This sample report assists in documenting a management’s assessment of the Committee of Sponsoring Organizations (COSO) internal control components – control environment, risk assessment, control activities, information and communication and monitoring – at the entity-level. It reports the results of the survey and work performed to assess the effectiveness of each COSO component.
The procedures used to evaluate the effectiveness of internal controls at the entity-level are as follows:
- Conduct an entity-level survey of top management to assess their views on the entity-level controls
- Review documentation of entity-level controls as they exist (for instance, review the current code of conduct, audit committee charter and similar documentation for each COSO component)
- Review entity-level information technology controls
- Assess control effectiveness at the entity-level and make recommendations for improvement as appropriate
- Consider the impact on process-level controls