Coso Analysis
COSO believes this framework will enable organizations to effectively and efficiently develop and maintain systems of internal control that can enhance the likelihood of achieving the entity’s objectives and adapt to changes in the business and operat- ing environments. COSO is pleased to present this Internal Control—Integrated
Framework (Framework).
Information and Communication
Principle 13.
Uses Relevant Information
The organization obtains or generates and usesrelevant, quality information to support thefunctioning of other components of internal control.
Information Requirements Internal Control Component | Example of Information Used | Control Environment | Management performs an annual entity-wide survey of its employ-ees to gather information about their personal conduct in relationto the entity’s code of conduct. The survey is part of a processthat produces information to support the control environmentcomponent and may also provide input into the selection, develop-ment, implementation, or maintenance of control activities. | Risk Assessment | As a result of changes in customer demands, an entity changesits product mix and delivery mechanisms. Expanded on-line saleshave caused credit card transactions to increase significantly.To assess the risk of non-compliance with security and privacyregulations associated with credit card information, managementgathers information about the number of transactions, overallvalue, and nature of data retained for the last fiscal year and evalu-ates its significance in conducting its risk analysis. | Control Activities | Certain equipment used in a high-volume production environmentdeteriorates if it operates longer than a specified time period. Tomaximize equipment lifespan, management obtains and reviewsthe daily up-time logs and compares them to ranges set by seniormanagement. The up-time information supports control activi-ties that address mitigation procedures required when maximumup-time levels
Framework (Framework).
Information and Communication
Principle 13.
Uses Relevant Information
The organization obtains or generates and usesrelevant, quality information to support thefunctioning of other components of internal control.
Information Requirements Internal Control Component | Example of Information Used | Control Environment | Management performs an annual entity-wide survey of its employ-ees to gather information about their personal conduct in relationto the entity’s code of conduct. The survey is part of a processthat produces information to support the control environmentcomponent and may also provide input into the selection, develop-ment, implementation, or maintenance of control activities. | Risk Assessment | As a result of changes in customer demands, an entity changesits product mix and delivery mechanisms. Expanded on-line saleshave caused credit card transactions to increase significantly.To assess the risk of non-compliance with security and privacyregulations associated with credit card information, managementgathers information about the number of transactions, overallvalue, and nature of data retained for the last fiscal year and evalu-ates its significance in conducting its risk analysis. | Control Activities | Certain equipment used in a high-volume production environmentdeteriorates if it operates longer than a specified time period. Tomaximize equipment lifespan, management obtains and reviewsthe daily up-time logs and compares them to ranges set by seniormanagement. The up-time information supports control activi-ties that address mitigation procedures required when maximumup-time levels