COSO Internal Control Components: Monitoring Activities
ONGOING EVALUATIONS OR A COMBINATION of separate evaluations should be used to ascertain whether each of the components of internal controls discussed in the preceding chapters is present and functioning. Enterprise management should monitor these control activities and also consider the information and communication procedures needed to make those internal controls operate effectively. Well-planned and well-designed internal control systems and processes may work as planned, but people may forget or bypass these established system internal controls, and if so, they need to be monitored with corrective actions applied to adjusting these exceptions as needed. Monitoring is a key objective in the revised COSO internal control and framework. In the original version of the COSO internal controls, as shown in Exhibit 3.1, it appeared at the top level or peak of the COSO pyramid. The revised framework, as shown in Exhibit 3.2, now places monitoring solidly at the base, beneath the other components.
Despite its position in the COSO internal control diagram, monitoring is a key element in the COSO internal control framework, and senior management needs to recognize that unmonitored controls tend to deteriorate over time. Monitoring, as defined in the COSO framework, is implemented to help ensure that internal control processes continue to operate effectively. When monitoring is designed and implemented appropriately, an ...