would be dismissed. This anonymous and confidential whistleblower hotline could be maintained
               either internally or externally.
              Point of focus — Selects relevant method of communication

               The method of communication considers the timing, audience, and nature of the information.

               Communication methods could include emails, webcasts, performance appraisals, and text
               messages.

               In a smaller entity, the method of communication might be more informal than in a larger entity and
               may not be documented. However, there might be a need to document policies and procedures, such
               as an infrequently performed and intricate procedure, like annual procedures to close out the books.




            Information and communication principle 15:
            Communicates externally


            The organization communicates with external parties regarding matters affecting the functioning of
            internal control.

            The following points of focus contained in the framework emphasize important characteristics of this
            principle:

              Point of focus — Communicates to external parties
               Processes are in place to communicate relevant and timely information to external parties including
               shareholders, partners, owners, regulators, customers, and financial analysts and other external
               parties.
               For example, assume a boutique that sells specialty coffees online sends its customer a notification
               when an order is shipped, along with the shipment’s tracking number. The customer can then access
               the shipper’s website, input the tracking number, monitor the progress of the goods in transit, and be
               informed of the expected delivery date.

              Point of focus — Enables inbound communications

               Open communication channels allow input from customers, consumers, suppliers, external auditors,
               regulators, financial analysts, and others, providing management and the board of directors with
               relevant information.

               For example, an entity that has five convenience stores allows the local fuel distributor to access its
               system daily regarding fuel sales so that the fuel distributor will know when to deliver additional fuel
               supplies.

              Point of focus — Communicates with the board of directors

               Relevant information resulting from assessments conducted by external parties is communicated to
               the board of directors.

               For example, a local community bank engages a third party annually to conduct a vulnerability
               assessment regarding its IT system that includes testing the system’s physical and logical access


            © 2020 Association of International Certified Professional Accountants. All rights reserved.    6-9