Skip Ribbon Commands
Skip to main content

​Practice Guide: Auditing the Control Environment
Recommended Guidance

Auditing the Control EnvironmentThe control environment is the foundation on which an effective system of internal control is built and operated in an organization that strives to (1) achieve its strategic objectives, (2) provide reliable financial reporting to internal and external stakeholders, (3) operate its business efficiently and effectively, (4) comply with all applicable laws and regulations, and (5) safeguard its assets. Part of the blame for the 2008 financial crisis and other prominent failures of the 21st century can be appropriately attributed to failures in the control environment.

The purpose of this Practice Guide is to provide guidance to the internal auditor on the significance of the control environment; how to determine which elements of the control environment should be addressed by engagements in the periodic audit plan; how to scope, staff, and plan such engagements; and which items to consider in performing related audit work, including evaluating and reporting deficiencies.

Downloads and Links

Auditing the Control Environment   French

Practice Guides are restricted to IIA members only.  Members Only

Non-members may purchase this Practice Guide from the IIA Bookstore.


An updated edition of the International Professional Practices Framework (IPPF) guide, more commonly known as the Red Book, is now available. Visit the IIA Bookstore for more information.