accountability