COSO Component 3: Control Activities

August 25, 2025

Control Activities in COSO: The Second Pillar of Internal Control

Introduction

The model ARENA It is one of the most widely used frameworks for evaluating and strengthening internal control systems. Within its five components, the Control Activities They represent the set of policies, procedures and mechanisms that ensure that management decisions are executed appropriately and that identified risks are mitigated.

What are Control Activities?

These are the preventive, detective and corrective controls that are implemented in an organization's processes to:

Reduce the likelihood of errors or fraud.
Ensure compliance with standards and policies.
Protect company assets and information.

They can be applied in operational, financial, technological and compliance processes.

Practical Examples of Control Activities

1. Segregation of Duties

Example: In the payment process, the person who authorizes the transfers should not be the same person who executes them or records them in the accounting records.
Benefit: Avoid fraud or errors resulting from concentrating power in a single person.

2. Approval Controls

Example: Any expense over $50,000 must be authorized by a manager or partner.
Benefit: Ensures that resources are used in accordance with policies and budgets.

3. Periodic Reconciliations

Example: Monthly bank reconciliation between bank statements and internal accounting.
Benefit: Detect discrepancies, improper charges, or registration errors.

4. System Access Controls

Example: Each user in the accounting system (ERP) must have a profile appropriate for their role. The accounting assistant can record policies, but not delete them.
Benefit: Minimizes the risk of improper manipulation of information.

5. Automatic Controls in Technology

Example: The system does not allow invoicing without a valid RFC or without stamping the CFDI.
Benefit: Avoid errors and facilitate tax compliance.

6. Supervision and Reviews

Example: Managers review weekly expense reports to validate their justification.
Benefit: It allows deviations to be detected in real time and corrective measures to be taken.

7. Written Policies and Manuals

Example: Purchasing manual that establishes steps for requesting quotes, comparing prices, and authorizing suppliers.
Benefit: Create uniformity and transparency in processes.

Challenges in Implementation

Although Control Activities are effective, many companies face difficulties such as:

Excessive controls that bureaucratize processes.
Lack of updating manuals and policies.
Staff resistance to change.

The key is to achieve a balance between control and efficiency.

Conclusion

The component of Control Activities At COSO, it is vital to ensure that identified risks do not turn into losses or non-compliance. Implementing practical examples such as segregation of duties, reconciliations, and access controls allows the company to have more reliable, secure processes aligned with their strategic objectives.

Do you have any questions? Schedule a consultation.

Send WhatsApp

0 Comments

Submit a Comment Cancel reply

Investing in Mexico: Best Business Ideas and Key Opportunities for Foreign Entrepreneurs

by hgalicia@cfo-ready.com | Oct 14, 2025 | CFO, Finance

Discover profitable business ideas for foreigners investing in Mexico. Learn about startups, real estate, and manufacturing with expert CFO insights.

Cross-Border Billing and RFC Compliance: Why SaaS Companies Must Register in Mexico

by hgalicia@cfo-ready.com | Oct 13, 2025 | CFO, Compliance, Finance, Taxes

Foreign SaaS companies billing customers in Mexico must register with the SAT and obtain an RFC to comply with Mexican VAT regulations. Learn how to stay compliant and continue invoicing legally.

Criptomonedas y stablecoins: qué dice la NIF C-22 y cómo pueden integrarse en la gestión financiera de la empresa

Cryptocurrencies and stablecoins: what NIF C-22 says and how they can be integrated into a company's financial management.

by hgalicia@cfo-ready.com | Oct 13, 2025 | Finance, NIF

Cryptocurrencies are no longer a niche topic, and today companies must evaluate whether to hold them for treasury, payments, or hedging.