Which of the following is NOT one of the five components of internal control according to COSO?

The correct answer reflects that "Asset management" is not recognized as one of the five components of internal control according to the Committee of Sponsoring Organizations of the Treadway Commission (COSO) framework. The established five components are:

1. Control Environment: This encompasses the governance and management structures that establish the foundation for an effective internal control system, including the integrity, ethical values, and competence of the entity’s people.

2. Risk Assessment: This involves identifying and analyzing relevant risks that could impact the achievement of objectives, thereby ensuring that appropriate strategies to address those risks are implemented.

3. Control Activities: These represent the actual policies and procedures that help ensure management directives are carried out effectively. Control activities might include approvals, authorizations, verifications, reconciliations, and business continuity plans.

4. Information and Communication: This component focuses on the necessary communication regarding internal controls and relevant information that is shared internally within the organization and externally to stakeholders as needed.

5. Monitoring Activities: This component involves ongoing or separate evaluations to assess the performance of internal controls over time, ensuring they are operating as intended and are modified as needed.

The absence of “Asset management” in this framework highlights that while managing assets is certainly important for an organization, it