Page 108 - Rižnar, Igor, and Klemen Kavčič (ed.). 2017. Connecting Higher Education Institutions with Small and Medium-Sized Enterprises. Koper: University of Primorska Press
P. 108
Tatjana Horvat and Franko Milost
c o s o i i identifies the eight key components of internal control,
namely the control environment, setting business objectives in accor-
dance with the strategy and acceptable risk, the identification of events,
risk assessment, responding to risks, control activities, information
and communication, monitoring. In the revised field, the internal au-
ditor trials and evaluates these eight basic components of co s o ii.
The theoretical aspect of the limited ingredients that are usually
needed for a practical demonstration of the implementation of an in-
ternal audit will be presented below.
Assessment of Control and the Internal Environment
The control environment is the main platform on which the rest of the
control framework is placed (Spencer Pickett 2005, 194). ‘The internal
environment encompasses the tone of an organisation, and sets the ba-
sis for how risk is viewed and addressed by an entity’s people, includ-
ing risk management philosophy and risk appetite, integrity and eth-
ical values, and the environment in which they operate,’ (Committee
of Sponsoring Organizations of the Treadway Commission 2004, 3). It
primarily contains informal (soft) controls such as management style,
business ethics, moral values and others; some of these controls are for-
mal, such as organisational policy, the training of employees and others
(Koletnik 2007, 181). The control environment includes integrity, ethi-
cal values, philosophy and management style, method of defining pow-
ers and responsibilities, organising and developing the skills of employ-
ees (Cukon-Mavec 2006, 5–6). Assessment of the control environment
is the starting point for evaluating other components of the system of
internal controls.
Assessment of the Determination of Business Objectives
Risk management ensures that the management has implemented the
process of setting objectives and that objectives are chosen that support
the company’s mission and are consistent with the degree of acceptance
of risk (Vezjak 2011, 9).
Identifying Internal and External Events
The company’s ability to achieve the objectives affects internal and ex-
ternal events, which must be identified by the management through
the risk management process.
106
c o s o i i identifies the eight key components of internal control,
namely the control environment, setting business objectives in accor-
dance with the strategy and acceptable risk, the identification of events,
risk assessment, responding to risks, control activities, information
and communication, monitoring. In the revised field, the internal au-
ditor trials and evaluates these eight basic components of co s o ii.
The theoretical aspect of the limited ingredients that are usually
needed for a practical demonstration of the implementation of an in-
ternal audit will be presented below.
Assessment of Control and the Internal Environment
The control environment is the main platform on which the rest of the
control framework is placed (Spencer Pickett 2005, 194). ‘The internal
environment encompasses the tone of an organisation, and sets the ba-
sis for how risk is viewed and addressed by an entity’s people, includ-
ing risk management philosophy and risk appetite, integrity and eth-
ical values, and the environment in which they operate,’ (Committee
of Sponsoring Organizations of the Treadway Commission 2004, 3). It
primarily contains informal (soft) controls such as management style,
business ethics, moral values and others; some of these controls are for-
mal, such as organisational policy, the training of employees and others
(Koletnik 2007, 181). The control environment includes integrity, ethi-
cal values, philosophy and management style, method of defining pow-
ers and responsibilities, organising and developing the skills of employ-
ees (Cukon-Mavec 2006, 5–6). Assessment of the control environment
is the starting point for evaluating other components of the system of
internal controls.
Assessment of the Determination of Business Objectives
Risk management ensures that the management has implemented the
process of setting objectives and that objectives are chosen that support
the company’s mission and are consistent with the degree of acceptance
of risk (Vezjak 2011, 9).
Identifying Internal and External Events
The company’s ability to achieve the objectives affects internal and ex-
ternal events, which must be identified by the management through
the risk management process.
106