The purpose of this audit work program is to assess, at a high level, and validate key controls in place for the information and communication component of the COSO Framework. Inadequate or ineffective controls in this area may give rise to financial and operational risks.

Risks addressed in this audit work program include: relevant external information with consideration of the impact on the entity is not monitored; entity-wide operating results are not reviewed and compared against budgets at regular intervals; the adequacy of the information technology structure is not considered by senior management; and managers and other personnel do not have the required information in sufficient detail to carry out their responsibilities.