Auditing the Control Environment
The IIA has just released guidance on this critical area (by way of full disclosure, I was on the development team). By the way, the term “Control Environment” refers to the COSO Internal Control Framework layer, not the entire system of internal control.
Members can obtain a copy at http://www.theiia.org/download.cfm?file=63005.
I am interested in hearing your views:
- Do you agree with the description of the importance of the Control Environment?
- Is the guidance useful with respect to determining what to include in the audit plan?
- Is the guidance on how to audit the Control Environment useful?
- On a scale of 0 (useless) to 5 (brilliant), how would you rate it?