The Framework groups entity objectives into the three categories of operations, reporting, and compliance.

Reporting Objectives

Reporting objectives pertain to the preparation of reports for use by organizations and stakeholders. Reporting objectives may relate to financial or non-financial reporting and to internal or external reporting. Internal reporting objectives are driven by internal requirements in response to a variety of potential needs such as the entity's strategic directions, operating plans, and performance metrics at various levels. External reporting objectives are driven primarily by regulations and/or standards established by regulators and standard-setting bodies.

• External Financial Reporting Objectives—Entities need to achieve external financial reporting objectives to meet obligations to and expectations of stakeholders. Financial statements are necessary for accessing capital markets and may be critical to being awarded contracts or in dealing with suppliers and vendors. Investors, analysts, and creditors often rely on an entity's external financial statements to assess its performance against peers and alternative investments. Management may also be required to publish financial statements using objectives set forth by rules, regulations, and external standards.

• External Non-Financial Reporting Objectives—Management may report external non-financial information in accordance with laws, rules, regulations, standards, or other frameworks. Non-financial reporting requirements as set forth by regulations and standards for management reporting on the effectiveness of internal control over financial reporting are part of external non-financial reporting objectives. For purposes of the Framework, external reporting in the absence of a law, rule, regulation, standard, or framework represents external communication.

• Internal Financial and Non-Financial Reporting Objectives—Internal reporting to management and the board of directors includes information deemed necessary to manage the organization. It supports decision making and assessment of the entity's activities and performance. Internal reporting objectives are based on preferences and judgments of management and the board. Internal reporting objectives vary among entities because different organizations have different strategic directions, operating plans, and expectations.

Relationship within Reporting Category of Objectives

 

The overall relationship between the four sub-categories of reporting objectives is shown in the graphic below.

Reporting objectives are different from the Information and Communication component of internal control. Management establishes, with board oversight, reporting objectives when the organization needs reasonable assurance of achieving a particular reporting objective. In these situations all five components of internal control are needed. For instance, in preparing internal non-financial reporting to the board on the status of merger integration efforts, the organization specifies internal reporting objectives (e.g., prepares reliable, relevant, and useful reports), assigns competent individuals, assesses risks relating to specified objectives, selects and develops controls within the five components necessary to mitigate such risks, and monitors components of internal control supporting the specified non-financial reporting objective.

In contrast, the Information and Communication component supports the functioning of all components of reporting objectives, as well as operations and compliance objectives. For instance, controls within Information and Communication support the preparation of the above report, helping to provide relevant and quality information underlying the report, but these controls are only part of the overall system of internal control.

An objective in one category may overlap or support an objective in another. For example, "closing financial reporting period within five workdays" may be a goal supporting primarily an operations objective—to support management in reviewing business performance. But it also supports timely reporting and filings with regulatory agencies.

The category in which an objective falls may vary depending on the circumstances. For instance, controls to prevent theft of assets—such as maintaining a fence around inventory, or having a gatekeeper to verify proper authorization of requests for movement of goods—fall under the operations category. These controls may not be relevant to reporting where inventory losses are detected after a periodic physical inspection and recorded in the financial statements. However, if for reporting purposes management relies solely on perpetual inventory records, as may be the case for interim or internal financial reporting, the physical security controls would then also fall within the reporting category. These physical security controls, along with controls over the perpetual inventory records, are needed to achieve reporting objectives. A clear understanding is needed of the entity's business processes, policies and procedures, and the respective impact on each category of objectives.

Some objectives are derived from the regulatory or industry environments in which the entity operates. For example:

These objectives are established largely by law or regulation, and fall into the category of compliance, external reporting, or, in these examples, both.

Conversely, operations and internal reporting objectives are based more on the organization's preferences, judgments, and choices. These objectives vary widely among entities simply because informed and competent people may select different objectives. For example, one organization might choose to be an early adopter of emerging technologies in developing new products, whereas another might be a quick follower, and yet another a late adopter. These choices would reflect the entity's strategies and the competencies, technologies, and controls within its research and development function. Consequently, no one formulation of objectives can be optimal for all entities.

Management links specified entity-level objectives to more specific sub-objectives that cascade throughout the organization. Sub-objectives also are established as part of or flowing from the strategy-setting process, and relate to the entity and its subunits and functional activities such as sales, production, engineering, marketing, productivity, employee engagement, innovation, and information technology. Management aligns these sub-objectives with entity-level objectives and coordinates these across the entity.

Where entity-level objectives are consistent with prior practice and performance, the linkage between activities is usually known. Where objectives depart from an entity's past practices, management addresses the linkages or accepts increased risks. For example, an entity-level objective relating to customer satisfaction depends on linked sub-objectives dealing with the introduction of services that use a newer and less proven technology infrastructure. These sub-objectives might need to be substantially changed if past practice used older, proven technologies.

Sub-objectives for operating units and functional activities also need to be specific, measurable or observable, attainable, relevant, and time-bound. In addition, they must be readily understood by the people who are working toward achieving them. Management and other personnel require a mutual understanding of both what is to be accomplished and the means of determining to what extent it is accomplished in order to ensure individual and team accountability.

Entities may specify multiple sub-objectives for each activity, flowing both from the entity-level objectives and from established standards relating to compliance and reporting objectives, as deemed suitable in the circumstances. For example, procurement operations objectives may be to:

As another example, when specifying suitable external reporting objectives relating to the preparation of external financial statements, management considers accounting standards, financial statement assertions, and qualitative characteristics that are applicable to the entity and its subunits. For example, management may set an entity-level external financial reporting objective as follows: "Our company prepares reliable financial statements reflecting transactions and events in accordance with generally accepted accounting principles."

Management also specifies suitable sub-objectives for divisions, subsidiaries, operating units, and functions with sufficient clarity to support entity-level objectives. For instance, management specifies sub-objectives for sales transactions that apply appropriate accounting standards based on the circumstances and that address relevant financial statement assertions and qualitative characteristics, such as: