Certified Government Auditing Professional (CGAP) Practice Exam

Which COSO internal control components are directly impacted by the legislative requirement for agency managers to assess risks?

• A. Risk assessment and/or monitoring
• B. Control Environment
• C. Control Activities
• D. Information and communication

The correct answer is: Risk assessment and/or monitoring

The focus on risk assessment as a core component of internal control is fundamental to the COSO framework. When agency managers are mandated by legislation to assess risks, this directly influences the risk assessment component. This aspect of internal controls involves identifying, analyzing, and responding to risks that may affect the achievement of an entity's objectives. In this context, agency managers must evaluate both the internal and external risks their organization faces, ensuring that appropriate measures are in place to address these risks. The regulatory requirement emphasizes the importance of a structured approach to risk management, which aligns with the principles of the COSO framework, emphasizing proactive identification and mitigation of potential risks. While the monitoring aspect is related to ongoing assessments and reviews of the internal control systems, the legislative focus is primarily on the initial assessment itself. Thus, the most directly impacted components of the COSO framework by the legislative requirement for agency managers to assess risks are indeed the risk assessment and monitoring components, underscoring the critical role they play in the overall internal control environment. Other components, such as the control environment, control activities, and information and communication, while important for a comprehensive internal control structure, do not directly arise from the requirement to perform risk assessments. They support and complement the risk assessment process