COSO Principle 4: The entity demonstrates a commitment to attract, develop, and retain competent individuals in alignment with objectives
Policies and practices reflect expectations of competence necessary to support the achievement of objectives
The board of directors and management evaluate competence across the entity and in outsourced service providers in relation to established policies and practices and act as necessary to address shortcomings
The entity provides the mentoring and training needed to attract, develop, and retain sufficient and competent personnel and outsourced service providers to support the achievement of objectives
Senior management and the board of directors develop contingency plans for assignments of responsibility important for internal control
Additional point of focus specifically related to all engagements using the trust services criteria: Considers the Background of Individuals
The entity considers the background of potential and existing personnel, contractors, and vendor employees when determining whether to employ and retain the individuals
The entity considers the technical competency of potential and existing personnel, contractors, and vendor employees when determining whether to employ and retain the individuals
The entity provides training programs, including continuing education and training, to ensure skill sets and technical competency of existing personnel, contractors, and vendor employees are developed and maintained.
- HRS-01 - Human Resources Security Management
- HRS-02.1 - Users With Elevated Privileges
- HRS-03.1 - User Awareness
- HRS-04 - Personnel Screening
- HRS-04.1 - Roles With Special Protection Measures
- HRS-04.2 - Formal Indoctrination
- PRM-02 - Cybersecurity & Data Privacy Resource Management
- PRM-03 - Allocation of Resources
- SAT-01 - Cybersecurity & Data Privacy-Minded Workforce