AI Analysis Results

Control Environment & Tone at the Top — Entity-Level Controls (COSO ELC)

/ 100

Strong

Overall Sub-Process Rating

Strong — Control is designed well, operating consistently, and monitored.

1 control evaluated5 strengths identified2 gaps identified

Executive Summary

The Control Environment & Tone at the Top process demonstrates a strong control environment with well-designed, consistently operating, and actively monitored controls. Documentation is current, segregation of duties is enforced, and management review is evidenced. Minor opportunities for continuous improvement exist but do not represent material risk.

Strengths

A code of conduct is communicated and acknowledged... is consistently executed
Exception reporting is generated and reviewed timely
Management review is performed on a regular cadence
Key controls are documented in a centralized repository
Segregation of duties is enforced across critical functions

Gaps

Evidence of review lacks timestamp and reviewer identity
Exception handling procedures are informal and inconsistently applied

Recommendations

1Implement a workflow tool that captures reviewer identity and timestamp for all approvals
2Strengthen documentation requirements to include evidence retention standards
3Establish a quarterly monitoring schedule with documented results and sign-off

Framework Mapping

COSO 2013

Principle P1Principle P2

SOX 404

ICFR.ELC.CE.01

IIA Standards 2024

IV.8.1

Control-Level Breakdown (1)

ELC-CE-01StrongScore: 89/100

A code of conduct is communicated and acknowledged annually by all employees.

Key Finding

The control is well-designed and operating effectively. A code of conduct is communicated and acknowledged annually by all employees. Evidence of consistent execution and monitoring was observed.

Recommendation

Continue current practices. Consider automating remaining manual steps to sustain the control with less effort.

Framework Tags

COSO P1COSO P2ICFR.ELC.CE.01IIA IV.8.1