Control Activities – Internal controlのComponent

Internal control (内部統制) の国際的な標準フレームワークが COSO の Framework 。

COSO は、その Framework において、5つの Internal control の Components を定めている。

  1. Control Environment
  2. Risk Assessment
  3. Control Activities
  4. Information and Communication
  5. Monitoring

今回は、Control activities (統制活動) のまとめ。Objective の Risk に対処する Policies と Procedures 。


・Internal control の Risk を Acceptable level にまで下げるために、Control activities の Selection や Development を行う


Internal control の The achievement of objective の Risk に Address するために、Policies と Procedures を Establish し、Control activities を Develop する。

3つの Principles

COSO の Framework では、Internal control について 17 の Principles をもうけている。

そのうちの、10~12が Control activities の Principles となっている。

  • The organization selects and develops control activities that contribute to the mitigation of risks to the achievement of objectives to acceptable levels.
  • The organization selects and develops general control activities over technology to support the achievement of objectives.
  • The organization deploys control activities through policies that establish what is expected and procedures that put policies into action.

10. Selection and development of control activities

Internal control の The achievement of objective の Risk を、 Acceptable levels に下げるために、Control activities の Selection Development を行う。

  • Risk assessment との Integrate
  • Entity specific factors を Consider
  • Relevant business processes を Determine
  • Control activity types の Mix を Evaluate
  • Activity level を Consider
  • Segregation of duty の Address

11. Selection and development of general control over technology

Internal control の The achievement of objective を Support する Technology の General control activities の Selection と Development を行う。

  • Technology の General control と Business process での利用との Dependency を Determine
  • Technology infrastructure に関する Control activities を Establish
  • Security management process に関する Control activities を Establish
  • Relevant technology の Acquisition、Development、Maintenance process に関する Control activities を Establish

12. Development through policies and procedures

Policies と Procedures を通じて Control activities の Deployment(配備) を行う。

  • Management の Directives を Deploy させるために Policies と Procedures を Establish
  • Policies と Procedures を Execute させるために Responsibility と Accountability を Establish
  • Timely manner に Perform
  • Corrective action
  • Competent personnel による Perform
  • Policies と Procedures を Reassess

Control activities の Examples

主な Control activities

  • Supervisory controls
  • Physical controls
  • Verifications
  • Segregation of duties
  • Performance reviews
  • Information processing
  • Authorization and approval
  • Reconciliation

Business processes と Transactions の Routine controls が該当する。