Principle 4 The organization demonstrates a commitment to attract develop and

Principle 4: The organization demonstrates a commitment to attract, develop, and retain competent individuals in alignment with objectives. Principle 5: The organization holds individuals accountable for their internal control responsibilities in the pursuit of objectives. The Entity’s Risk Assessment Process 24 | P a g e

The risk assessment process should consider external and internal events and circumstances that may arise and adversely affect the entity’s ability to initiate, record, process, and report financial data consistent with management’s financial statement assertions. Business risk can arise or change due to the following circumstances:  Changes in the operating environment  Corporate restructuring  New personnel  International growth  New technology  Rapid growth  New accounting pronouncements  New or revamped information systems  New business models, products, or activities Principle 6: The organization specifies objectives with sufficient clarity to enable the identification and assessment of risks relating to objectives. Principle 7: The organization identifies risks to the achievement of its objectives across the entity and analyzes risks as a basis for determining how the risks should be managed. Principle 8: The organization considers the potential for fraud in assessing risks to the achievement of objectives. Principle 9: The organization identifies and assesses changes that could significantly impact the system of internal control. Control Activities: Principle 10: The organization selects and develops control activities that contribute to the mitigation of risks to the achievement of objectives to acceptable levels. - Performance Reviews - Physical Controls - Segregation of Duties - Information Processing Controls Principle 11: The organization selects and develops general control activities over technology to support the achievement of objectives. Principle 12: The organization deploys control activities through policies that establish what is expected and procedures that put policies into action . Information and Communication Principle 13: The organization obtains or generates and uses relevant, quality information to support the functioning of internal control. - Identify and record all valid transactions - Classify transactions properly - Measure the value of transactions properly - Record transactions in the proper period - Properly present transactions and disclosures Principle 14: The organization internally communicates information, including objectives and responsibilities for internal control, necessary to support the functioning of internal control. Principle 15: The organization communicates with external parties regarding matters affecting the functioning of internal control.