Monitoring is a process that assesses the quality of an entity's internal control performance over time. Effective monitoring is accomplished through ongoing monitoring activities, separate evaluations, or a combination of the two.
Ongoing monitoring occurs over the course of operations, and includes regular management, supervisory activities and other actions personnel take in the performance of their duties. The scope and frequency of separate evaluations will depend primarily on an assessment of risks and the effectiveness of ongoing monitoring procedures. Internal control deficiencies should be reported throughout the organization with serious matters reported to top management and the board.
This questionnaire template provides a number of COSO elements and the related control objectives for entity-level controls. Within the questionnaire, you can document the control's COSO attribute, whether the control exists, whether it was designed properly, related test procedures, management's action plan for deficiencies, and more.
Example control objectives in this tool include:
Management monitors relevant external and internal information and considers the impact on the control structure.
Procedures are in place to monitor when controls are overridden and to determine if the override was appropriate.
Management takes appropriate action on exceptions to policies and procedures.