THE CONTROL ENVIRONMENT sets the overall tone of the entity. It influences the control consciousness of the people within the organization and is the foundation for all other components of internal control. Various writings have stated the critical importance of this component in the overall Framework. Indeed, it holds a trump card role in the overall assessment, as it is difficult to imagine an effective system of internal control with a defective control environment. Management override of controls, a common element in many frauds, shows how controls over transactions and policies and procedures can be defeated by the willful action of executives and senior management. Additional tools have been encouraged to mitigate allowing such actions to go unnoticed or unchallenged; these include the antifraud controls of hotline reporting and the implementation of whistleblowing laws meant to protect employees who report issues.

While a superior control environment may go a long way toward an assessment of effective controls, it cannot carry the weight of the whole assessment, as all the various components need to be working in an integrated fashion to be able to conclude the controls over financial reporting are effective. In addition, the principles in this component ask for subjective judgments, reducing the precision with which these assessments are made.

Following is a discussion of the principles highlighted in the revised Framework that contribute ...