The impact of COSO control components on internal control effectiveness: An internal audit perspective

Abstract

Boards of directors have the ultimate responsibility for governance – including internal control – in their organisations. Management is tasked with the design, implementation and maintenance of internal control systems. Internal auditors play a key role in independently evaluating these controls, acting as agents on behalf of the board of directors in order to mitigate the possibility of management not acting in the best interest of the organization, leaving gaps in the internal control system, and, in some instances, doing so in order to enable unlawful personal gain. The Committee of Sponsoring Organisations’ Integrated Framework for Internal Control (hereafter referred to as the COSO framework) is used as a recognised framework, which, if implemented, could result in an effective internal control system and served as the basis for the design of the research instrument of the research. The questionnaire was distributed to internal audit practitioners. Responses were obtained from 31 participants from the Eastern Cape and Western Cape regions in South Africa. The majority of the participants provide internal audit services to the local government sphere of the South African government. This article identifies which characteristics should exist in an organization’s control system that, in the opinion of internal auditors, improve the effectiveness of the internal control system. This study concludes that internal auditors are of the opinion that control characteristics as outlined in the COSO framework for ‘risk assessment’, ‘information and communication’, ‘control activities’ and ‘monitoring’ components of internal control, do contribute to an effective internal control system.