Control Activity is named the third component within COSO 2013. Control Activities are actions defined through policies and procedures that help ensure management directives to mitigate risks to the achievement of objectives are carried out. Control activities are performed at all levels of the organization and at various stages of business processes and technology. COSO 2013 maintained the same five components previously identified within the 1992 framework. These include: • Control Environment • Risk Assessment • Control Activities • Information & Communication • Monitoring This session is designed to focus on the Control Activity component and the three separate principles that support this component. • The organization selects and develops control activities that contribute to the mitigation of risks to the achievement of objectives to acceptable levels. • The organization selects and develops general control activities over technology to support the achievement of objectives. • The organization deploys control activities through policies that establish what is expected and procedures that put policies into place. The session will dissect the three principles and important concepts that companies need to understand and support in order to provide that the principles are in place and functioning. We will also discuss concepts related to mapping the principles to controls within the organization. Management and the external auditors must understand each of these principles and be able to adequately support that they exist, are appropriately designed and functioning. In addition, the components must effectively work in combination to provide for a positive attestation to internal controls. Field of Study: Auditing