COSO

Question 1

The organization 
selects and develops
control activities that 
contribute to the
mitigation of risks to
the achievement of
objectives to
acceptable levels.

Answer 1

Control Activities

Question 2

The organization 
selects and develops 
general control
activities over
technology
to support the
achievement of
objectives.

Answer 2

Control Activities

Question 3

The organization
deploys control
activities through 
policies that establish 
what is expected
and procedures
that put policies
into action

Answer 3

Control Activities

Question 4

The organization 
demonstrates a
commitment to
integrity and ethical 
values.

Answer 4

Control Environment

Question 5

The board of directors 
demonstrates
independence from 
management and
exercises oversight of 
the development and
performance of internal 
control.

Answer 5

Control Environment

Question 6

Management
establishes, with board
oversight, structures, 
reporting lines, and
appropriate authorities 
and responsibilities
in the pursuit of
objectives.

Answer 6

Control Environment

Question 7

The organization 
demonstrates a
commitment to attract, 
develop, and retain
competent individuals 
in alignment with
objectives.

Answer 7

Control Environment

Question 8

The organization holds 
individuals
accountable for their 
internal control
responsibilities in the 
pursuit of objectives.

Answer 8

Control Environment

Question 9

The organization
specifies objectives 
with sufficient clarity
to enable the
identification and 
assessment of risks 
relating to objectives

Answer 9

Risk Assessment

Question 10

The organization
identifies risks to the
achievement of its 
objectives across the
entity and analyzes 
risks as a basis for
determining how
the risks should be 
managed.

Answer 10

Risk Assessment

Question 11

The organization
considers the potential 
for fraud in assessing 
risks to the
achievement of
objectives

Answer 11

Risk Assessment

Question 12

The organization
identifies and assesses
changes that could 
significantly affect
the system of
internal control.

Answer 12

Risk Assessment

Question 13

The organization 
obtains or generates 
and uses relevant, 
quality information
to support the
functioning of internal 
control.

Answer 13

Information &

Communication

Question 14

The organization 
internally communicates
information, including 
objectives and
responsibilities for 
internal control,
necessary to support 
the functioning of
internal control.

Answer 14

Information &

Communication

Question 15

The organization 
communicates with
external parties
regarding matters 
affecting the
functioning of
internal control.

Answer 15

Information &

Communication

Question 16

The organization 
selects, develops, 
and performs
ongoing and/or 
separate evaluations 
to ascertain whether 
the components
of internal control
are present
and functioning.

Answer 16

Monitoring

Activities

Question 17

The organization 
evaluates and
communicates 
internal control 
deficiencies
in a timely manner
to those parties
responsible for 
taking corrective 
action, including 
senior management 
and the board
of directors, as
appropriate

Answer 17

Monitoring

Activities