What are control activities according to COSO?

Control activities according to the Committee of Sponsoring Organizations of the Treadway Commission (COSO) framework are essential processes that help ensure that management directives are carried out effectively. These activities include the establishment of audit trails that are documented and reliable. This means that all transactions and related activities should be recorded properly, allowing for traceability, accountability, and verification of data and processes within an organization.

The integrity of information systems is heavily dependent on reliable audit trails, as they enable organizations to track changes, identify errors or fraudulent activities, and maintain compliance with laws and regulations. Proper documentation of these trails is key in providing assurance regarding the accuracy and completeness of financial reporting and operational efficiencies.

In contrast, other options present ideas that do not align with the fundamental principles of effective control activities as defined by COSO. For example, avoiding segregation of duties compromises the effectiveness of internal controls by increasing the risk of errors and fraud, while random audits without a structured approach can fail to address significant risks systematically. Additionally, limiting internal audits to senior management might hinder the objectivity and thoroughness of the audit process, as this can create a lack of independent oversight essential for effective governance.