Question 7
Domain 3 — Risk Response and ReportingWhat is control monitoring?
Correct answer: B
Explanation
Control monitoring means continuously checking whether controls are working as intended over time. It focuses on "ongoing activities to evaluate control effectiveness over time," which matches the definition of monitoring in control frameworks.
Why each option is right or wrong
A. Installing new controls
B. Ongoing activities to evaluate control effectiveness over time
Under the COSO Internal Control–Integrated Framework, monitoring activities are the component used to assess whether each of the five components of internal control is present and functioning, and whether the components operate together effectively. The standard distinguishes this from a one-time review: monitoring is performed through ongoing evaluations and separate evaluations over time, so the correct choice is the one describing continuous assessment of control performance rather than design or implementation.
C. Removing ineffective controls
D. Outsourcing control functions