The organization
specifies objectives
with sufficient clarity
to enable the
identification and
assessment of risks
relating to objectives.
The organization
identifies risks to the
achievement of its
objectives across the
entity and analyzes
risks as a basis for
determining how
the risks should be
managed.
The organization
considers the potential
for fraud in assessing
risks to the
achievement of
objectives.
The organization
identifies and assesses
changes that could
significantly affect
the system of
internal control.