Auditing the Control Environment

The IIA has just released guidance on this critical area (by way of full disclosure, I was on the development team). By the way, the term “Control Environment” refers to the COSO Internal Control Framework layer, not the entire system of internal control.

Members can obtain a copy at

I am interested in hearing your views:

  1. Do you agree with the description of the importance of the Control Environment?
  2. Is the guidance useful with respect to determining what to include in the audit plan?
  3. Is the guidance on how to audit the Control Environment useful?
  4. On a scale of 0 (useless) to 5 (brilliant), how would you rate it?

Posted on May 9, 2011 by Norman Marks

Share This Article:    

  1. 1. Agree. 2 -3 actually I think company control environment is more politics related so you can tell what's going on there but you can't do anything about it: What are you going to do? fire the CEO?'s useful as a guide to review the control environment but absolutely useless if you try to audit because you can't.

Leave a Reply