This paper examines the associations among COSO components and how they affect the monitoring function of organisations. Five components of an effective internal control system are described using the framework designed by COSO (1992) and have been selected because they have been identified as underpinning quality corporate governance. Structural equation modelling (SEM) was used first to run confirmatory factor analysis to determine the measurement models for the five COSO components. The COSO report (1992) described the internal control framework as a multidirectional iterative and situational (contingent) process. The primary structural model was designed to reflect the one-way directional associations in the model described and shown in Exhibit 1 within the COSO report (1992). SEM analyses were conducted to test the hypotheses. Additional secondary SEM analyses were undertaken to investigate the reciprocal associations suggested in the COSO report (1992).
Findings from the primary SEM analysis provide partial support for associations among the COSO components and enhanced monitoring quality that leads to good corporate governance. The results show that control environment is associated with three dimensions of information and communication (information accuracy, information openness, communication and learning). Additionally, two dimensions of information and communication (communication and learning and information feedback flow) were found to be associated with risk assessment. An indirect association is supported by the results between control environment and risk assessment through the associations among three dimensions of information and communication (information accuracy, information openness and information feedback flow. Risk assessment is associated with control activities, which is subsequently associated with monitoring.
The results of the additional secondary SEM analyses supported the reciprocal associations among risk assessment, control activities, or monitoring and dimensions of information and communication, as are suggested in the COSO report (1992).
Companies that draw on COSO’s internal control framework should benefit from a better understanding of the direct, indirect, and reciprocal associations among the components of internal control systems. The benefits gained from this better understanding may assist companies to enhance their corporate governance practices that lead to the achievement of operational, financial reporting and compliance objectives.