The Board of Directors—The board should discuss with senior management the state of the entity's system of internal control and provide oversight as needed. Senior management is accountable for internal control and to the board of directors, and the board needs to establish its policies and expectations of how members should provide oversight of the entity's internal control. The board should be apprised of the risks to the achievement of the entity's objectives, the assessments of internal control deficiencies, the management actions deployed to mitigate such risks and deficiencies, and how management assesses the effectiveness of the entity's system of internal control. The board should challenge management and ask the tough questions, as necessary, and seek input and support from internal auditors, external auditors, and others. Sub-committees of the board often can assist the board by addressing some of these oversight activities.

Senior Management—Senior management should assess the entity's system of internal control in relation to the Framework, focusing on how the organization applies the seventeen principles in support of the components of internal control. Where management has applied the 1992 edition of the framework, it should first review the updates made to this version (as noted in Appendix F of the Framework), and consider implications of those updates to the entity's system of internal control. Management may consider using the Illustrative Tools as part of this initial comparison and as an ongoing evaluation of the overall effectiveness of the entity's system of internal control.

Other Management and Personnel—Managers and other personnel should review the changes made to this version and assess implications of those changes on the entity's system of internal control. In addition, they should consider how they are conducting their responsibilities in light of the Framework and discuss with more senior personnel ideas for strengthening internal control. More specifically, they should consider how existing controls affect the relevant principles within the five components of internal control.

Internal Auditors—Internal auditors should review their internal audit plans and how they applied the 1992 edition of the framework. Internal auditors also should review in detail the changes made to this version and consider possible implications of those changes on audit plans, evaluations, and any reporting on the entity's system of internal control.

Independent Auditors—In some jurisdictions, an independent auditor is engaged to audit or examine the effectiveness of the client's internal control over financial reporting in addition to auditing the entity's financial statements. Auditors can assess the entity's system of internal control in relation to the Framework, focusing on how the organization has selected, developed, and deployed controls that affect the principles within the components of internal control. Auditors, similar to management, may use the Illustrative Tools as part of this evaluation of the overall effectiveness of the entity's system of internal control.

Other Professional Organizations—Other professional organizations providing guidance on operations, reporting, and compliance may consider their standards and guidance in comparison to the Framework To the extent diversity in concepts and terminology is eliminated, all parties benefit.

Educators—With the presumption that the Framework attains broad acceptance, its concepts and terms should find their way into university curricula.