The organization establishes expected standards of conduct and sets performance measures and incentives within the Control Environment to reduce the potential for fraudulent behavior and may impact the assessed level of fraud risk evaluated within Risk Assessment.

The development and deployment of policies and procedures as part of Control Activities contributes to the mitigation of risks identified and analyzed within Risk Assessment.

The processing of relevant, quality information within Information and Communication supports deployment of business process and transaction controls within Control Activities and performance of ongoing and separate evaluations of such controls within Monitoring Activities.

The communication of internal control deficiencies to those responsible for taking corrective actions as part of Monitoring Activities requires a full understanding of the entity's structures, reporting lines, authorities and responsibilities as set forth in the Control Environment and as communicated within Information and Communication.

Components are present and functioning

Internal control deficiencies aggregated across components do not result in the determination that one or more major deficiencies exist