top of page
  • CCS

Internal Control Components: The Control Environment

The control environment is the foundation for effective internal control, providing discipline and structure for the entity.

It sets the tone of an organisation, influencing its people's control consciousness or awareness.

The control environment addresses the governance and management functions. It also addresses the attitudes, awareness, and actions of those charged with governance and management concerning the entity’s internal control and importance.

Note: Control-environment controls are generally pervasive in nature.

They will not directly prevent or detect and correct a material misstatement. Instead, they form an important foundation upon which all other controls will be built.







Exhibit 5.3-1 outlines the various elements of the control environment that need to be considered. Note that the importance and order (priority) of these elements will inevitably vary from entity to entity.


Control environment controls will influence the auditor’s evaluation of the effectiveness of other control activities that may address specific areas such as sales and purchase transactions.

For example, suppose management has a negative attitude toward control in general. In that case, this will undermine the effectiveness of other controls (such as sales, etc.) no matter how well they were designed.

The auditor’s evaluation of the design of the entity’s control environment would include the elements set out below.




Key Elements to Address | 需要解决的关键因素

Communication and Enforcement of Integrity and Other Ethical Values

Integrity and ethical values are essential (foundational) elements which influence the effectiveness of the design, administration, and monitoring of other controls.



Commitment to Competence

Management’s consideration of the competence levels for particular jobs and how those levels translate into requisite skills and knowledge.



Participation by Those Charged with Governance

Attributes of those charged with governance, such as

  • Their independence from management;

  • Their experience and stature;

  • The extent of their involvement and the information they receive, the scrutiny of activities; and

  • The appropriateness of their actions, including the degree to which difficult questions are raised and pursued with management, and their interaction with internal and external auditors.



  • 他们独立于管理层;

  • 他们的经验和地位;

  • 他们的参与程度和他们收到的信息,对活动的审查;以及

  • 他们行动的适当性,包括向管理层提出和追究困难问题的程度,以及他们与内部和外部审计人员的互动。

Management’s Philosophy and Operating Style

Management’s approach to taking and managing business risks and management’s attitudes and actions toward financial reporting, information processing, accounting functions, and personnel.



Organisational Structure

The framework within which an entity’s activities for achieving its objectives are planned, executed, controlled, and reviewed.



Assignment of Authority and Responsibility

How authority and responsibility for operating activities are assigned, and how reporting relationships and authorisation hierarchies are established.



Human Resources Policies and Practices

Recruitment, orientation, training, evaluating, counselling, promoting, compensating, and remedial actions.



The controls outlined above are pervasive to the entire entity and are often more subjective to evaluate than the traditional control activities (such as segregation of duties).

Therefore, the auditor will exercise professional judgment in this evaluation. Control-environment strengths can compensate for or even replace weak transactional controls in some situations.

However, control-environment weaknesses can undermine and even negate good design in other components of internal control.

For example, if a culture of honesty and ethical behaviour did not exist, the auditor would have to consider carefully what types of (additional) audit procedures would be effective in finding material misstatements in the financial statements.

In some cases, the auditor may conclude that internal control has broken down to such an extent that the only option is to withdraw.