Answers / Audit & Assurance

Explain the COSO framework.

A core Audit & Assurance interview question — asked in analyst and associate interviews across IB, PE, and the Big 4.

THE SHORT ANSWER

Five components of internal control: (1) Control environment (tone at the top), (2) Risk assessment (entity’s process), (3) Information system, (4) Control activities (policies and procedures), (5) Monitoring. The auditor uses COSO to structure their understanding of internal controls under ISA 315.

WHAT INTERVIEWERS LISTEN FOR

  • Five components of internal control
  • Control environment (tone at the top)
  • Risk assessment process
  • Control activities (policies and procedures)
  • Monitoring of controls

COMMON MISTAKES

  • Confusing COSO with COBIT or other frameworks
  • Omitting the control environment component
  • Treating COSO as a checklist rather than a framework

Reading isn't the same as answering under pressure.

Interviewers don't hand you the model answer — you deliver yours on a clock. Practice this and 1,000+ questions with AI feedback on every answer.

TRY QUICKFIRE →Or train full Audit & Assurance case simulations →

RELATED QUESTIONS