Page 266 - COSO Guidance
P. 266

Information and communication principle 14:
            Communicates internally


            The organization internally communicates information, including objectives and responsibilities for
            internal control, necessary to support the functioning of internal control.

            The following points of focus contained in the framework emphasize important characteristics of this
            principle (examples have been included for illustrative purposes):

              Point of focus — Communicates internal control information
               A process is in place to communicate required information to enable all personnel to understand and
               carry out their internal control responsibilities.

               Personnel should be aware of entity policies and procedures and the entity’s objectives. An entity
               might have many of these policies contained in personnel manuals and objectives might be posted
               on placards. For example, for an entity that is a manufacturer of engine parts, a compliance objective
               might be to have a product defect rate of no more than .0001%. A placard with both the desired and
               actual percentages of daily product defect rate is prominently placed at the entrance to the factory
               for all employees to see.

               The entity should communicate the importance, relevance, and benefits of effective internal control.
               Management and other employees should be cognizant of their roles and responsibilities with regard
               to internal control. The entity should clearly state its expectations regarding the reporting of any
               significant items that affect internal control. For example, this includes the reporting of weaknesses
               in internal control or personnel failure to comply with internal control policies and procedures.

              Point of focus — Communicates with the board of directors

               There is communication between management and the board of directors so that both have
               information needed to fulfill their roles with respect to the entity’s objectives.

               The information relating to internal control that is communicated to the board (those charged with
               governance) often addresses noteworthy matters about the adherence to, changes in, or issues
               arising from the system of internal control.

               In this example, the entity is a small retail store. One employee observed another employee prepare a
               manual receipt for some of the cash sales. The transaction was not recorded. The policy that all
               transactions are to be recorded on the sales register or terminal was violated. This failure to comply
               with internal control procedures should be reported to the owner-manager for appropriate action.

              Point of focus — Provides separate communication lines
               Separate communication channels, such as whistleblower hotlines, are in place and serve as fail-safe
               mechanisms to enable anonymous or confidential communication when normal channels are
               inoperative or ineffective.
               The framework stresses that entities should consider implementing separate lines of communication
               for anonymous or confidential information to flow to the appropriate parties. A whistleblower hotline
               that allows for anonymity might be used by an employee to report inappropriate behavior by a
               supervisor because the employee might fear that if his or her identity was known, then he or she



            © 2020 Association of International Certified Professional Accountants. All rights reserved.    6-8
   261   262   263   264   265   266   267   268   269   270   271