Information and communication combine to form the fourth level of the COSO framework, and they are topics for this article in the ongoing series.
Information is necessary for the University to carry out internal control responsibilities that support the achievement of its objectives. Management obtains or generates and uses relevant and quality information from both internal and external sources to support the functioning of other components of internal control.
Communication is the continual, iterative process of obtaining, providing and sharing information necessary to meet the operational, reporting and compliance responsibilities of the University.
Internal communication is the means by which information is disseminated throughout the organization, flowing up, down and across the University. An essential part of internal communications is the clear message from senior management that control responsibilities must be taken seriously. In the formal and informal communications channels that exist internally, it is vital that the messages remain consistent as they travel across campus.
External communication is twofold: it enables inbound communication of relevant external information, and it provides information to external parties in response to requirements and expectations. Incoming information (i.e. new laws, regulations, deadlines) must be routed to the right place in time for it to be useful in execution or adjustment of planned activities. Outgoing information should be reviewed for accuracy and completeness before being dispatched (i.e. regulatory reporting).
Management of information at the department level includes sharing and validating requests for information when received, then sharing and validating responses before their release. Asking the question “Who else needs to know?” when making operational decisions is a prudent habit, too. Communicating with all the stakeholders of a planned activity will improve the chances of operational success.
The final article of the Inside UNC Charlotte series will expand on the remaining layer of the internal controls framework. Employees who have questions about the articles or who want to talk about how the framework applies to their department should call the Internal Audit Department at 704-687-5693 or email Internal_Audit@uncc.edu.
Control environment was outlined in the initial article.
Risk assessment was the second COSO standard of control featured.