The Office of Internal Audit uses the COSO methodology when conducting audits. The Committee of Sponsoring Organizations of the Treadway Commission (COSO) was originally formed in 1985 to study contributing factors leading to fraudulent financial reporting. This commission developed recommendations for public companies, internal audit departments, and educational institutions.
The COSO methodology used when conducting audits relies on a “big-picture” theory in concert with reporting individual exceptions. If exceptions to a process are noted during an audit, using the COSO methodology, these exceptions are studied to determine a root cause of the exception within a larger process. Although stand-alone exceptions are reported to management, using the COSO methodology, all exceptions are studied at a higher level to determine if weaknesses or risk areas with inadequate mitigating controls are present. These risks can lead to other deficiencies possibly producing a severe negative impact.
There are five components of the COSO auditing framework:
- Control Environment
- Risk Assessment
- Control Activities
- Information and Communication
Control Environment is the most important component in the COSO-based audit framework. Control environment is defined by the “tone at the top,” how management at Monmouth University incorporates risk-awareness and control activities into the daily work routines in their areas.
During the course of an audit, the control environment is assessed through discussions with administrative management and employees. Adequate training, written policies and procedures, and the area’s general control structure are components of the control environment evaluation.
By maintaining a positive attitude toward internal controls and compliance with University, state, and federal requirements, management sets the tone for the entire area. Control environment also encompasses the culture, ethical values, teamwork, morale, and development of administrative employees.