Principle 15 - Communicate Externally
15.01 Management should externally communicate the necessary quality
information to achieve the entity’s objectives.
The following attributes contribute to the design, implementation, and operating effectiveness of this principle:
- Communication with External Parties
- Appropriate Methods of Communication
Communication with External Parties
15.02 Management communicates with, and obtains quality information from, external parties using established reporting lines. Open two-way external reporting lines allow for this communication. External parties include suppliers, contractors, service organizations, regulators, external auditors, government entities, and the general public.
15.03 Management communicates quality information externally through reporting lines so that external parties can help the entity achieve its objectives and address related risks. Management includes in these communications information relating to the entity’s events and activities that impact the internal control system.
15.04 Management receives information through reporting lines from external parties. Information communicated to management includes significant matters relating to risks, changes, or issues that impact the entity’s internal control system. This communication is necessary for the effective operation of internal control. Management evaluates external information received against the characteristics of quality information and information processing objectives and takes any necessary actions so that the information is quality information.
15.05 The oversight body receives information through reporting lines from external parties. Information communicated to the oversight body includes significant matters relating to risks, changes, or issues that impact the entity’s internal control system. This communication is necessary for the effective oversight of internal control.
15.06 External parties use separate reporting lines when external reporting lines are compromised. Laws and regulations may require entities to establish separate lines of communication, such as whistleblower and ethics hotlines, for communicating confidential information. Management informs external parties of these separate reporting lines, how they operate, how they are to be used, and how the information will remain confidential.
Appropriate Methods of Communication
15.07 Management selects appropriate methods to communicate externally. Management considers a variety of factors in selecting an appropriate method of communication. Some factors to consider follow:
- Audience - The intended recipients of the communication
- Nature of information - The purpose and type of information being communicated
- Availability - Information readily available to the audience when needed
- Cost - The resources used to communicate the information
- Legal or regulatory requirements - Requirements in laws and regulations that may impact communication
15.08 Based on consideration of the factors, management selects appropriate methods of communication, such as a written document—in hard copy or electronic format—or a face-to-face meeting. Management periodically evaluates the entity’s methods of communication so that the organization has the appropriate tools to communicate quality information throughout and outside of the entity on a timely basis.
15.09 Government entities not only report to the head of the government, legislators, and regulators but to the general public as well. In the federal government, entities not only report to the President and Congress but also to the general public. Entities consider appropriate methods when communicating with such a broad audience.