Which of the following is NOT a component of the internal control framework?

The internal control framework is designed to provide a structured approach to ensuring the reliability of financial reporting, compliance with laws and regulations, and the efficiency and effectiveness of operations. Key components of this framework include risk assessment, control environment, and monitoring.

The control environment establishes the overall attitude and awareness of the organization regarding internal controls, indicating the importance that management places on controls and ethical behavior. Risk assessment involves identifying and managing risks that could impede the achievement of the organization's objectives. Monitoring is the process of assessing the effectiveness of internal controls over time, ensuring that they are functioning as intended and making adjustments as necessary.

External auditing, however, is not a component of the internal control framework. Instead, it is an independent examination of the financial statements conducted by external auditors to provide assurance to stakeholders about the accuracy of those statements. While external auditors evaluate the effectiveness of internal controls as part of their audit procedures, they are not considered a component of the internal control framework itself. Their role is to assess how well the internal controls perform but does not form part of the framework's structure.