Establish a strong ethical foundation and organizational structure.

• Demonstrates commitment to integrity and ethical values - CE.1

  The organization demonstrates a commitment to integrity and ethical values.;

• Exercises oversight responsibility - CE.2

  The board of directors or equivalent governing body exercises oversight responsibility.;

• Establishes structure; reporting lines; and authorities and responsibilities - CE.3

  The organization establishes structures; reporting lines; and appropriate authorities and responsibilities in the pursuit of objectives.;

• Demonstrates commitment to competence - CE.4

  The organization demonstrates a commitment to attract; develop; and retain competent individuals in alignment with objectives.;

• Enforces accountability - CE.5

  The organization holds individuals accountable for their internal control responsibilities in the pursuit of objectives.;

Identify and analyze risks to achieving financial reporting objectives.

• Specifies suitable objectives - RA.1

  The organization specifies objectives with sufficient clarity to enable the identification and assessment of risks relating to objectives.;

• Identifies and analyzes risk - RA.2

  The organization identifies risks to the achievement of its objectives across the entity and analyzes risks as a basis for determining how the risks should be managed.;

• Assesses fraud risk - RA.3

  The organization considers the potential for fraud in assessing risks to the achievement of objectives.;

• Identifies and analyzes significant change - RA.4

  The organization identifies and assesses changes that could significantly impact the system of internal control.;

Implement control activities to mitigate risks.

• Selects and develops control activities - CA.1

  The organization selects and develops control activities that contribute to the mitigation of risks to the achievement of objectives to acceptable levels.;

• Selects and develops controls over technology - CA.2

  The organization selects and develops general and application controls over technology to support the achievement of objectives.;

• Deploys through policies and procedures - CA.3

  The organization deploys control activities through policies that establish what is expected and procedures that put policies into action.;

• Uses relevant information - CA.4

  The organization uses relevant information.;

Communicate relevant information internally and externally.

• Uses relevant information - IC.1

  The organization obtains or generates and uses relevant and quality information to support the functioning of internal control.;

• Communicates internally - IC.2

  The organization internally communicates information; including objectives and responsibilities for internal control; to support the functioning of internal control.;

• Communicates externally - IC.3

  The organization communicates with external parties regarding matters affecting the functioning of internal control.;

Conduct ongoing and separate evaluations of the internal control system.

• Selects; develops; and performs ongoing and/or separate evaluations - MA.1

  The organization selects; develops; and performs ongoing and/or separate evaluations to ascertain whether the components of internal control are present and functioning.;

• Evaluates and communicates deficiencies - MA.2

  The organization evaluates and communicates internal control deficiencies in a timely manner to parties responsible for taking corrective action; including senior management and the board of directors; as appropriate.;