Ask Joey ™ a Question

What are control activities?

Control activities are one of the key components of the COSO internal control framework. Control activities are actions (generally described in policies, procedures, and standards) that help management mitigate risks in order to ensure the achievement of objectives. Control activities may be preventive or detective in nature and may be performed at all levels of the organization. The policies and procedures implemented to ensure actions are taken towards completing the company’s objectives. 

Select and Develop Control Activities – The organization selects and develops various control activities that help mitigate the risk of internal controls not operating adequately

Select and Develop Technology Controls – The organization selects adequate controls in order to function properly

Disposition of Policies and Procedures – The organization deploys policies that help establish expectations.

The visual below shows specific control activities that should exist in an organization:


You might also be interested in...

  • What are the key components of the COSO internal control framework?

    Just remember it would be a CRIME to forget the 5 components. The 5 components of the COSO internal control framework include control environment, risk assessment, information & communication, monitoring, and existing control activities.

  • What is the monitoring component of the COSO internal control framework?

    Monitoring is one of the key components of the COSO internal control framework. Monitoring activities are periodic or ongoing evaluations to verify that each of the five components of internal control, including the controls that affect the principles within each component, are present and functioning. Monitoring is managements monitoring of the company’s data and its […]

  • What is the risk assessment component of COSO?

    Risk assessment is one of the key components of the COSO internal control framework. It addresses how the organization assesses risk and identifies threats the organization. There are four key principles in risk assessment: Identify and Assess Changes – The assessment of changes in the external environment as well as in leadership roles. Changes in […]