COSO believes this framework will enable organizations to effectively and efficiently develop and maintain systems of internal control that can enhance the likelihood of achieving the entity’s objectives and adapt to changes in the business and operat- ing environments. COSO is pleased to present this Internal Control—Integrated Framework (Framework).
Information and Communication
Uses Relevant Information
The organization obtains or generates and usesrelevant, quality information to support thefunctioning of other components of internal control. Information Requirements
Internal Control Component
| Example of Information Used
| Control Environment
| Management performs an annual entity-wide survey of its employ-ees to gather information about their personal conduct in relationto the entity’s code of conduct. The survey is part of a processthat produces information to support the control environmentcomponent and may also provide input into the selection, develop-ment, implementation, or maintenance of control activities.
| Risk Assessment
| As a result of changes in customer demands, an entity changesits product mix and delivery mechanisms. Expanded on-line saleshave caused credit card transactions to increase significantly.To assess the risk of non-compliance with security and privacyregulations associated with credit card information, managementgathers information about the number of transactions, overallvalue, and nature of data retained for the last fiscal year and evalu-ates its significance in conducting its risk analysis.
| Control Activities
Please join StudyMode to read the full document