The first of the five objectives is control environment and it sets the tone for the implementation and operation of all other components of internal control. It begins with the ethical commitment of senior management, oversight by those in governance, and a commitment to competent employees. The five principles of the control environment object are as follows:
Principle 1: Commitment to integrity and ethical values.
Principle 2: Board independence and oversight.
Principle 3: Structures, reporting lines, authority and responsibility.
Principle 4: Attracting, developing and retaining competent individuals.
Principle 5: individuals held accountable.
Discussion. Both Board of Directors’ independence and Compliance Committee (or other applicable committee) oversight are essential to this objective because the committee needs to be actively engaged to be comfortable that the company has implemented the internal controls under SOX 404(a); as required under Principles 1 and 2.
Under Principle 3, structures in reporting lines, authority and responsibility are essential to the recognition of revenue. Under Principle 4, a business must attract and develop, then retaining competent talent. This ties into Principle 5, which mandates individuals being held responsible. This requires someone to document that they have made a judgment based upon the evidence that they have been able to accumulate, that the company has analyzed that evidence and has gone through the process of comparing this to the COSO 2013 Internal Controls Framework and to the spirit of the standard.
Three key takeaways:
- What controls do you have in place to measure conduct at the top?
- Reporting lines must be clear and functioning.
- You must provide the right personnel with the right resources.