Senior management communicates information about the company's financial reporting objectives, financial control requirements, and internal control policies and procedures, and how they support individual responsibilities through a variety of communication channels. The method of communication varies depending on the audience; the nature of the information; time sensitivity, cost, legal, or regulatory requirements; and ability to use technology solutions. Such mechanisms may include:

AtHome Corp. is a global home-building company. Both the CEO, Janis Wilcox, and the CFO, Terry Tomlinson, use regular broadcast emails and personal visits to various company sites to communicate with finance, accounting, and other personnel who impact internal control over external financial reporting.

Mr. Tomlinson uses these mechanisms to reinforce company expectations for adherence to internal control over external financial reporting, laws, and regulations; the importance of the company's internal audit function; and actions taken in response to internal audit findings and internal control recommendations from its external auditors.

In turn, Ms. Wilcox finds the broadcast emails an effective means of sharing information about the company's business objectives and goals, including a periodic update on progress toward those goals. She also visits the various corporate sites and meets with employees and managers to ascertain how well they understand key business and financial objectives relevant to their sites and to reinforce the messages about internal control from Mr. Tomlinson. Presentation material and supporting information and intranet links are provided to the participants to support these communications.

NetComm, Inc., a broadband infrastructure company, holds a semi-annual meeting led by the CFO and controller. The personnel from the finance department attend these meetings to obtain updated information on significant new or changed matters that impact finance activities and financial results. Meeting topics routinely include:

Documentation on internal controls related to financially significant business processes and systems is stored in a shared repository that is accessible to management and personnel who are responsible for external financial reporting. This repository contains:

The internal audit department reviews the information in the repository as part of its ongoing and separate evaluations. Updates to specific internal controls are communicated to both the control performer and reviewer through email alerts with links to the repository.

A manufacturer of chemical and pharmaceutical products, Travis Pharma, has implemented a governance, risk, and compliance technology solution. This provides the CFO, Frances VanWyck, with a reporting tool to support her oversight of the system of internal control over external financial reporting. Information communicated through the tool includes:

The reporting tool also provides a personalized dashboard; workflow process (for performance or review, as appropriate); reporting capabilities for more detailed status, issues, and trends; and other information to understand and manage the individual's internal control responsibilities.

The Board of Directors establishes a board charter that defines the guidelines for information to be shared with the board of directors, responsibilities for communication, and the method of communication. The charter specifies key guidelines, which may include:

Fred Cummins, the general counsel of a printing company, EasySigns, Inc., under the direction of the chair of the board, is responsible for coordinating all meetings of the board of directors and board committees. He has implemented a straightforward system to ensure timely and effective communication.

Mr. Cummins reviews the annual calendar of audit committee meetings and the general agenda for each meeting. He develops specific topics for discussion for each meeting relevant to the company's external financial reporting requirements and confirms the agenda details with the CFO, CAE, and audit committee chair. Based on the detailed agenda, Mr. Cummins gathers relevant information to be included in the audit committee meeting materials that are sent to members one week prior to the meeting. From time to time, he requests that members of management attend meetings to present information in person and allow for active communication. For example, the CIO presents on the company's security and privacy programs and new events that may impact risks.

Mr. Cummins also meets with the chair of the audit committee on a periodic basis to communicate issues or risks related to significant, time-sensitive transactions, or to update the audit committee chair on significant issues, such as investigations of potential fraud.

At designated board meetings the CFO and supporting personnel present financial information, provide an analysis of the results compared with expectations, give updates on forecasts and major changes to original budgets, and communicate other matters of significance to financial reporting.

On a regular basis, the CEO, CFO, and the chief audit executive (CAE) present the draft external financial statements. Material events, changes in significant estimates, or assumptions and significant new disclosure matters since the prior quarter are also presented and discussed. The external auditors attend these meetings to present their point of view on the financial statements.

At each quarterly meeting, the CFO and the CAE present a summary of key changes in internal control, results of evaluations, and actions in response to any deviations identified. Matters of significance are reported in writing. The audit committee holds separate private sessions with management and the external auditors. These sessions provide the audit committee and either management or the auditors with an opportunity to share sensitive information and ask probing questions that facilitate each party's responsibilities related to internal control.

The senior financial management at a privately held mining company, Precious Metals Corp., has developed a financial and internal control reporting package for the board meeting. The package has been developed from both quantitative and qualitative financial reporting and internal control information. It highlights financial and internal control trends and internal control matters requiring the board's attention, such as significant, non-recurring adjustments and internal control deficiencies by each financial statement line item for each of the last four quarters. Other information in the package includes:

The management team sends the package to the board in advance of the meeting to allow board members to review and follow up with management in preparation of the meeting, if necessary.

Management and the board establish a whistle-blower program for employees to use a hotline to communicate concerns, instances of perceived misconduct, matters relating to external financial reporting, or other significant matters that may impact internal control. To enhance employee awareness of the program, a number of communication channels are used. These include postings in high-traffic areas in offices and periodic messages from the director of human resources.

The program allows employees who report matters through the hotline to remain anonymous, and all communication is completely confidential. Reported matters are evaluated by an objective party and communicated to the board of directors or, where appropriate, a specified delegate (such as the audit committee or internal audit).

General Goods Packaging has established a toll-free hotline for employees to report misconduct. The hotline is described in the employee handbook and on the company intranet. Information is also posted at various high-traffic locations in the company's facilities, such as the cafeteria, coffee room, restrooms, and main entrance.

The hotline is administered by a third party. All matters received on the line are categorized, summarized, and reported to a separate compliance department that reports to internal audit. The director of compliance then reviews and prioritizes all reports.

Those matters of significance or heightened sensitivity are reported immediately to the chair of the audit committee. Others are investigated based on their priority. The members of the executive management team review the results of all investigations and recommend what actions should be taken.

Information about each reported matter, including evidence gathered, actions taken, and conclusions reached, is documented in a separate, confidential section of the hotline system.

Management provides an alternative to reporting to a line manager so that employees are confident that they will be heard. Alternative reporting and communications channels may include:

Odette Group, a designer and distributor of sports apparel, has established a successful mentoring program for its employees. Every employee is assigned an individual "coach," who is selected from management of a different department. The employee and coach meet quarterly, or as needed, to discuss topics such as the employee's long-term goals, areas of interest for growth and development, and results of periodic performance reviews. At these meetings, coaches encourage employees to provide feedback on any issues or concerns for which they did not see a clear communication channel.

As an added measure, all staff involved in the financial reporting process is assigned a mentor with financial reporting and internal control experience. This provides an alternative to the employee's line supervisor for discussing and reporting concerns on matters such as compensation, operations, or internal controls.

Management from all departments develop cross-functional and departmental communication processes and forums that enable personnel to communicate internal control matters across the entity. Representatives from each department have defined roles and responsibilities for communicating internal control matters using these processes and forums. The group meets periodically to discuss issues, trends, and upcoming events that impact internal controls. Control matters and issues noted by a shared service center, business unit, or department are communicated to the other departments and business units. Management and personnel in the departments and business units evaluate and respond to the impact of these matters and issues.

Sea to Sky Telecommunications has established an internal control council comprising functional and IT business process owners from each business unit, corporate accounting, shared service center, and internal audit. The council meets monthly to define information that should be shared among business units and that may impact company processes. Topics raised at these meetings include:

The representatives on the council review all matters raised to consider how they impact the various departments of Sea to Sky. Council members take turns recording the meeting proceedings, which are reviewed by all council members and then shared with the CFO.