COSO Internal Control Components: Information and Communication
INFORMATION IS NECESSARY FOR AN enterprise to carry out its internal control responsibilities to support the achievement of its objectives. Management obtains or generates and then uses relevant and quality information from both internal and external sources to support the functioning of all components of its internal controls. Communication, as defined here by COSO, is the continual, iterative process of providing, sharing, and obtaining necessary information. Internal communication is the means by which information is disseminated throughout an enterprise, flowing up, down, and across the entity. It enables personnel to receive clear messages from senior management that control responsibilities must be taken seriously. External communication also enables inbound communications of relevant external information and provides this information to external parties in response to requirements and expectations.
Although its principles have not changed very much since the original COSO internal control framework, the revised COSO information and communications guidelines are structured differently and look a bit different in this revised COSO internal control framework. In addition, information and communication concepts have changed in today’s world of using such practices as outsourced service providers in our Internet-driven global economy. In this chapter, we will explore COSO’s visually very different-looking ...