Explain the COSO framework.
A core Audit & Assurance interview question — asked in analyst and associate interviews across IB, PE, and the Big 4.
THE SHORT ANSWER
Five components of internal control: (1) Control environment (tone at the top), (2) Risk assessment (entity’s process), (3) Information system, (4) Control activities (policies and procedures), (5) Monitoring. The auditor uses COSO to structure their understanding of internal controls under ISA 315.
WHAT INTERVIEWERS LISTEN FOR
- ✓Five components of internal control
- ✓Control environment (tone at the top)
- ✓Risk assessment process
- ✓Control activities (policies and procedures)
- ✓Monitoring of controls
COMMON MISTAKES
- ✗Confusing COSO with COBIT or other frameworks
- ✗Omitting the control environment component
- ✗Treating COSO as a checklist rather than a framework
Reading isn't the same as answering under pressure.
Interviewers don't hand you the model answer — you deliver yours on a clock. Practice this and 1,000+ questions with AI feedback on every answer.
RELATED QUESTIONS
- Explain the concept of materiality.
- Walk me through the audit risk model.
- Describe how you would plan the audit of a new client.
- What is the difference between 'materiality' and 'performance materiality'?
- What is the difference between a control deficiency, a significant deficiency, and a material weakness?
- Explain how you determine overall materiality and performance materiality for a new audit client. What factors influence your judgment?