The following points of focus highlight important characteristics relating to this principle:

The board of directors ultimately holds the chief executive officer accountable for understanding the risks faced by the entity and establishing the requisite system of internal control to support the achievement of the entity's objectives. The chief executive officer and senior management, in turn, are responsible for designing, implementing, conducting, and periodically assessing the structures, authorities, and responsibilities needed to establish accountability for internal control at all levels of the organization.

Accountability refers to the delegated ownership for the performance of internal control in the pursuit of objectives considering the risks faced by the entity. Outsourced service providers may be used to carry out responsibilities together with or on behalf of management, in which case management establishes the requisite levels of performance and oversight mechanisms and retains ultimate accountability for internal control. Management provides guidance to enable the understanding of risks faced by the entity, to communicate expectations of conduct of internal control responsibilities in support of the achievement of the entity's objectives, and to hold personnel accountable.

Accountability for internal control is demonstrated in each form of organizational structure used by the entity. For example, a manager whose responsibilities include upholding fair trade practices is accountable to the legal entity, operating unit, geography, or other existing structural entity to demonstrate an appropriate and effective control environment, risk assessment, control activities, information and communication, and monitoring to adhere to entity policy and support compliance with laws and regulations.

Accountability is interconnected with leadership, insofar as a strong tone at the top contributes to internal control responsibilities being understood, carried out, and continually strengthened across the entity. Tone helps to establish and enforce accountability, morale, and a common purpose through:

Accountability is driven by tone at the top and supported by the commitment to integrity and ethical values, competence, structure, processes, and technology, which collectively influence the control culture of the organization. Corrective action is taken as necessary to re-establish the necessary accountability for internal control.

Performance is greatly influenced by the extent to which individuals are held accountable and how they are rewarded.

Management and the board of directors establish performance measures, incentives, and other rewards appropriate for responsibilities at all levels of the entity, considering the achievement of both short-term and longer-term objectives. Recognizing that rewarding future results in the present can yield unintended consequences, the organization establishes a combination of quantitative and qualitative performance measures balanced to reward successes and discipline behaviors as necessary in line with the range of objectives. Consider for example a company seeking to win customer loyalty with quality products. It engages its workforce in an effort to reduce production defect rates and aligns its performance measures, incentives, and rewards with both the operating unit's production goals and the expectations to comply with product safety and quality standards, workplace safety laws, customer loyalty programs, and accurate product recall reporting.

Performance measures, incentives, and rewards support an effective system of internal control insofar as they are adapted to the entity's objectives and evolve dynamically with its needs. The following table illustrates key success measures and considerations for motivating, measuring and rewarding high performance.

Incentives provide the motivation for management and other personnel to perform. Salary increases and bonuses are commonly used, but greater responsibility, visibility, recognition, and other forms of non-monetary reward are other effective incentives. Management consistently applies and regularly reviews the organization's measurement and reward structures to ensure that it does not encourage inappropriate conduct (e.g., lack of balance between revenue goals and other objectives key to the viability of the business can create conduct that is not in line with expected standards). Similarly, compensation and reward structures, including hiring and promotion structures, incorporate the review of historical conduct against expectations of ethical behavior. Individuals who do not adhere to the entity's standards of conduct are sanctioned and not promoted or otherwise rewarded.

Regardless of the form they take, incentives drive behavior. An entity that limits its focus to only increasing the bottom line may be more likely to experience unwanted behavior such as manipulation of the financial statements or accounting records, high-pressure sales tactics, negotiations directed at increasing quarterly sales or profit at any cost, or implicit offers of kickbacks.

Management and the board regularly evaluate the performance of individuals and teams in relation to defined performance measures, which include business performance factors as well as adherence and support for standards of conduct and demonstrated competence.

Performance measures are reviewed periodically for ongoing relevance and adequacy in relation to incentives and rewards. If necessary, internal or external factors are realigned to objectives and other expectations of management, personnel, and outside providers.

Management and the board of directors establish goals and targets toward the achievement of objectives that by their nature create pressures within the organization. Pressures can also result from cyclical variations of certain activities, which organizations have the ability to influence by rebalancing workloads or increasing resource levels, as appropriate, to reduce the risk of employees "cutting corners" where doing so could be detrimental to the achievement of objectives.

These pressures which are further impacted by the internal or external environment can positively motivate individuals to meet expectations of conduct and performance, both in the short and long term. However, undue pressures can cause employees to fear the consequences of not achieving objectives and circumvent processes or engage in fraudulent activity or corruption.

Excessive pressures are most commonly associated with:

For example, pressure to generate sales levels that are not commensurate with market opportunities can lead sales managers to falsify numbers or engage in bribery or other illicit acts. Pressures to demonstrate the profitability of investments can cause traders to take off-strategy risks to cover incurred losses. Similarly, pressures to rush a product to market and generate revenues quickly may cause personnel to take shortcuts on product development or safety testing, which can be harmful to consumers or lead to poor acceptance or impaired reputation.

To align individual and business unit objectives to those of the entity, the organization considers how risks are taken and managed as a basis for compensation and other rewards. For example, as traders take risks on behalf of their clients and the organization, they are aware that their remuneration, advancement, and position can be boosted, reduced, or lost depending on their performance. Incentive structures that fail to adequately consider the risks associated with the business model can cause inappropriate behavior.

Other business changes, such as changes in strategy, organizational design, and acquisition/divestiture activity, also create pressures. Management and the board need to understand those pressures and balance them with appropriate messaging and incentives and rewards. Management and the board set and adjust as appropriate the pressures on incentives and rewards when assigning responsibilities, designing performance measures, and evaluating performance. It is management's responsibility to guide those to whom they have delegated authority to make appropriate decisions in the course of doing business. For example, organizations often view financial performance, development of competencies, and timely and accurate reporting to stakeholders as their most critical objectives for the viability of the business. They also expect management, other personnel, and outsourced service providers and business partners to preserve at all times the quality of products or services delivered, safety of personnel performing its functions, and other factors that could create a moral hazard or damage the entity's reputation.

Just as performance objectives are cascaded down from the board of directors to the chief executive officer, senior management, and other personnel, performance evaluation is conducted at each of these levels. The board of directors evaluates the performance of the chief executive officer, who in turn evaluates that of the senior management team, and so on. At each level, adherence to standards of conduct and expected levels of competence are evaluated, and rewards are allocated or disciplinary action is exercised as appropriate. Rewards may be in the form of money, equity, recognition, or career progression. The results of these evaluations are communicated and acted upon with rewards or sanctions as applicable to influence desired behavior.

Compensation policies and practices are based on the compensation philosophy of the organization, which considers the competitive positioning it seeks to achieve (methods and levels of incentive and compensation to attract the highest caliber talent needed to be superior to offers from industry peers). Compensation and other rewards are awarded on the basis of performance evaluation, competencies, and skill acquisition, as well as available market pricing information, with the goal of retaining high performers and encouraging attrition of lower-end performers. Human resources manages the process of obtaining, processing, and communicating the relevant information to appropriate levels of management and other personnel.

Performance is measured in relation to the achievement of objectives and the ability to manage within risk tolerance levels considering both the short and long term. As such, it considers both historical (retrospective) and forward-looking (prospective) risks.