Hard and Soft Control: 5 Internal Control Components Definitions

If we are render a professional opinion on internal control, COSO seems to imply, we must evaluate not just the "hard" tangible control activities, but all the "soft" intangible things management uses to control the organization. 

COSO tells us this includes things like:

1. People's integrity and ethical values
2. Management's philosophy and operating style
3. The organization's commitment to competence
4. The understanding and management of risk
5. Communication 

The 5 component definitions and that we must evaluate, are:

1. Control Environment --- The core of any activities/business is its people; their individual attributes, including integrity, ethical values and competence, and the environment in which they operate. They are the engine theat drives the entity and the foundation on which everythings rest.
2. Risk Assessment --- The entity must be aware of and deal with the risks it faces. It must set objectives, integrated with the sales/services, production, marketing, financial and other activities so that the organization is operating in concert. It also must establish mechanisms to identify, analyze, and manage the related risks.
3. Control Activities ---Control policies and procedures must be established and executed to help ensure that the actions identified by management a necessary to address risk to achievement of the entity's objectives are effectively carried out.
4. Information and Comunication --- Surrounding  the activities are information and communication systems. These enable the entity's people to capture and exchange the information needed to conduct, manage, and control its operations.
5. Monitoring --- The entire process must be monitored, and modifications made as necessary. In this way,the systems can react dynamically, changing as conditions warrant.